CVE-2007-6631 - Vulnerability Details - OpenCVE

Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow in handle_rtsp_pkt in rtsp_handlers.c; long headers that trigger overflows in (2) send_pause_request, (3) send_play_request, (4) send_setup_request, or (5) send_teardown_request in rtsp_send.c, as demonstrated by the Content-Base header; or a long Transport header, which triggers an overflow in (6) get_transport_str_sctp, (7) get_transport_str_tcp, or (8) get_transport_str_udp in rtsp_transport.c.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lscube	Libnemesi

Configuration 1 [-]

cpe:2.3:a:lscube:libnemesi:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/libnemesibof-adv.txt
http://aluigi.org/poc/libnemesibof.zip
http://osvdb.org/42820
http://osvdb.org/42821
http://osvdb.org/42822
http://securityreason.com/securityalert/3513
http://www.securityfocus.com/archive/1/485575/100/0/threaded
http://www.securityfocus.com/bid/27048
http://www.vupen.com/english/advisories/2008/0010
https://nvd.nist.gov/vuln/detail/CVE-2007-6631
https://www.cve.org/CVERecord?id=CVE-2007-6631

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-04T00:00:00

Updated: 2024-08-07T16:11:06.180Z

Reserved: 2008-01-03T00:00:00

Link: CVE-2007-6631

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-01-04T00:46:00.000

Modified: 2024-11-21T00:40:38.570

Link: CVE-2007-6631

Redhat

Severity : Critical

Publid Date: 2007-12-27T00:00:00Z

Links: CVE-2007-6631 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow in handle_rtsp_pkt in rtsp_handlers.c; long headers that trigger overflows in (2) send_pause_request, (3) send_play_request, (4) send_setup_request, or (5) send_teardown_request in rtsp_send.c, as demonstrated by the Content-Base header; or a long Transport header, which triggers an overflow in (6) get_transport_str_sctp, (7) get_transport_str_tcp, or (8) get_transport_str_udp in rtsp_transport.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "42820", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42820"}, {"name": "20071227 Multiple vulnerabilities in libnemesi 0.6.4-rc1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485575/100/0/threaded"}, {"name": "3513", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3513"}, {"name": "42822", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42822"}, {"name": "ADV-2008-0010", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0010"}, {"name": "27048", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27048"}, {"name": "42821", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42821"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/libnemesibof-adv.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.org/poc/libnemesibof.zip"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6631", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow in handle_rtsp_pkt in rtsp_handlers.c; long headers that trigger overflows in (2) send_pause_request, (3) send_play_request, (4) send_setup_request, or (5) send_teardown_request in rtsp_send.c, as demonstrated by the Content-Base header; or a long Transport header, which triggers an overflow in (6) get_transport_str_sctp, (7) get_transport_str_tcp, or (8) get_transport_str_udp in rtsp_transport.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "42820", "refsource": "OSVDB", "url": "http://osvdb.org/42820"}, {"name": "20071227 Multiple vulnerabilities in libnemesi 0.6.4-rc1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485575/100/0/threaded"}, {"name": "3513", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3513"}, {"name": "42822", "refsource": "OSVDB", "url": "http://osvdb.org/42822"}, {"name": "ADV-2008-0010", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0010"}, {"name": "27048", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27048"}, {"name": "42821", "refsource": "OSVDB", "url": "http://osvdb.org/42821"}, {"name": "http://aluigi.altervista.org/adv/libnemesibof-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/libnemesibof-adv.txt"}, {"name": "http://aluigi.org/poc/libnemesibof.zip", "refsource": "MISC", "url": "http://aluigi.org/poc/libnemesibof.zip"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:11:06.180Z"}, "title": "CVE Program Container", "references": [{"name": "42820", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42820"}, {"name": "20071227 Multiple vulnerabilities in libnemesi 0.6.4-rc1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485575/100/0/threaded"}, {"name": "3513", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3513"}, {"name": "42822", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42822"}, {"name": "ADV-2008-0010", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0010"}, {"name": "27048", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27048"}, {"name": "42821", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42821"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/libnemesibof-adv.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.org/poc/libnemesibof.zip"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6631", "datePublished": "2008-01-04T00:00:00", "dateReserved": "2008-01-03T00:00:00", "dateUpdated": "2024-08-07T16:11:06.180Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lscube:libnemesi:*:*:*:*:*:*:*:*", "matchCriteriaId": "7183514D-E44D-4932-8CCF-87C03F036FBF", "versionEndIncluding": "0.6.4-rc1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow in handle_rtsp_pkt in rtsp_handlers.c; long headers that trigger overflows in (2) send_pause_request, (3) send_play_request, (4) send_setup_request, or (5) send_teardown_request in rtsp_send.c, as demonstrated by the Content-Base header; or a long Transport header, which triggers an overflow in (6) get_transport_str_sctp, (7) get_transport_str_tcp, or (8) get_transport_str_udp in rtsp_transport.c."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en LScube libnemesi 0.6.4-rc1 y versiones anteriores permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) una respuesta que comienza con una cadena de versi\u00f3n larga, lo cual dispara un desbordamiento en handle_rtsp_pkt de rtsp_handlers.c; cabeceras largas que disparan desbordamientos en (2) send_pause_request, (3) send_play_request, (4) send_setup_request, \u00f3 (5) send_teardown_request de rtsp_send.c, como se demuestra con la cabecera Content-Base; \u00f3 una cabecera Transport larga, que dispara un desbordamiento en (6) get_transport_str_sctp, (7) get_transport_str_tcp, \u00f3 (8) get_transport_str_udp de rtsp_transport.c."}], "id": "CVE-2007-6631", "lastModified": "2024-11-21T00:40:38.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-04T00:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://aluigi.altervista.org/adv/libnemesibof-adv.txt"}, {"source": "cve@mitre.org", "url": "http://aluigi.org/poc/libnemesibof.zip"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/42820"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/42821"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/42822"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3513"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485575/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/27048"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.altervista.org/adv/libnemesibof-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.org/poc/libnemesibof.zip"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/42820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/42821"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/42822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3513"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485575/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/27048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0010"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}