Vulnerabilities > CVE-2006-0051 - Remote HTTP_Peek Buffer Overflow vulnerability in Kaffeine
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200604-04.NASL description The remote host is affected by the vulnerability described in GLSA-200604-04 (Kaffeine: Buffer overflow) Kaffeine uses an unchecked buffer when fetching remote RAM playlists via HTTP. Impact : A remote attacker could entice a user to play a specially crafted RAM playlist resulting in the execution of arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21197 published 2006-04-08 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21197 title GLSA-200604-04 : Kaffeine: Buffer overflow NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-268-1.NASL description Marcus Meissner discovered a buffer overflow in the http_peek() function. By tricking an user into opening a specially crafted playlist URL with Kaffeine, a remote attacker could exploit this to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 21204 published 2006-04-08 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21204 title Ubuntu 5.04 / 5.10 : kaffeine vulnerability (USN-268-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-065.NASL description Marcus Meissner discovered Kaffeine contains an unchecked buffer while creating HTTP request headers for fetching remote RAM playlists, which allows overflowing a heap allocated buffer. As a result, remotely supplied RAM playlists can be used to execute arbitrary code on the client machine. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21200 published 2006-04-08 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21200 title Mandrake Linux Security Advisory : kaffeine (MDKSA-2006:065) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1023.NASL description Marcus Meissner discovered that kaffeine, a versatile media player for KDE 3, contains an unchecked buffer that can be overwritten remotely when fetching remote RAM playlists which can cause the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22565 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22565 title Debian DSA-1023-1 : kaffeine - buffer overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4BFCD857C62811DAB2FB000E0C2E438A.NASL description The KDE team reports : Kaffeine can produce a buffer overflow in http_peek() while creating HTTP request headers for fetching remote playlists, which under certain circumstances could be used to crash the application and/or execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 21426 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21426 title FreeBSD : kaffeine -- buffer overflow vulnerability (4bfcd857-c628-11da-b2fb-000e0c2e438a)
References
- http://secunia.com/advisories/19525
- http://secunia.com/advisories/19540
- http://secunia.com/advisories/19542
- http://secunia.com/advisories/19549
- http://secunia.com/advisories/19557
- http://secunia.com/advisories/19571
- http://securitytracker.com/id?1015863
- http://www.debian.org/security/2006/dsa-1023
- http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml
- http://www.kde.org/info/security/advisory-20060404-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:065
- http://www.novell.com/linux/security/advisories/2006_08_sr.html
- http://www.securityfocus.com/archive/1/430319/100/0/threaded
- http://www.securityfocus.com/bid/17372
- http://www.vupen.com/english/advisories/2006/1229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25631
- https://usn.ubuntu.com/268-1/