ID CVE-2006-2802 Type cve Reporter NVD Modified 2017-10-18T21:29:09
Description
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
{"result": {"nessus": [{"id": "UBUNTU_USN-295-1.NASL", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : xine-lib vulnerability (USN-295-1)", "description": "Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input module. By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27867", "cvelist": ["CVE-2006-2802"], "lastseen": "2017-10-29T13:44:51"}, {"id": "SUSE_XINE-LIB-1599.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : xine-lib (xine-lib-1599)", "description": "Missing length checks in the HTTP plugin could lead to a buffer overflow on the heap (CVE-2006-2802).", "published": "2007-10-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27484", "cvelist": ["CVE-2006-2802"], "lastseen": "2017-10-29T13:42:56"}, {"id": "GENTOO_GLSA-200609-08.NASL", "type": "nessus", "title": "GLSA-200609-08 : xine-lib: Buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200609-08 (xine-lib: Buffer overflows)\n\n xine-lib contains buffer overflows in the processing of AVI.\n Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin (xineplug_inp_http.so) via a long reply from an HTTP server.\n Impact :\n\n An attacker could trigger the buffer overflow vulnerabilities by enticing a user to load a specially crafted AVI file in xine. This might result in the execution of arbitrary code with the rights of the user running xine. Additionally, a remote HTTP server serving a xine client a specially crafted reply could crash xine and possibly execute arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-09-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22353", "cvelist": ["CVE-2006-2802"], "lastseen": "2018-07-12T17:44:55"}, {"id": "FREEBSD_PKG_107E2EE5F94111DAB1FA020039488E34.NASL", "type": "nessus", "title": "FreeBSD : libxine -- buffer overflow vulnerability (107e2ee5-f941-11da-b1fa-020039488e34)", "description": "A Secunia Advisory reports :\n\nFederico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system.\n\nThe weakness is cause due to a heap corruption within the 'xineplug_inp_http.so' plugin when handling an overly large reply from the HTTP server. This can be exploited to crash an application that uses the plugin (e.g. gxine).", "published": "2006-06-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21700", "cvelist": ["CVE-2006-2802"], "lastseen": "2017-10-29T13:39:28"}, {"id": "MANDRAKE_MDKSA-2006-108.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:108)", "description": "A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802)\n\nIn addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue.\n\nThe updated packages have been patched to correct these issues.", "published": "2006-06-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21752", "cvelist": ["CVE-2006-2802"], "lastseen": "2017-10-29T13:43:02"}, {"id": "DEBIAN_DSA-1105.NASL", "type": "nessus", "title": "Debian DSA-1105-1 : xine-lib - buffer overflow", "description": "Federico L. Bossi Bonin discovered a buffer overflow in the HTTP Plugin in xine-lib, the xine video/media player library, that could allow a remote attacker to cause a denial of service.", "published": "2006-10-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22647", "cvelist": ["CVE-2006-2802"], "lastseen": "2018-07-10T05:46:03"}, {"id": "SLACKWARE_SSA_2006-207-04.NASL", "type": "nessus", "title": "Slackware 10.2 / current : xine-lib (SSA:2006-207-04)", "description": "New xine-lib packages are available for Slackware 10.2 and -current to fix security issues.", "published": "2006-07-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22101", "cvelist": ["CVE-2006-2802", "CVE-2005-4048"], "lastseen": "2017-10-29T13:46:05"}], "openvas": [{"id": "OPENVAS:56933", "type": "openvas", "title": "FreeBSD Ports: libxine", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56933", "cvelist": ["CVE-2006-2802"], "lastseen": "2017-07-02T21:10:26"}, {"id": "OPENVAS:57886", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200609-08 (xine-lib)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200609-08.", "published": "2008-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57886", "cvelist": ["CVE-2006-2802"], "lastseen": "2017-07-24T12:49:57"}, {"id": "OPENVAS:57082", "type": "openvas", "title": "Debian Security Advisory DSA 1105-1 (xine-lib)", "description": "The remote host is missing an update to xine-lib\nannounced via advisory DSA 1105-1.\n\nFederico L. Bossi Bonin discovered a buffer overflow in the HTTP\nPlugin in xine-lib, the xine video/media player library, that could\nallow a remote attacker to cause a denial of service.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody5.", "published": "2008-01-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57082", "cvelist": ["CVE-2006-2802"], "lastseen": "2017-07-24T12:50:12"}, {"id": "OPENVAS:136141256231057173", "type": "openvas", "title": "Slackware Advisory SSA:2006-207-04 xine-lib", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.", "published": "2012-09-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057173", "cvelist": ["CVE-2006-2802", "CVE-2005-4048"], "lastseen": "2018-02-05T11:08:34"}, {"id": "OPENVAS:57173", "type": "openvas", "title": "Slackware Advisory SSA:2006-207-04 xine-lib", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.", "published": "2012-09-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57173", "cvelist": ["CVE-2006-2802", "CVE-2005-4048"], "lastseen": "2017-07-24T12:50:42"}], "osvdb": [{"id": "OSVDB:25936", "type": "osvdb", "title": "xine-lib xineplug_inp_http.so HTTP Response Remote Overflow", "description": "## Vulnerability Description\nA remote overflow exists in xine-lib. The xineplug_inp_http.so library fails to properly check bounds for HTTP responses resulting in a buffer overflow. By tricking a victim into opening an HTTP link to a malicious website, an attacker can cause arbitary code execution on the victim\\'s system resulting in a loss of integrity.\n## Technical Description\nApplications that use a vulnerable version of the library may also be affected.\n## Solution Description\nUpgrade to cvs version (after 2006-05-31) or version 1.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in xine-lib. The xineplug_inp_http.so library fails to properly check bounds for HTTP responses resulting in a buffer overflow. By tricking a victim into opening an HTTP link to a malicious website, an attacker can cause arbitary code execution on the victim\\'s system resulting in a loss of integrity.\n## Manual Testing Notes\nperl -e 'print \"A\"x\"9500\"' | nc -lp 8080\nand then open \"xine http://localhost:8080/foo.mpg\"\n## References:\nVendor URL: http://xinehq.de/\nVendor Specific Solution URL: http://sourceforge.net/mailarchive/forum.php?thread_id=11077232&forum_id=11923\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:108)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1105)\n[Vendor Specific Advisory URL](http://sourceforge.net/mailarchive/forum.php?thread_id=11076540&forum_id=7131)\n[Secunia Advisory ID:20369](https://secuniaresearch.flexerasoftware.com/advisories/20369/)\n[Secunia Advisory ID:20766](https://secuniaresearch.flexerasoftware.com/advisories/20766/)\n[Secunia Advisory ID:20828](https://secuniaresearch.flexerasoftware.com/advisories/20828/)\n[Secunia Advisory ID:20942](https://secuniaresearch.flexerasoftware.com/advisories/20942/)\n[Secunia Advisory ID:20549](https://secuniaresearch.flexerasoftware.com/advisories/20549/)\n[Secunia Advisory ID:21919](https://secuniaresearch.flexerasoftware.com/advisories/21919/)\nOther Advisory URL: http://www.securiteam.com/unixfocus/5JP0W0AIKA.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-08.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-295-1\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html\nGeneric Exploit URL: http://milw0rm.com/exploits/1852\n[CVE-2006-2802](https://vulners.com/cve/CVE-2006-2802)\nBugtraq ID: 18187\n", "published": "2006-05-30T10:50:10", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:25936", "cvelist": ["CVE-2006-2802"], "lastseen": "2017-04-28T13:20:22"}], "gentoo": [{"id": "GLSA-200609-08", "type": "gentoo", "title": "xine-lib: Buffer overflows", "description": "### Background\n\nxine is a high performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. \n\n### Description\n\nxine-lib contains buffer overflows in the processing of AVI. Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin (xineplug_inp_http.so) via a long reply from an HTTP server. \n\n### Impact\n\nAn attacker could trigger the buffer overflow vulnerabilities by enticing a user to load a specially crafted AVI file in xine. This might result in the execution of arbitrary code with the rights of the user running xine. Additionally, a remote HTTP server serving a xine client a specially crafted reply could crash xine and possibly execute arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-lib users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.2-r2\"", "published": "2006-09-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200609-08", "cvelist": ["CVE-2006-2802"], "lastseen": "2016-09-06T19:47:04"}], "exploitdb": [{"id": "EDB-ID:1852", "type": "exploitdb", "title": "gxine 0.5.6 HTTP Plugin Remote Buffer Overflow PoC", "description": "gxine 0.5.6 (HTTP Plugin) Remote Buffer Overflow PoC. CVE-2006-2802. Dos exploit for linux platform", "published": "2006-05-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/1852/", "cvelist": ["CVE-2006-2802"], "lastseen": "2016-01-31T15:00:43"}], "ubuntu": [{"id": "USN-295-1", "type": "ubuntu", "title": "xine-lib vulnerability", "description": "Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input module. By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user\u2019s privileges.", "published": "2006-06-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/295-1/", "cvelist": ["CVE-2006-2802"], "lastseen": "2018-03-29T18:21:03"}], "freebsd": [{"id": "107E2EE5-F941-11DA-B1FA-020039488E34", "type": "freebsd", "title": "libxine -- buffer overflow vulnerability", "description": "\nA Secunia Advisory reports:\n\nFederico L. Bossi Bonin has discovered a weakness in xine-lib,\n\t which can be exploited by malicious people to crash certain\n\t applications on a user's system.\nThe weakness is cause due to a heap corruption within the\n\t \"xineplug_inp_http.so\" plugin when handling an overly large\n\t reply from the HTTP server. This can be exploited to crash\n\t an application that uses the plugin (e.g. gxine).\n\n", "published": "2006-05-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/107e2ee5-f941-11da-b1fa-020039488e34.html", "cvelist": ["CVE-2006-2802"], "lastseen": "2016-09-26T17:25:07"}], "debian": [{"id": "DSA-1105", "type": "debian", "title": "xine-lib -- buffer overflow", "description": "Federico L. Bossi Bonin discovered a buffer overflow in the HTTP Plugin in xine-lib, the xine video/media player library, that could allow a remote attacker to cause a denial of service.\n\nFor the old stable distribution (woody) this problem has been fixed in version 0.9.8-2woody5.\n\nFor the stable distribution (sarge) this problem has been fixed in version 1.0.1-1sarge3.\n\nFor the unstable distribution (sid) this problem has been fixed in version 1.1.1-2.\n\nWe recommend that you upgrade your libxine packages.", "published": "2006-07-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1105", "cvelist": ["CVE-2006-2802"], "lastseen": "2016-09-02T18:33:13"}], "slackware": [{"id": "SSA-2006-207-04", "type": "slackware", "title": "xine-lib", "description": "New xine-lib packages are available for Slackware 10.2 and -current to\nfix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802\n\nEvidently there is also an issue involving AVI files which has not\nbeen issued a CVE entry.\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/xine-lib-1.1.2-i686-1.tgz:\n Upgraded to xine-lib-1.1.2.\n According to xinehq.de's announcement:\n There are three security fixes:\n - CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs);\n - CVE-2006-2802: possible buffer overflow in the HTTP plugin;\n - possible buffer overflow via bad indexes in specially-crafted AVI files.\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xine-lib-1.1.2-i686-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xine-lib-1.1.2-i686-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\nd5d3dcd06fd6cc4f68d2a4717f507f21 xine-lib-1.1.2-i686-1.tgz\n\nSlackware -current package:\na82c9b20ccaec12f770cc1e4f63511d7 xine-lib-1.1.2-i686-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xine-lib-1.1.2-i686-1.tgz", "published": "2006-07-26T14:25:49", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.391759", "cvelist": ["CVE-2006-2802", "CVE-2005-4048"], "lastseen": "2018-02-02T18:11:31"}]}}
