Vulnerabilities > CVE-2006-4197 - Buffer Overflow vulnerability in Libmusicbrainz
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Libmusicbrainz 2.0.2/2.1.x Multiple Buffer Overflow Vulnerabilities. CVE-2006-4197. Dos exploit for linux platform |
| id | EDB-ID:28384 |
| last seen | 2016-02-03 |
| modified | 2006-08-14 |
| published | 2006-08-14 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/28384/ |
| title | Libmusicbrainz 2.0.2/2.1.x - Multiple Buffer Overflow Vulnerabilities |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200610-09.NASL description The remote host is affected by the vulnerability described in GLSA-200610-09 (libmusicbrainz: Multiple buffer overflows) Luigi Auriemma reported a possible buffer overflow in the MBHttp::Download function of lib/http.cpp as well as several possible buffer overflows in lib/rdfparse.c. Impact : A remote attacker could be able to execute arbitrary code or cause Denial of Service by making use of an overly long last seen 2020-06-01 modified 2020-06-02 plugin id 22920 published 2006-10-25 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22920 title GLSA-200610-09 : libmusicbrainz: Multiple buffer overflows NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-363-1.NASL description Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz. When a user made queries to MusicBrainz servers, it was possible for malicious servers, or man-in-the-middle systems posing as servers, to send a crafted reply to the client request and remotely gain access to the user last seen 2020-06-01 modified 2020-06-02 plugin id 27943 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27943 title Ubuntu 5.04 / 5.10 / 6.06 LTS : libmusicbrainz-2.0, libmusicbrainz-2.1 vulnerability (USN-363-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1162.NASL description Luigi Auriemma discovered several buffer overflows in libmusicbrainz, a CD index library, that allow remote attackers to cause a denial of service or execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22704 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22704 title Debian DSA-1162-1 : libmusicbrainz-2.0 - buffer overflows NASL family SuSE Local Security Checks NASL id SUSE_LIBMUSICBRAINZ-2042.NASL description This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. (CVE-2006-4197) last seen 2020-06-01 modified 2020-06-02 plugin id 29505 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29505 title SuSE 10 Security Update : libmusicbrainz (ZYPP Patch Number 2042) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-157.NASL description Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. The updated packages have been patched to correct this issue. Update : Packages are now available for Mandriva Linux 2007. last seen 2020-06-01 modified 2020-06-02 plugin id 23901 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23901 title Mandrake Linux Security Advisory : musicbrainz (MDKSA-2006:157-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_ED124F8C82A211DBB46B0012F06707F0.NASL description SecurityFocus reports about libmusicbrainz : The libmusicbrainz library is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer. An attacker can exploit these issues to execute arbitrary code within the context of the application or to cause a denial-of-service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 23761 published 2006-12-04 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23761 title FreeBSD : libmusicbrainz -- multiple buffer overflow vulnerabilities (ed124f8c-82a2-11db-b46b-0012f06707f0) NASL family SuSE Local Security Checks NASL id SUSE_LIBMUSICBRAINZ-2044.NASL description This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. (CVE-2006-4197) last seen 2020-06-01 modified 2020-06-02 plugin id 27327 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27327 title openSUSE 10 Security Update : libmusicbrainz (libmusicbrainz-2044)
References
- http://aluigi.altervista.org/adv/brainzbof-adv.txt
- http://secunia.com/advisories/21404
- http://secunia.com/advisories/21668
- http://secunia.com/advisories/21699
- http://secunia.com/advisories/22191
- http://secunia.com/advisories/22393
- http://secunia.com/advisories/22517
- http://secunia.com/advisories/22639
- http://security.gentoo.org/glsa/glsa-200610-09.xml
- http://securityreason.com/securityalert/1399
- http://securitytracker.com/id?1016691
- http://www.debian.org/security/2006/dsa-1162
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:157
- http://www.novell.com/linux/security/advisories/2006_25_sr.html
- http://www.securityfocus.com/archive/1/443205/100/0/threaded
- http://www.securityfocus.com/archive/1/444843/100/0/threaded
- http://www.securityfocus.com/bid/19508
- http://www.ubuntu.com/usn/usn-363-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28367
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28368
- https://issues.rpath.com/browse/RPL-610