| Vulnerability Name: | CVE-2006-6172 (CCN-30716) | ||||||||||||
| Assigned: | 2006-11-26 | ||||||||||||
| Published: | 2006-11-26 | ||||||||||||
| Updated: | 2011-03-08 | ||||||||||||
| Summary: | Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-6172 Source: CCN Type: SA23218 xine-lib libreal and libmms Buffer Overflow Vulnerabilities Source: SECUNIA Type: UNKNOWN 23218 Source: SECUNIA Type: UNKNOWN 23242 Source: SECUNIA Type: UNKNOWN 23249 Source: SECUNIA Type: UNKNOWN 23301 Source: SECUNIA Type: UNKNOWN 23335 Source: SECUNIA Type: UNKNOWN 23512 Source: SECUNIA Type: UNKNOWN 23567 Source: CCN Type: SA24336 MPlayer RTSP Stream Buffer Overflow Vulnerability Source: SECUNIA Type: UNKNOWN 24336 Source: SECUNIA Type: UNKNOWN 24339 Source: SECUNIA Type: UNKNOWN 25555 Source: GENTOO Type: UNKNOWN GLSA-200612-02 Source: GENTOO Type: UNKNOWN GLSA-200702-11 Source: SLACKWARE Type: UNKNOWN SSA:2006-357-05 Source: CONFIRM Type: UNKNOWN http://sourceforge.net/project/shownotes.php?release_id=468432 Source: DEBIAN Type: UNKNOWN DSA-1244 Source: DEBIAN Type: DSA-1244 xine-lib -- buffer overflow Source: CCN Type: GLSA-200612-02 xine-lib: Buffer overflow Source: CCN Type: GLSA-200702-11 MPlayer: Buffer overflow Source: MANDRIVA Type: UNKNOWN MDKSA-2006:224 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:112 Source: CONFIRM Type: UNKNOWN http://www.mplayerhq.hu/design7/news.html#vuln14 Source: MISC Type: UNKNOWN http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff Source: SUSE Type: UNKNOWN SUSE-SR:2006:028 Source: CCN Type: OSVDB ID: 30774 xine-lib asmrp_eval Overflow Source: CCN Type: OSVDB ID: 33815 MPlayer RTSP Stream Handler asmrp_eval Function Overflow Source: BID Type: UNKNOWN 21435 Source: CCN Type: BID-21435 Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability Source: CCN Type: USN-392-1 xine-lib vulnerability Source: UBUNTU Type: UNKNOWN USN-392-1 Source: VUPEN Type: UNKNOWN ADV-2006-4824 Source: CCN Type: Xine-lib Web site xine-lib Source: XF Type: UNKNOWN xinelib-asm-bo(30716) Source: CCN Type: SourceForge.net: Detail: 1603458 Probably buffer overrun exploit in Real Media input plugin Source: MISC Type: Exploit, Patch, Vendor Advisory https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655 Source: SUSE Type: SUSE-SR:2006:028 SUSE Security Summary Report | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||