Vulnerabilities > CVE-2006-6172 - Remote Buffer Overflow vulnerability in Xine-Lib RuleMatches
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1B043693861711DB93B2000E35248AD7.NASL description The libxine development team reports that several vulnerabilities had been found in the libxine library. The first vulnerability is caused by improper checking of the src/input/libreal/real.c last seen 2020-06-01 modified 2020-06-02 plugin id 23793 published 2006-12-11 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23793 title FreeBSD : libxine -- multiple buffer overflow vulnerabilities (1b043693-8617-11db-93b2-000e35248ad7) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-392-1.NASL description A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 27977 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27977 title Ubuntu 5.10 / 6.06 LTS / 6.10 : xine-lib vulnerability (USN-392-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-357-05.NASL description New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24665 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24665 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 9.1 : xine-lib (SSA:2006-357-05) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-112.NASL description Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25430 published 2007-06-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25430 title Mandrake Linux Security Advisory : mplayer (MDKSA-2007:112) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B2FF68B29F2911DBA4E40211D87675B7.NASL description A potential buffer overflow was found in the code used to handle RealMedia RTSP streams. When checking for matching asm rules, the code stores the results in a fixed-size array, but no boundary checks are performed. This may lead to a buffer overflow if the user is tricked into connecting to a malicious server. Since the attacker cannot write arbitrary data into the buffer, creating an exploit is very hard; but a DoS attack is easily made. A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c, stream/realrtsp/asmrp.h and stream/realrtsp/real.c. last seen 2020-06-01 modified 2020-06-02 plugin id 24007 published 2007-01-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24007 title FreeBSD : mplayer -- buffer overflow in the code for RealMedia RTSP streams. (b2ff68b2-9f29-11db-a4e4-0211d87675b7) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200702-11.NASL description The remote host is affected by the vulnerability described in GLSA-200702-11 (MPlayer: Buffer overflow) When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Impact : An attacker can entice a user to connect to a manipulated RTSP server resulting in a Denial of Service and possibly execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24731 published 2007-02-28 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24731 title GLSA-200702-11 : MPlayer: Buffer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200612-02.NASL description The remote host is affected by the vulnerability described in GLSA-200612-02 (xine-lib: Buffer overflow) A possible buffer overflow has been reported in the Real Media input plugin. Impact : An attacker could exploit this vulnerability by enticing a user into loading a specially crafted stream with xine or an application using xine-lib. This can lead to a Denial of Service and possibly the execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 23796 published 2006-12-11 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23796 title GLSA-200612-02 : xine-lib: Buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-224.NASL description Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24608 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24608 title Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:224) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1244.NASL description It was discovered that the Xine multimedia library performs insufficient sanitising of Real streams, which might lead to the execution of arbitrary code through a buffer overflow. last seen 2020-06-01 modified 2020-06-02 plugin id 23949 published 2006-12-30 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23949 title Debian DSA-1244-1 : xine-lib - buffer overflow
References
- http://secunia.com/advisories/23218
- http://secunia.com/advisories/23242
- http://secunia.com/advisories/23249
- http://secunia.com/advisories/23301
- http://secunia.com/advisories/23335
- http://secunia.com/advisories/23512
- http://secunia.com/advisories/23567
- http://secunia.com/advisories/24336
- http://secunia.com/advisories/24339
- http://secunia.com/advisories/25555
- http://security.gentoo.org/glsa/glsa-200612-02.xml
- http://security.gentoo.org/glsa/glsa-200702-11.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842
- http://sourceforge.net/project/shownotes.php?release_id=468432
- http://www.debian.org/security/2006/dsa-1244
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:224
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:112
- http://www.mplayerhq.hu/design7/news.html#vuln14
- http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
- http://www.novell.com/linux/security/advisories/2006_28_sr.html
- http://www.securityfocus.com/bid/21435
- http://www.ubuntu.com/usn/usn-392-1
- http://www.vupen.com/english/advisories/2006/4824
- https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655