Vulnerabilities > CVE-2006-2802 - Buffer Overflow vulnerability in Xine-Lib HTTP Response
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | gxine 0.5.6 (HTTP Plugin) Remote Buffer Overflow PoC. CVE-2006-2802. Dos exploit for linux platform |
file | exploits/linux/dos/1852.c |
id | EDB-ID:1852 |
last seen | 2016-01-31 |
modified | 2006-05-30 |
platform | linux |
port | |
published | 2006-05-30 |
reporter | Federico L. Bossi Bonin |
source | https://www.exploit-db.com/download/1852/ |
title | gxine 0.5.6 HTTP Plugin Remote Buffer Overflow PoC |
type | dos |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-174.NASL description Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24560 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24560 title Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2006:174) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-08.NASL description The remote host is affected by the vulnerability described in GLSA-200609-08 (xine-lib: Buffer overflows) xine-lib contains buffer overflows in the processing of AVI. Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin (xineplug_inp_http.so) via a long reply from an HTTP server. Impact : An attacker could trigger the buffer overflow vulnerabilities by enticing a user to load a specially crafted AVI file in xine. This might result in the execution of arbitrary code with the rights of the user running xine. Additionally, a remote HTTP server serving a xine client a specially crafted reply could crash xine and possibly execute arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22353 published 2006-09-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22353 title GLSA-200609-08 : xine-lib: Buffer overflows NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_107E2EE5F94111DAB1FA020039488E34.NASL description A Secunia Advisory reports : Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user last seen 2020-06-01 modified 2020-06-02 plugin id 21700 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21700 title FreeBSD : libxine -- buffer overflow vulnerability (107e2ee5-f941-11da-b1fa-020039488e34) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-295-1.NASL description Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input module. By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 27867 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27867 title Ubuntu 5.04 / 5.10 / 6.06 LTS : xine-lib vulnerability (USN-295-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1105.NASL description Federico L. Bossi Bonin discovered a buffer overflow in the HTTP Plugin in xine-lib, the xine video/media player library, that could allow a remote attacker to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22647 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22647 title Debian DSA-1105-1 : xine-lib - buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-176.NASL description Xine-lib uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24562 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24562 title Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:176) NASL family SuSE Local Security Checks NASL id SUSE_XINE-LIB-1599.NASL description Missing length checks in the HTTP plugin could lead to a buffer overflow on the heap (CVE-2006-2802). last seen 2020-06-01 modified 2020-06-02 plugin id 27484 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27484 title openSUSE 10 Security Update : xine-lib (xine-lib-1599) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-173.NASL description Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24559 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24559 title Mandrake Linux Security Advisory : ffmpeg (MDKSA-2006:173) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-108.NASL description A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802) In addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21752 published 2006-06-24 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21752 title Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:108) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-207-04.NASL description New xine-lib packages are available for Slackware 10.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 22101 published 2006-07-28 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22101 title Slackware 10.2 / current : xine-lib (SSA:2006-207-04) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-175.NASL description Mplayer uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24561 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24561 title Mandrake Linux Security Advisory : mplayer (MDKSA-2006:175)
References
- http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html
- http://secunia.com/advisories/20369
- http://secunia.com/advisories/20549
- http://secunia.com/advisories/20766
- http://secunia.com/advisories/20828
- http://secunia.com/advisories/20942
- http://secunia.com/advisories/21919
- http://security.gentoo.org/glsa/glsa-200609-08.xml
- http://www.debian.org/security/2006/dsa-1105
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:108
- http://www.osvdb.org/25936
- http://www.securityfocus.com/bid/18187
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26972
- https://usn.ubuntu.com/295-1/
- https://www.exploit-db.com/exploits/1852