CVE-2006-4089 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-4089
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4089

Description: Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28308 http://xforce.iss.net/xforce/xfdb/28307 http://xforce.iss.net/xforce/xfdb/28306 SUSE http://www.novell.com/linux/security/advisories/2006_21_sr.html SREASON http://securityreason.com/securityalert/1356 SAID Secunia Advisory: SA22018 Secunia Advisory: SA21749 Secunia Advisory: SA21639 Secunia Advisory: SA21422 OSVDB 27884 27885 27883 MISC http://aluigi.altervista.org/adv/alsapbof-adv.txt GENTOO http://security.gentoo.org/glsa/glsa-200608-24.xml FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html DEBIAN http://www.debian.org/security/2006/dsa-1179 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/442725/100/0/threaded BID 19450

Return to the previous page.