Lucene search

K

MitreCVE-2006-6172

HistoryNov 30, 2006 - 3:28 p.m.

CVE-2006-6172

2006-11-3015:28:00

mitre

web.nvd.nist.gov

29

cve-2006-6172

buffer overflow

realmedia

rtsp

denial of service

code execution

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.091

Percentile

94.7%

Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

Affected configurations

Nvd

Node

mplayermplayerRange≤1.0_rc1

OR

xinereal_media_input_plugin

VendorProductVersionCPE
mplayermplayer*cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
xinereal_media_input_plugin*cpe:2.3:a:xine:real_media_input_plugin:*:*:*:*:*:*:*:*

References

secunia.com/advisories/23218

secunia.com/advisories/23242

secunia.com/advisories/23249

secunia.com/advisories/23301

secunia.com/advisories/23335

secunia.com/advisories/23512

secunia.com/advisories/23567

secunia.com/advisories/24336

secunia.com/advisories/24339

secunia.com/advisories/25555

security.gentoo.org/glsa/glsa-200612-02.xml

security.gentoo.org/glsa/glsa-200702-11.xml

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842

sourceforge.net/project/shownotes.php?release_id=468432

www.debian.org/security/2006/dsa-1244

www.mandriva.com/security/advisories?name=MDKSA-2006:224

www.mandriva.com/security/advisories?name=MDKSA-2007:112

www.mplayerhq.hu/design7/news.html#vuln14

www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff

www.novell.com/linux/security/advisories/2006_28_sr.html

www.securityfocus.com/bid/21435

www.ubuntu.com/usn/usn-392-1

www.vupen.com/english/advisories/2006/4824

sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.091

Percentile

94.7%

Related for CVE-2006-6172

nessus9 cvelist1 openvas13 gentoo2 debiancve1 nvd1 ubuntucve1 ubuntu1 freebsd2 debian1 securityvulns1