CVE-2006-0051 - OpenCVE

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kaffeine	Kaffeine Player

Configuration 1 [-]

OR	cpe:2.3:a:kaffeine:kaffeine_player:0.4.2:::::::*
	cpe:2.3:a:kaffeine:kaffeine_player:0.4.3:::::::*
	cpe:2.3:a:kaffeine:kaffeine_player:0.4.3b:::::::*
	cpe:2.3:a:kaffeine:kaffeine_player:0.5_rc1:::::::*
	cpe:2.3:a:kaffeine:kaffeine_player:0.7.1:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/19525
http://secunia.com/advisories/19540
http://secunia.com/advisories/19542
http://secunia.com/advisories/19549
http://secunia.com/advisories/19557
http://secunia.com/advisories/19571
http://securitytracker.com/id?1015863
http://www.debian.org/security/2006/dsa-1023
http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml
http://www.kde.org/info/security/advisory-20060404-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:065
http://www.novell.com/linux/security/advisories/2006_08_sr.html
http://www.securityfocus.com/archive/1/430319/100/0/threaded
http://www.securityfocus.com/bid/17372
http://www.vupen.com/english/advisories/2006/1229
https://exchange.xforce.ibmcloud.com/vulnerabilities/25631
https://usn.ubuntu.com/268-1/

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2006-04-05T10:00:00

Updated: 2024-08-07T16:18:20.701Z

Reserved: 2005-12-28T00:00:00

Link: CVE-2006-0051

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-05T10:04:00.000

Modified: 2018-10-19T15:42:17.463

Link: CVE-2006-0051

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is \"fetching remote playlists\", which triggers the overflow in the http_peek function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "USN-268-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/268-1/"}, {"name": "ADV-2006-1229", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1229"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20060404-1.txt"}, {"name": "19557", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19557"}, {"name": "17372", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17372"}, {"name": "MDKSA-2006:065", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:065"}, {"name": "DSA-1023", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1023"}, {"name": "1015863", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015863"}, {"name": "kaffeine-http-peek-bo(25631)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25631"}, {"name": "GLSA-200604-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml"}, {"name": "SUSE-SR:2006:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"}, {"name": "19549", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19549"}, {"name": "19542", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19542"}, {"name": "19525", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19525"}, {"name": "19540", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19540"}, {"name": "20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/430319/100/0/threaded"}, {"name": "19571", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19571"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2006-0051", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is \"fetching remote playlists\", which triggers the overflow in the http_peek function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-268-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/268-1/"}, {"name": "ADV-2006-1229", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1229"}, {"name": "http://www.kde.org/info/security/advisory-20060404-1.txt", "refsource": "CONFIRM", "url": "http://www.kde.org/info/security/advisory-20060404-1.txt"}, {"name": "19557", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19557"}, {"name": "17372", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17372"}, {"name": "MDKSA-2006:065", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:065"}, {"name": "DSA-1023", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1023"}, {"name": "1015863", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015863"}, {"name": "kaffeine-http-peek-bo(25631)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25631"}, {"name": "GLSA-200604-04", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml"}, {"name": "SUSE-SR:2006:008", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"}, {"name": "19549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19549"}, {"name": "19542", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19542"}, {"name": "19525", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19525"}, {"name": "19540", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19540"}, {"name": "20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/430319/100/0/threaded"}, {"name": "19571", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19571"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.701Z"}, "title": "CVE Program Container", "references": [{"name": "USN-268-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/268-1/"}, {"name": "ADV-2006-1229", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1229"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kde.org/info/security/advisory-20060404-1.txt"}, {"name": "19557", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19557"}, {"name": "17372", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17372"}, {"name": "MDKSA-2006:065", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:065"}, {"name": "DSA-1023", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1023"}, {"name": "1015863", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015863"}, {"name": "kaffeine-http-peek-bo(25631)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25631"}, {"name": "GLSA-200604-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml"}, {"name": "SUSE-SR:2006:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"}, {"name": "19549", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19549"}, {"name": "19542", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19542"}, {"name": "19525", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19525"}, {"name": "19540", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19540"}, {"name": "20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/430319/100/0/threaded"}, {"name": "19571", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19571"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2006-0051", "datePublished": "2006-04-05T10:00:00", "dateReserved": "2005-12-28T00:00:00", "dateUpdated": "2024-08-07T16:18:20.701Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaffeine:kaffeine_player:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "789E99F5-9047-4B97-9F5D-0A83A5B2C264", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaffeine:kaffeine_player:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "C6AEDC59-1392-45A6-A498-07061345ED1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaffeine:kaffeine_player:0.4.3b:*:*:*:*:*:*:*", "matchCriteriaId": "650E1BFF-C301-43FA-B6A0-FF14CFBC6E07", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaffeine:kaffeine_player:0.5_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "E4D173DD-913A-4A32-B687-B4E2F7BBEB32", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaffeine:kaffeine_player:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "79CBD359-6818-444C-A0DD-212B21832640", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is \"fetching remote playlists\", which triggers the overflow in the http_peek function."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en playlistimport.cpp en Kaffein Player 0.4.2 a 0.7.1 permite a atacantes con implicaci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante peticiones HTTP largas cuando Kaffeine est\u00e1 \"obteniendo listas de reproducci\u00f3n remotas\", lo que que dispara un desbordamiento de b\u00fafer en la funci\u00f3n http_peek.\r\n"}], "id": "CVE-2006-0051", "lastModified": "2018-10-19T15:42:17.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-04-05T10:04:00.000", "references": [{"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19525"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/19540"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/19542"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/19549"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/19557"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/19571"}, {"source": "security@debian.org", "url": "http://securitytracker.com/id?1015863"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2006/dsa-1023"}, {"source": "security@debian.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.kde.org/info/security/advisory-20060404-1.txt"}, {"source": "security@debian.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:065"}, {"source": "security@debian.org", "url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/archive/1/430319/100/0/threaded"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/17372"}, {"source": "security@debian.org", "url": "http://www.vupen.com/english/advisories/2006/1229"}, {"source": "security@debian.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25631"}, {"source": "security@debian.org", "url": "https://usn.ubuntu.com/268-1/"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}