ID CVE-2006-6172
Summary Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
References
Vulnerable Configurations
  • cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:real_media_input_plugin:*:*:*:*:*:*:*:*
    cpe:2.3:a:xine:real_media_input_plugin:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-03-2011 - 02:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 21435
confirm
debian DSA-1244
gentoo
  • GLSA-200612-02
  • GLSA-200702-11
mandriva
  • MDKSA-2006:224
  • MDKSA-2007:112
misc
secunia
  • 23218
  • 23242
  • 23249
  • 23301
  • 23335
  • 23512
  • 23567
  • 24336
  • 24339
  • 25555
slackware SSA:2006-357-05
suse SUSE-SR:2006:028
ubuntu USN-392-1
vupen ADV-2006-4824
Last major update 08-03-2011 - 02:45
Published 30-11-2006 - 15:28
Last modified 08-03-2011 - 02:45
Back to Top