FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4197

This CVE name corresponds to:

Entered Topic
2006-12-02 libmusicbrainz -- multiple buffer overflow vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4197 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4197
Phase Assigned(20060817)

Description

Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.

References

Source Reference
BUGTRAQ 20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2
BUGTRAQ 20060830 rPSA-2006-0161-1 libmusicbrainz
MISC http://aluigi.altervista.org/adv/brainzbof-adv.txt
CONFIRM https://issues.rpath.com/browse/RPL-610
DEBIAN DSA-1162
GENTOO GLSA-200610-09
MANDRIVA MDKSA-2006:157
SUSE SUSE-SR:2006:025
UBUNTU USN-363-1
UBUNTU USN-363
BID 19508
SECTRACK 1016691
SECUNIA 21404
SECUNIA 21668
SECUNIA 21699
SECUNIA 22191
SECUNIA 22393
SECUNIA 22517
SECUNIA 22639
SREASON 1399
XF libmusicbrainz-mbhttpdownload-bo(28367)
XF libmusicbrainz-rdfparse-bo(28368)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.