CVE-2007-2652

Name of the Vulnerable Software and Affected Versions Free-SA versions prior to 1.2.2

Description The issue involves multiple unspecified vulnerabilities that allow remote attackers to execute arbitrary code. These vulnerabilities are related to certain sprintf and vsprintf calls in various files, including those in the reports/ and work/ directories. The files affected include r index.c, r reports.c, r topsites.c, r topuser.c, r typical.c, r userdatetime.c, r users.c, w fs.c, w internal.c, and w log operations.c. The vulnerabilities are probably related to buffer overflows.

Recommendations For Free-SA versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected files and directories until a patch is applied. Avoid using the sprintf and vsprintf functions in the affected files until the issue is resolved.