ID CVE-2006-4197
Summary Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.
References
Vulnerable Configurations
  • cpe:2.3:a:musicbrainz:libmusicbrainz:2.1.2
    cpe:2.3:a:musicbrainz:libmusicbrainz:2.1.2
  • cpe:2.3:a:musicbrainz:libmusicbrainz_svn:8406
    cpe:2.3:a:musicbrainz:libmusicbrainz_svn:8406
CVSS
Base: 7.5 (as of 17-08-2006 - 18:21)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Libmusicbrainz 2.0.2/2.1.x Multiple Buffer Overflow Vulnerabilities. CVE-2006-4197. Dos exploit for linux platform
id EDB-ID:28384
last seen 2016-02-03
modified 2006-08-14
published 2006-08-14
reporter Luigi Auriemma
source https://www.exploit-db.com/download/28384/
title Libmusicbrainz 2.0.2/2.1.x - Multiple Buffer Overflow Vulnerabilities
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-363-1.NASL
    description Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz. When a user made queries to MusicBrainz servers, it was possible for malicious servers, or man-in-the-middle systems posing as servers, to send a crafted reply to the client request and remotely gain access to the user's system with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27943
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27943
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : libmusicbrainz-2.0, libmusicbrainz-2.1 vulnerability (USN-363-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200610-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200610-09 (libmusicbrainz: Multiple buffer overflows) Luigi Auriemma reported a possible buffer overflow in the MBHttp::Download function of lib/http.cpp as well as several possible buffer overflows in lib/rdfparse.c. Impact : A remote attacker could be able to execute arbitrary code or cause Denial of Service by making use of an overly long 'Location' header in an HTTP redirect message from a malicious server or a long URL in malicious RDF feeds. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22920
    published 2006-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22920
    title GLSA-200610-09 : libmusicbrainz: Multiple buffer overflows
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-157.NASL
    description Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. The updated packages have been patched to correct this issue. Update : Packages are now available for Mandriva Linux 2007.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23901
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23901
    title Mandrake Linux Security Advisory : musicbrainz (MDKSA-2006:157-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1162.NASL
    description Luigi Auriemma discovered several buffer overflows in libmusicbrainz, a CD index library, that allow remote attackers to cause a denial of service or execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22704
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22704
    title Debian DSA-1162-1 : libmusicbrainz-2.0 - buffer overflows
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBMUSICBRAINZ-2042.NASL
    description This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. (CVE-2006-4197)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29505
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29505
    title SuSE 10 Security Update : libmusicbrainz (ZYPP Patch Number 2042)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBMUSICBRAINZ-2044.NASL
    description This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. (CVE-2006-4197)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27327
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27327
    title openSUSE 10 Security Update : libmusicbrainz (libmusicbrainz-2044)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_ED124F8C82A211DBB46B0012F06707F0.NASL
    description SecurityFocus reports about libmusicbrainz : The libmusicbrainz library is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer. An attacker can exploit these issues to execute arbitrary code within the context of the application or to cause a denial-of-service condition.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 23761
    published 2006-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23761
    title FreeBSD : libmusicbrainz -- multiple buffer overflow vulnerabilities (ed124f8c-82a2-11db-b46b-0012f06707f0)
refmap via4
bid 19508
bugtraq
  • 20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2
  • 20060830 rPSA-2006-0161-1 libmusicbrainz
confirm https://issues.rpath.com/browse/RPL-610
debian DSA-1162
gentoo GLSA-200610-09
mandriva MDKSA-2006:157
misc http://aluigi.altervista.org/adv/brainzbof-adv.txt
sectrack 1016691
secunia
  • 21404
  • 21668
  • 21699
  • 22191
  • 22393
  • 22517
  • 22639
sreason 1399
suse SUSE-SR:2006:025
ubuntu USN-363-1
xf
  • libmusicbrainz-mbhttpdownload-bo(28367)
  • libmusicbrainz-rdfparse-bo(28368)
Last major update 19-02-2017 - 00:13
Published 17-08-2006 - 17:04
Last modified 17-10-2018 - 17:33
Back to Top