CVE-2006-6026 - OpenCVE

Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Realnetworks	Helix Dna Server Helix Mobile Server Helix Server

Configuration 1 [-]

OR	cpe:2.3:a:realnetworks:helix_dna_server:11.0:::::::*
	cpe:2.3:a:realnetworks:helix_dna_server:11.1:::::::*
	cpe:2.3:a:realnetworks:helix_mobile_server::::::::
	cpe:2.3:a:realnetworks:helix_server::::::::
	cpe:2.3:a:realnetworks:helix_server:11.0:::::::*
	cpe:2.3:a:realnetworks:helix_server:11.1:::::::*

No data.

References

Link	Providers
http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf
http://gleg.net/helix.txt
http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html
http://secunia.com/advisories/22944
http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml
http://www.attrition.org/pipermail/vim/2007-March/001459.html
http://www.attrition.org/pipermail/vim/2007-March/001468.html
http://www.securityfocus.com/archive/1/463333/100/0/threaded
http://www.securityfocus.com/bid/21141
http://www.securityfocus.com/bid/23068
http://www.vupen.com/english/advisories/2007/1056
https://www.exploit-db.com/exploits/3531

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-21T23:00:00

Updated: 2024-08-07T20:12:31.381Z

Reserved: 2006-11-21T00:00:00

Link: CVE-2006-6026

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-21T23:07:00.000

Modified: 2018-10-17T21:46:18.203

Link: CVE-2006-6026

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://gleg.net/helix.txt"}, {"name": "3531", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3531"}, {"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"}, {"name": "20070320 Helix Server heap overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"}, {"name": "23068", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23068"}, {"name": "21141", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21141"}, {"name": "22944", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22944"}, {"name": "ADV-2007-1056", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1056"}, {"name": "20070323 Helix Server LoadTestPassword Overflow", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"}, {"name": "20070324 Helix Server LoadTestPassword Overflow", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://gleg.net/helix.txt", "refsource": "MISC", "url": "http://gleg.net/helix.txt"}, {"name": "3531", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3531"}, {"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81", "refsource": "MLIST", "url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"}, {"name": "20070320 Helix Server heap overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"}, {"name": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml", "refsource": "MISC", "url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"}, {"name": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf", "refsource": "CONFIRM", "url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"}, {"name": "23068", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23068"}, {"name": "21141", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21141"}, {"name": "22944", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22944"}, {"name": "ADV-2007-1056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1056"}, {"name": "20070323 Helix Server LoadTestPassword Overflow", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"}, {"name": "20070324 Helix Server LoadTestPassword Overflow", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.381Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://gleg.net/helix.txt"}, {"name": "3531", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3531"}, {"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"}, {"name": "20070320 Helix Server heap overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"}, {"name": "23068", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23068"}, {"name": "21141", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21141"}, {"name": "22944", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22944"}, {"name": "ADV-2007-1056", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1056"}, {"name": "20070323 Helix Server LoadTestPassword Overflow", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"}, {"name": "20070324 Helix Server LoadTestPassword Overflow", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6026", "datePublished": "2006-11-21T23:00:00", "dateReserved": "2006-11-21T00:00:00", "dateUpdated": "2024-08-07T20:12:31.381Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DA85105-4EEB-408B-8F49-DB53CFA74B54", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C146CADF-9F82-41F6-9351-A5A9E283F4DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_mobile_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B0A7EC3-519D-45A1-95F2-3727455EE3FB", "versionEndIncluding": "11.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EADADE3-235F-4BBC-99AD-F72908E1EADF", "versionEndIncluding": "11.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A30A2490-21FC-4C0D-80A3-B89E6F58E93A", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "2954F6FF-357E-4E76-B135-DECDED4241B6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en Helix DNA Server 11.0 y 11.1 tiene impacto y vectores de ataque desconocidos, como ha sido demostrado por cierto m\u00f3dulo de VulnDisco Pack. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos \u00fanicamente de informaci\u00f3n de terceros. Desde el 18/11/2006, esta revelaci\u00f3n no tiene informaci\u00f3n accionable. Sin embargo, debido a que el autor de VulnDisco Pack es un investigador de confianza, a este asunto le ha sido asignado un identificador CVE con prop\u00f3sitos de seguimiento."}], "id": "CVE-2006-6026", "lastModified": "2018-10-17T21:46:18.203", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-21T23:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"}, {"source": "cve@mitre.org", "url": "http://gleg.net/helix.txt"}, {"source": "cve@mitre.org", "url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22944"}, {"source": "cve@mitre.org", "url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21141"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23068"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1056"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3531"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}