Vulnerability Name:

CVE-2006-4192 (CCN-28305)

Assigned:2006-08-09
Published:2006-08-09
Updated:2018-10-17
Summary:Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-Other
CWE-190
CWE-122
CWE-122
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Luigi Auriemma Advisory 09 Aug 2006
Stack and heap overflows in Modplug Tracker / OpenMPT 1.17.02.43 (SVN 157)

Source: MISC
Type: UNKNOWN
http://aluigi.altervista.org/adv/mptho-adv.txt

Source: CONFIRM
Type: UNKNOWN
http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3ac

Source: MITRE
Type: CNA
CVE-2006-4192

Source: CCN
Type: OpenMPT Web site
MODPlug Central Forum Index

Source: CCN
Type: RHSA-2011-0477
Important: gstreamer-plugins security update

Source: CCN
Type: SA21418
OpenMPT Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21418

Source: SECUNIA
Type: UNKNOWN
22080

Source: CCN
Type: SA22658
libmodplug Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22658

Source: SECUNIA
Type: UNKNOWN
23294

Source: SECUNIA
Type: UNKNOWN
23555

Source: SECUNIA
Type: UNKNOWN
26979

Source: GENTOO
Type: UNKNOWN
GLSA-200612-04

Source: SREASON
Type: UNKNOWN
1397

Source: CCN
Type: GLSA-200612-04
ModPlug: Multiple buffer overflows

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:001

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:023

Source: BUGTRAQ
Type: UNKNOWN
20060809 Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8

Source: BID
Type: UNKNOWN
19448

Source: CCN
Type: BID-19448
OpenMPT Multiple Remote Code Execution Vulnerabilities

Source: CCN
Type: USN-521-1
libmodplug vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-521-1

Source: VUPEN
Type: UNKNOWN
ADV-2006-3231

Source: VUPEN
Type: UNKNOWN
ADV-2006-4310

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=497154

Source: XF
Type: UNKNOWN
openmpt-loadit-bo(28305)

Source: XF
Type: UNKNOWN
openmpt-loadit-bo(28305)

Source: XF
Type: UNKNOWN
openmpt-readsample-bo(28309)

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0477

Source: SUSE
Type: SUSE-SR:2006:023
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:modplug:tracker:*:*:*:*:*:*:*:* (Version <= 1.17.02.43)

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:openmpt:openmpt:1.17.02.43:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-4192 (CCN-28309)

    Assigned:2006-08-17
    Published:2006-08-17
    Updated:2018-10-17
    Summary:Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
    CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
    3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
    3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
    3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-Other
    CWE-190
    CWE-122
    CWE-122
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Luigi Auriemma Advisory 09 Aug 2006
    Stack and heap overflows in Modplug Tracker / OpenMPT 1.17.02.43 (SVN 157)

    Source: MITRE
    Type: CNA
    CVE-2006-4192

    Source: CCN
    Type: OpenMPT Web site
    MODPlug Central Forum Index

    Source: CCN
    Type: RHSA-2011-0477
    Important: gstreamer-plugins security update

    Source: CCN
    Type: SA21418
    OpenMPT Buffer Overflow Vulnerabilities

    Source: CCN
    Type: SA22658
    libmodplug Buffer Overflow Vulnerabilities

    Source: CCN
    Type: SourceForge.net: Files
    ModPlug for XMMS, File Release Notes and Changelog, Release Name: 0.8.6

    Source: CCN
    Type: GLSA-200612-04
    ModPlug: Multiple buffer overflows

    Source: CCN
    Type: BID-19448
    OpenMPT Multiple Remote Code Execution Vulnerabilities

    Source: CCN
    Type: USN-521-1
    libmodplug vulnerability

    Source: XF
    Type: UNKNOWN
    openmpt-readsample-bo(28309)

    Source: SUSE
    Type: SUSE-SR:2006:023
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20064192
    V
    CVE-2006-4192
    2015-11-16
    oval:org.mitre.oval:def:17729
    P
    USN-521-1 -- libmodplug vulnerability
    2014-06-30
    oval:com.redhat.rhsa:def:20110477
    P
    RHSA-2011:0477: gstreamer-plugins security update (Important)
    2011-05-02
    BACK
    modplug tracker *
    openmpt openmpt 1.17.02.43
    gentoo linux *
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007