Vulnerabilities > CVE-2006-3814 - Buffer Overflow vulnerability in Cheese Tracker XM Loader
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Cheese Tracker <= 0.9.9 Local Buffer Overflow Exploit PoC. CVE-2006-3814. Local exploit for windows platform |
| id | EDB-ID:2065 |
| last seen | 2016-01-31 |
| modified | 2006-07-23 |
| published | 2006-07-23 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/2065/ |
| title | Cheese Tracker <= 0.9.9 - Local Buffer Overflow Exploit PoC |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1166.NASL description Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22708 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22708 title Debian DSA-1166-2 : cheesetracker - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1166. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22708); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-3814"); script_xref(name:"DSA", value:"1166"); script_name(english:"Debian DSA-1166-2 : cheesetracker - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380364" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1166" ); script_set_attribute( attribute:"solution", value: "Upgrade the cheesetracker package. For the stable distribution (sarge) this problem has been fixed in version 0.9.9-1sarge1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cheesetracker"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"cheesetracker", reference:"0.9.9-1sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200610-13.NASL description The remote host is affected by the vulnerability described in GLSA-200610-13 (Cheese Tracker: Buffer Overflow) Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp. Impact : An attacker could execute arbitrary code with the rights of the user running Cheese Tracker by enticing a user to load a crafted file with large amount of extra data. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22928 published 2006-10-31 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22928 title GLSA-200610-13 : Cheese Tracker: Buffer Overflow
References
- http://aluigi.altervista.org/adv/cheesebof-adv.txt
- http://secunia.com/advisories/21759
- http://secunia.com/advisories/22643
- http://securityreason.com/securityalert/1291
- http://www.debian.org/security/2006/dsa-1166
- http://www.gentoo.org/security/en/glsa/glsa-200610-13.xml
- http://www.securityfocus.com/archive/1/440962/100/0/threaded
- http://www.securityfocus.com/bid/19115
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27957