Vulnerabilities > CVE-2006-3124 - Buffer Overflow vulnerability in Streamripper 1.61.24/1.61.25
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Streamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Exploit. CVE-2006-3124. Remote exploit for linux platform |
id | EDB-ID:2274 |
last seen | 2016-01-31 |
modified | 2006-08-29 |
published | 2006-08-29 |
reporter | Expanders |
source | https://www.exploit-db.com/download/2274/ |
title | Streamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Exploit |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-01.NASL description The remote host is affected by the vulnerability described in GLSA-200609-01 (Streamripper: Multiple remote buffer overflows) Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing malformed HTTP headers. Impact : By enticing a user to connect to a malicious server, an attacker could execute arbitrary code with the permissions of the user running Streamripper Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22323 published 2006-09-12 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22323 title GLSA-200609-01 : Streamripper: Multiple remote buffer overflows NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1158.NASL description Ulf Harnhammar from the Debian Security Audit Project discovered that streamripper, a utility to record online radio-streams, performs insufficient sanitising of data received from the streaming server, which might lead to buffer overflows and the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22700 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22700 title Debian DSA-1158-1 : streamripper - buffer overflow
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/streamripper-aug292006.c
- http://secunia.com/advisories/21579
- http://secunia.com/advisories/21658
- http://secunia.com/advisories/21749
- http://secunia.com/advisories/21801
- http://security.gentoo.org/glsa/glsa-200609-01.xml
- http://sourceforge.net/project/shownotes.php?release_id=442126
- http://www.debian.org/security/2006/dsa-1158
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://www.osvdb.org/28178
- http://www.securityfocus.com/bid/19707
- http://www.vupen.com/english/advisories/2006/3387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28567