CVE-2007-4566

Alpha Centauri Software SIDVault <2.0f - RCE

Title source: llm

Description

Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind.

Exploits (4)

exploitdb WORKING POC VERIFIED

by blake · pythonremotewindows

https://www.exploit-db.com/exploits/9586

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Joxean Koret · pythonremotelinux

https://www.exploit-db.com/exploits/4315

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by SkuLL-HackeR · pythonremotewindows

https://www.exploit-db.com/exploits/9596

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by His0k4 · rubyremotewindows

https://www.exploit-db.com/exploits/9592

View Code ZIP pw:eip

References (8)

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065453.html

[Patch, Vendor Advisory] http://secunia.com/advisories/26613

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36272

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/477821/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25460

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018612

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2976

[Third Party Advisory] http://securityreason.com/securityalert/3061

Scores

EPSS 0.5445

EPSS Percentile 98.0%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

alpha_centauri_software/sidvault_ldap_server < 2.0e

Timeline

Published Aug 28, 2007

Tracked Since Feb 18, 2026