CVE-2007-2835

Name of the Vulnerable Software and Affected Versions: unicon-imc2 version 3.0.4

Description: The issue involves multiple stack-based buffer overflows in files CCE pinyin.c and xl pinyin.c within the ImmModules/cce/ directory of unicon-imc2. This allows local users, who have already authenticated, to potentially gain privileges by manipulating the HOME environment variable. The exploitation of these vulnerabilities can lead to breaches of confidentiality, integrity, and availability of protected information.

Recommendations: For unicon-imc2 version 3.0.4, consider restricting access to sensitive areas of the system to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the length of the HOME environment variable could help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.