Vulnerabilities > CVE-2006-3124 - Buffer Overflow vulnerability in Streamripper 1.61.24/1.61.25

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
streamripper
nessus
exploit available

Summary

Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.

Vulnerable Configurations

Part Description Count
Application
Streamripper
2

Exploit-Db

descriptionStreamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Exploit. CVE-2006-3124. Remote exploit for linux platform
idEDB-ID:2274
last seen2016-01-31
modified2006-08-29
published2006-08-29
reporterExpanders
sourcehttps://www.exploit-db.com/download/2274/
titleStreamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Exploit

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200609-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200609-01 (Streamripper: Multiple remote buffer overflows) Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing malformed HTTP headers. Impact : By enticing a user to connect to a malicious server, an attacker could execute arbitrary code with the permissions of the user running Streamripper Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id22323
    published2006-09-12
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22323
    titleGLSA-200609-01 : Streamripper: Multiple remote buffer overflows
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1158.NASL
    descriptionUlf Harnhammar from the Debian Security Audit Project discovered that streamripper, a utility to record online radio-streams, performs insufficient sanitising of data received from the streaming server, which might lead to buffer overflows and the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22700
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22700
    titleDebian DSA-1158-1 : streamripper - buffer overflow