CVE-2006-4197 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-4197
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4197

Description: Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28367 http://xforce.iss.net/xforce/xfdb/28368 UBUNTU http://www.ubuntu.com/usn/usn-363-1 SUSE http://www.novell.com/linux/security/advisories/2006_25_sr.html ST 1016691 SREASON http://securityreason.com/securityalert/1399 SAID Secunia Advisory: SA22639 Secunia Advisory: SA22517 Secunia Advisory: SA22393 Secunia Advisory: SA22191 Secunia Advisory: SA21668 Secunia Advisory: SA21699 Secunia Advisory: SA21404 MISC http://aluigi.altervista.org/adv/brainzbof-adv.txt MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:157 GENTOO http://security.gentoo.org/glsa/glsa-200610-09.xml DEBIAN http://www.debian.org/security/2006/dsa-1162 CONFIRM BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/444843/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/443205/100/0/threaded BID 19508

Return to the previous page.