CVE-2007-4429 - Vulnerability Details - OpenCVE

Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Skype Technologies	Skype

Configuration 1 [-]

cpe:2.3:a:skype_technologies:skype:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates
http://en.securitylab.ru/poc/301420.php
http://en.securitylab.ru/poc/extra/301419.php
http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html
http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html
http://securityreason.com/securityalert/3032
http://www.securityfocus.com/archive/1/476942/100/0/threaded
http://www.securityfocus.com/archive/1/477156/100/0/threaded
http://www.securityfocus.com/archive/1/477178/100/0/threaded
http://www.securityfocus.com/archive/1/477240/100/0/threaded
http://www.securitylab.ru/news/301422.php

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-20T19:00:00

Updated: 2024-08-07T14:53:55.865Z

Reserved: 2007-08-20T00:00:00

Link: CVE-2007-4429

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-20T19:17:00.000

Modified: 2024-11-21T00:35:34.680

Link: CVE-2007-4429

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070820 Re: Skype Network Remote DoS Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"}, {"name": "20070820 Re[2]: Skype Network Remote DoS Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"}, {"name": "3032", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3032"}, {"tags": ["x_refsource_MISC"], "url": "http://en.securitylab.ru/poc/extra/301419.php"}, {"tags": ["x_refsource_MISC"], "url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securitylab.ru/news/301422.php"}, {"tags": ["x_refsource_MISC"], "url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"}, {"tags": ["x_refsource_MISC"], "url": "http://en.securitylab.ru/poc/301420.php"}, {"name": "20070820 RE: Skype Network Remote DoS Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"}, {"name": "20070817 Skype Network Remote DoS Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4429", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070820 Re: Skype Network Remote DoS Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"}, {"name": "20070820 Re[2]: Skype Network Remote DoS Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"}, {"name": "3032", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3032"}, {"name": "http://en.securitylab.ru/poc/extra/301419.php", "refsource": "MISC", "url": "http://en.securitylab.ru/poc/extra/301419.php"}, {"name": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html", "refsource": "MISC", "url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"}, {"name": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates", "refsource": "MISC", "url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"}, {"name": "http://www.securitylab.ru/news/301422.php", "refsource": "MISC", "url": "http://www.securitylab.ru/news/301422.php"}, {"name": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html", "refsource": "MISC", "url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"}, {"name": "http://en.securitylab.ru/poc/301420.php", "refsource": "MISC", "url": "http://en.securitylab.ru/poc/301420.php"}, {"name": "20070820 RE: Skype Network Remote DoS Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"}, {"name": "20070817 Skype Network Remote DoS Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:55.865Z"}, "title": "CVE Program Container", "references": [{"name": "20070820 Re: Skype Network Remote DoS Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"}, {"name": "20070820 Re[2]: Skype Network Remote DoS Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"}, {"name": "3032", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3032"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://en.securitylab.ru/poc/extra/301419.php"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securitylab.ru/news/301422.php"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://en.securitylab.ru/poc/301420.php"}, {"name": "20070820 RE: Skype Network Remote DoS Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"}, {"name": "20070817 Skype Network Remote DoS Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4429", "datePublished": "2007-08-20T19:00:00", "dateReserved": "2007-08-20T00:00:00", "dateUpdated": "2024-08-07T14:53:55.865Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:skype_technologies:skype:*:*:*:*:*:*:*:*", "matchCriteriaId": "C35E52EA-E36B-40E6-A97D-130AD2E26F7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Skype, permite a atacantes remotos causar una denegaci\u00f3n de servicio (suspensi\u00f3n del servidor) por medio de vectores desconocidos relacionados a el env\u00edo de URIs largos, como es afirmado para ser explotados activamente en 20070817 usando una \"call to a specific number.\" NOTA: este identificador es para la divulgaci\u00f3n de en.securitylab.ru. Seg\u00fan el proveedor, este problema es independiente de los \"sign-on issues\" que redujo el servicio de Skype en 20070817, lo que parece ser un problema espec\u00edfico del sitio. A partir de 20070821, no est\u00e1 claro si este problema es simplemente un s\u00edntoma de un problema de acceso mayor."}], "id": "CVE-2007-4429", "lastModified": "2024-11-21T00:35:34.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-20T19:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://en.securitylab.ru/poc/301420.php"}, {"source": "cve@mitre.org", "url": "http://en.securitylab.ru/poc/extra/301419.php"}, {"source": "cve@mitre.org", "url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"}, {"source": "cve@mitre.org", "url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3032"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securitylab.ru/news/301422.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://en.securitylab.ru/poc/301420.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://en.securitylab.ru/poc/extra/301419.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitylab.ru/news/301422.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}