CVE-2006-2200
CVSS5.1
发布时间 :2006-06-27 21:45:00
修订时间 :2011-08-02 00:00:00
NMCOPS    

[原文]Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.


[CNNVD]MiMMS 媒体流处理 远程栈溢出漏洞(CNNVD-200606-511)

        MiMMS是一款使用MMS协议下载并保存流媒体的程序。
        MiMMS在处理畸形的数据时,远程攻击者可能利用此漏洞在用用户机器上执行任意指令。
        MiMMS的get_header()和get_media_packet函数在从服务器读取数据时存在栈溢出漏洞。如果用户受骗连接到了恶意的服务器的话,就会触发这个漏洞,导致执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:mimms:mimms:0.0.9
cpe:/a:xine:xine-lib:1.1.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2200
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-511
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/2487
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2487
http://www.ubuntu.com/usn/usn-315-1
(UNKNOWN)  UBUNTU  USN-315-1
http://www.ubuntu.com/usn/usn-309-1
(UNKNOWN)  UBUNTU  USN-309-1
http://www.securityfocus.com/bid/18608
(UNKNOWN)  BID  18608
http://www.mandriva.com/security/advisories?name=MDKSA-2006:121
(UNKNOWN)  MANDRIVA  MDKSA-2006:121
http://www.mandriva.com/security/advisories?name=MDKSA-2006:117
(UNKNOWN)  MANDRIVA  MDKSA-2006:117
http://sourceforge.net/project/shownotes.php?release_id=468432
(UNKNOWN)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=468432
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842
(UNKNOWN)  SLACKWARE  SSA:2006-357-05
http://security.gentoo.org/glsa/glsa-200607-07.xml
(UNKNOWN)  GENTOO  GLSA-200607-07
http://secunia.com/advisories/23512
(VENDOR_ADVISORY)  SECUNIA  23512
http://secunia.com/advisories/23218
(VENDOR_ADVISORY)  SECUNIA  23218
http://secunia.com/advisories/21139
(VENDOR_ADVISORY)  SECUNIA  21139
http://secunia.com/advisories/21036
(VENDOR_ADVISORY)  SECUNIA  21036
http://secunia.com/advisories/21023
(VENDOR_ADVISORY)  SECUNIA  21023
http://secunia.com/advisories/20964
(VENDOR_ADVISORY)  SECUNIA  20964
http://secunia.com/advisories/20948
(VENDOR_ADVISORY)  SECUNIA  20948
http://secunia.com/advisories/20749
(VENDOR_ADVISORY)  SECUNIA  20749
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577
(UNKNOWN)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577

- 漏洞信息

MiMMS 媒体流处理 远程栈溢出漏洞
中危 缓冲区溢出
2006-06-27 00:00:00 2006-07-25 00:00:00
远程  
        MiMMS是一款使用MMS协议下载并保存流媒体的程序。
        MiMMS在处理畸形的数据时,远程攻击者可能利用此漏洞在用用户机器上执行任意指令。
        MiMMS的get_header()和get_media_packet函数在从服务器读取数据时存在栈溢出漏洞。如果用户受骗连接到了恶意的服务器的话,就会触发这个漏洞,导致执行任意代码。

- 公告与补丁

        目前厂商已经发布了相关补丁,请到厂商的主页下载:
        Slackware Linux 11.0
        Slackware xine-lib-1.1.3-i686-1_slack11.0.tgz
        11.0:
        ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ xine-lib-1.1.3-i686-1_slack11.0.tgz
        MiMMS mimms 0.0.9
        Ubuntu libmms-dev_0.1-0ubuntu1.1_amd64.deb
        Ubuntu 5.10:
        http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1 -0ubuntu1.1_amd64.deb
        Ubuntu libmms-dev_0.1-0ubuntu1.1_i386.deb
        Ubuntu 5.10:
        http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1 -0ubuntu1.1_i386.deb
        Ubuntu libmms-dev_0.1-0ubuntu1.1_sparc.deb
        Ubuntu 5.10:
        http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1 -0ubuntu1.1_sparc.deb
        Ubuntu libmms0_0.1-0ubuntu1.1_amd64.deb
        Ubuntu 5.10:
        http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0u buntu1.1_amd64.deb
        Ubuntu libmms0_0.1-0ubuntu1.1_powerpc.deb
        Ubuntu 5.10:
        http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0u buntu1.1_powerpc.deb
        Ubuntu libmms0_0.1-0ubuntu1.1_sparc.deb
        Ubuntu 5.10:
        http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0u buntu1.1_sparc.deb
        Slackware Linux 10.0
        Slackware xine-lib-1.1.3-i686-1_slack10.0.tgz
        Slackware 10.0:
        ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ xine-lib-1.1.3-i686-1_slack10.0.tgz
        Slackware Linux 10.1
        Slackware xine-lib-1.1.3-i686-1_slack10.1.tgz
        Slackware 10.1:
        ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ xine-lib-1.1.3-i686-1_slack10.1.tgz
        Slackware Linux 10.2
        Slackware xine-lib-1.1.3-i686-1_slack10.2.tgz
        Slackware 10.2:
        ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ xine-lib-1.1.3-i686-1_slack10.2.tgz
        Slackware Linux 9.1
        Slackware xine-lib-1.1.3-i686-1_slack9.1.tgz
        Slackware 9.1:
        ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/x ine-lib-1.1.3-i686-1_slack9.1.tgz
        

- 漏洞信息 (F48237)

Mandriva Linux Security Advisory 2006.121 (PacketStormID:F48237)
2006-07-13 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service,overflow,arbitrary
linux,mandriva
CVE-2006-2200
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-121 - A stack-based buffer overflow in MiMMS version 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Xine-lib contains an embedded copy of the same vulnerable code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:121
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : July 12, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause 
 a denial of service (application crash) and possibly execute arbitrary code 
 via the (1) send_command, (2) string_utf16, (3) get_data, and (4) 
 get_media_packet functions, and possibly other functions. Xine-lib contains
 an embedded copy of the same vulnerable code. 
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 34c23d8a858d2a2687297e25618c7b04  2006.0/RPMS/libxine1-1.1.0-9.6.20060mdk.i586.rpm
 57f9a069b8fc968a12ce24605390c1f1  2006.0/RPMS/libxine1-devel-1.1.0-9.6.20060mdk.i586.rpm
 7c2652ce586d087793536649d7da6966  2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.i586.rpm
 37eff9bda8595acfbaf80e0998db1c9e  2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.i586.rpm
 e5672e6558978051f6878dea6ba961b5  2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.i586.rpm
 6527706516fb99a53f82d2c8c4b2e5f8  2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.i586.rpm
 10d172825fdd5dd2dd92dfafd5d60e23  2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.i586.rpm
 87b9a38b877b67f0ac0ee4f58ed50983  2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.i586.rpm
 8656ea92b3fca51e2fad861ea963b14d  2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.i586.rpm
 6a538ee35d785dfc7ea64a03c20060da  2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.i586.rpm
 9defa64950f2feebab9dda16d35523cb  2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.i586.rpm
 d207307cb338b46edd703797b693ea24  2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.i586.rpm
 4dc1623162c6092eb10c755ed2c5366a  2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8798915891b79ac134565f8ede0653b1  x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.6.20060mdk.x86_64.rpm
 dcd2eb828f921b04206124835eeada8e  x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.6.20060mdk.x86_64.rpm
 a933644c1c56d642a5d576cb217d0356  x86_64/2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.x86_64.rpm
 238d8526e618dff3aa31e223c14ce432  x86_64/2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.x86_64.rpm
 d9f0269ae701936ce27b6515e5c73ac1  x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.x86_64.rpm
 4683507048ec6535c2c5f63997ec719d  x86_64/2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.x86_64.rpm
 bc649ad82f11c8422f1e9fb711dd4803  x86_64/2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.x86_64.rpm
 52fe1d4ddeeea6ec91a776ccacf5df19  x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.x86_64.rpm
 348cc9ecf59e378b3d1c6aa12a35f9b9  x86_64/2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.x86_64.rpm
 d2f2300e0bd4e4e210bbfae485c07624  x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.x86_64.rpm
 afca19bc708fc5964c19fff3a2d16286  x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.x86_64.rpm
 ba7c60488a4459066ba4ed08046ce48c  x86_64/2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.x86_64.rpm
 4dc1623162c6092eb10c755ed2c5366a  x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm

 Corporate 3.0:
 1390c15ca893041af1076e6a02d14f47  corporate/3.0/RPMS/libxine1-1-0.rc3.6.12.C30mdk.i586.rpm
 ecc53b859629edd48ef27b477332889e  corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.12.C30mdk.i586.rpm
 a4d85795d05266793fa61ba6bc986aa6  corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.i586.rpm
 4dd4249d6b1911501ddcfa1ef36470af  corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.i586.rpm
 c9a3f82dad17f32a6ab6c0b1926c52c1  corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.12.C30mdk.i586.rpm
 c40b65dd7cde826b8bfa5fb5720d15ed  corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.i586.rpm
 2a257f092fe4b304be7e358230aa0361  corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.i586.rpm
 b04b482c8693272f7ead71ac3ce91e7f  corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.i586.rpm
 ae63549d198004056aacacee5b2ccbef  corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.i586.rpm
 d8fe8f9dff1190413e81e82e67762462  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 aad2ac9345e05d900910b8beade5ff21  x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.12.C30mdk.x86_64.rpm
 b9540819f0250a2924297ce0388f6202  x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.12.C30mdk.x86_64.rpm
 53cc9dc911be64bf8764d76262df4a44  x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.x86_64.rpm
 280b7a7ceb168225d30eb97e95f45fb6  x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.x86_64.rpm
 4e3811096df50e37e6b10f3eedafb0be  x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.x86_64.rpm
 e1e703b0f81edc6399225c6652049519  x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.x86_64.rpm
 14ce60de521e86ae7755c74a3c845d73  x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.x86_64.rpm
 f95f6a3222ef533ea13637cd8d9ff737  x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.x86_64.rpm
 d8fe8f9dff1190413e81e82e67762462  x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEtTcXmqjQ0CJFipgRAqSMAKCgYu5Rj5uiU1ZXdDurg4O8HjMRoACcDF4O
gECJMRGglbqZVCVnyNwn7NA=
=E8fg
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48090)

Mandriva Linux Security Advisory 2006.117 (PacketStormID:F48090)
2006-07-09 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service,overflow,arbitrary
linux,mandriva
CVE-2006-2200
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-117 - Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Libmms uses the same vulnerable code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:117
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libmms
 Date    : July 6, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause 
 a denial of service (application crash) and possibly execute arbitrary code 
 via the (1) send_command, (2) string_utf16, (3) get_data, and (4) 
 get_media_packet functions, and possibly other functions. Libmms uses the
 same vulnerable code. 
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 f1de59d4e17d078de50a6d0d2516a242  2006.0/RPMS/libmms0-0.1-1.1.20060mdk.i586.rpm
 6d813df73edfb2668ca8cd5e709a8baa  2006.0/RPMS/libmms0-devel-0.1-1.1.20060mdk.i586.rpm
 ea8211070adfa9bb74d3824d0cc1768c  2006.0/SRPMS/libmms-0.1-1.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 80fd5e12af39a8143eaa08176d2d75b3  x86_64/2006.0/RPMS/lib64mms0-0.1-1.1.20060mdk.x86_64.rpm
 4a7d9ed61fd2c31f94590a2690105e79  x86_64/2006.0/RPMS/lib64mms0-devel-0.1-1.1.20060mdk.x86_64.rpm
 ea8211070adfa9bb74d3824d0cc1768c  x86_64/2006.0/SRPMS/libmms-0.1-1.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFErXsNmqjQ0CJFipgRAkrCAJ4uHTdHB0TenfFF2Un5vqzKXJF63wCg6QUb
y0/AGPz/XdApPgyeqwZVK4A=
=Lsqh
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48076)

Ubuntu Security Notice 309-1 (PacketStormID:F48076)
2006-07-09 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,overflow,arbitrary
linux,ubuntu
CVE-2006-2200
[点击下载]

Ubuntu Security Notice 309-1: Several buffer overflows were found in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could overwrite an arbitrary memory portion with zeros, thereby crashing the program.

=========================================================== 
Ubuntu Security Notice USN-309-1              July 05, 2006
libmms vulnerability
CVE-2006-2200
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libmms0                        0.1-0ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Several buffer overflows were found in libmms. By tricking a user into
opening a specially crafted remote multimedia stream with an
application using libmms, a remote attacker could overwrite an
arbitrary memory portion with zeros, thereby crashing the program.

In Ubuntu 5.10, this affects the GStreamer MMS plugin
(gstreamer0.8-mms). Other Ubuntu releases do not support this library.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1-0ubuntu1.1.diff.gz
      Size/MD5:     4933 76da674c4ce46f604acb09b473f72f1d
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1-0ubuntu1.1.dsc
      Size/MD5:      607 3f7b2613ed4bda8a5d943141aa85d2d5
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1.orig.tar.gz
      Size/MD5:   317089 ebd88537af9875265e41ee65603ecd1a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.1_amd64.deb
      Size/MD5:    19656 5f4757ce0808238ce09df147b0a16251
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.1_amd64.deb
      Size/MD5:    16042 bd2e57f384bad19a121b3d93c6ff7ec8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.1_i386.deb
      Size/MD5:    18078 30ea92c953e77a62cea90060c5ffe195
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.1_i386.deb
      Size/MD5:    14840 645668e9bf1b15cd3e7993bc8e66c6bd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.1_powerpc.deb
      Size/MD5:    20206 ee2b12725fcaaaae1f2eb94a4fbf6e10
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.1_powerpc.deb
      Size/MD5:    17700 013e1564d0aa094eddf28ae0723e264b

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.1_sparc.deb
      Size/MD5:    19894 b0e5d23a750dad2a0e2fa528e4ba9e02
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.1_sparc.deb
      Size/MD5:    16176 3246a55286c83b1ff2b3a6fc47ee4241
    

- 漏洞信息

26767
MiMMS Media Stream Handling Multiple Function Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-06-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MiMMS Media Stream Handling Remote Buffer Overflow Vulnerability
Boundary Condition Error 18608
Yes No
2006-06-22 12:00:00 2007-01-25 04:29:00
Anon Sricharoenchai has been credited for the discovery of this vulnerability

- 受影响的程序版本

xine xine-lib 1.1
xine xine-lib 1.0.1
xine xine-lib 1.0
Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 11.0
Slackware Linux -current
MiMMS mimms 0.0.9
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian mimms 3.1

- 漏洞讨论

MiMMS Media Stream Handling is prone to a buffer-overflow vulnerability that is caused by passing excessive data that may overflow a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.

This issue may lead to a denial-of-service condition or to the execution of arbitrary code.

Version 0.0.9 of MiMMS Media Stream Handling is vulnerable to this issue; other versions may also be affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the references for vendor advisories and more information.


Slackware Linux 11.0

MiMMS mimms 0.0.9

Slackware Linux 10.0

Slackware Linux 10.1

Slackware Linux 10.2

Slackware Linux 9.1

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站