Kaffeine Buffer Overflow in http_peek() When Fetching Playlists Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1015863
|
|
SecurityTracker URL: http://securitytracker.com/id?1015863
|
|
CVE Reference: CVE-2006-0051
(Links to External Site)
|
Date: Apr 4 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: KDE Security Advisory
|
Version(s): 0.4.2 - 0.7.1
|
Description: A vulnerability was reported in Kaffeine. A remote user can cause arbitrary code to be exected on the target user's system.
A remote user can create a specially crafted playlist that, when loaded by the target user, will trigger a buffer overflow and execute
arbitrary code on the target user's system. The overflow occurs in the http_peek() function when creating HTTP request headers
for fetching a remote playlist.
The vendor credits Marcus Meissner with discovering this vulnerability.
|
Impact: A remote user can create a playlist that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: The vendor has issued the following patches.
Patch for Kaffeine 0.7.x is available from
ftp://ftp.kde.org/pub/kde/security_patches
:
45cdf59fc1d9d94b045915e9583187d8 kaffeine-0.7.x-CVE-2006-0051.patch
Patch for Kaffeine 0.5.x is available
from
ftp://ftp.kde.org/pub/kde/security_patches :
86109b6919cc2984f85dc6a463627c50 kaffeine-0.5.x-CVE-2006-0051.patch
Patch for Kaffeine 0.4.x is available from
ftp://ftp.kde.org/pub/kde/security_patches :
feb69d70388b0a4745b29a644a3f7779
kaffeine-0.4.x-CVE-2006-0051.patch
Version 0.8.0 is not affected.
The vendor's advisory is available at:
http://www.kde.org/info/security/advisory-20060404-1.tx
t
|
Vendor URL: www.kde.org/info/security/advisory-20060404-1.txt (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 4 Apr 2006 08:15:49 -0400
Subject: KDE Security Advisory: Kaffeine buffer overflow
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
KDE Security Advisory: Kaffeine buffer overflow
Original Release Date: 2006-04-04
URL: http://www.kde.org/info/security/advisory-20060404-1.txt
0. References
CVE-2006-0051
1. Systems affected:
Kaffeine 0.4.2 up to including Kaffeine 0.7.1. Kaffeine
0.8.0 not affected.
2. Overview:
Kaffeine can produce a buffer overflow in http_peek() while
creating HTTP request headers for fetching remote playlists,
which under certain circumstances could be used to crash the
application and/or execute arbitrary code.
3. Impact:
Remotely supplied playlists can be used to execute arbitrary
code on the local machine.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patch for Kaffeine 0.7.x is available from
ftp://ftp.kde.org/pub/kde/security_patches :
45cdf59fc1d9d94b045915e9583187d8 kaffeine-0.7.x-CVE-2006-0051.patch
Patch for Kaffeine 0.5.x is available from
ftp://ftp.kde.org/pub/kde/security_patches :
86109b6919cc2984f85dc6a463627c50 kaffeine-0.5.x-CVE-2006-0051.patch
Patch for Kaffeine 0.4.x is available from
ftp://ftp.kde.org/pub/kde/security_patches :
feb69d70388b0a4745b29a644a3f7779 kaffeine-0.4.x-CVE-2006-0051.patch
6. Credits:
We'd like to thank Marcus Meissner for discovering and reporting
the issue.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEMkuBvsXr+iuy1UoRAoN2AJ9BjdLWrZMOWfcN0gs0E3fvsvwA6wCgu+tO
Lf67/SPily7xGF5IZYlWQlo=
=g/XR
-----END PGP SIGNATURE-----
|
|
