Vulnerabilities > CVE-2006-2022 - Remote Buffer Overflow and Denial Of Service vulnerability in Fenice
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Fenice OMS 1.10 (long get request) Remote Buffer Overflow Exploit. CVE-2006-2022. Remote exploit for linux platform id EDB-ID:1717 last seen 2016-01-31 modified 2006-04-25 published 2006-04-25 reporter c0d3r source https://www.exploit-db.com/download/1717/ title Fenice Oms 1.10 long get request Remote Buffer Overflow Exploit description Fenice OMS server 1.10 Remote Buffer Overflow Exploit (exec-shield). CVE-2006-2022. Remote exploit for linux platform id EDB-ID:3815 last seen 2016-01-31 modified 2007-04-29 published 2007-04-29 reporter Xpl017Elz source https://www.exploit-db.com/download/3815/ title Fenice Oms server 1.10 - Remote Buffer Overflow Exploit exec-shield
Nessus
NASL family | Gain a shell remotely |
NASL id | FENICE_110.NASL |
description | The remote host is running Fenice, an open source media streaming server for Linux / Unix. The version of Fenice installed on the remote host is affected by an integer overflow vulnerability involving requests with large values for the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21610 |
published | 2006-05-27 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21610 |
title | Fenice <= 1.10 Multiple Remote Vulnerabilities |
code |
|
References
- http://aluigi.altervista.org/adv/fenicex-adv.txt
- http://secunia.com/advisories/19770
- http://securityreason.com/securityalert/794
- http://www.securityfocus.com/archive/1/431870/100/0/threaded
- http://www.securityfocus.com/archive/1/432002/100/0/threaded
- http://www.securityfocus.com/archive/1/436256/100/0/threaded
- http://www.securityfocus.com/bid/17678
- http://www.vupen.com/english/advisories/2006/1491
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26078