Vulnerabilities > CVE-2006-2023 - Remote Buffer Overflow and Denial Of Service vulnerability in Fenice
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Gain a shell remotely |
NASL id | FENICE_110.NASL |
description | The remote host is running Fenice, an open source media streaming server for Linux / Unix. The version of Fenice installed on the remote host is affected by an integer overflow vulnerability involving requests with large values for the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21610 |
published | 2006-05-27 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21610 |
title | Fenice <= 1.10 Multiple Remote Vulnerabilities |
code |
|
References
- http://aluigi.altervista.org/adv/fenicex-adv.txt
- http://secunia.com/advisories/19770
- http://securityreason.com/securityalert/794
- http://www.osvdb.org/24882
- http://www.securityfocus.com/archive/1/431870/100/0/threaded
- http://www.securityfocus.com/archive/1/436256/100/0/threaded
- http://www.securityfocus.com/bid/17678
- http://www.vupen.com/english/advisories/2006/1491
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26080