NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-0051

Summary	Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.
Publication Date	April 5, 2006, 7:04 p.m.
Registration Date	Jan. 29, 2021, 3:29 p.m.
Last Update	Oct. 20, 2018, 12:42 a.m.

CVSS2.0 : MEDIUM
Score	5.1
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	はい
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:kaffeine:kaffeine_player:0.4.2:::::::*
cpe:2.3:a:kaffeine:kaffeine_player:0.4.3:::::::*
cpe:2.3:a:kaffeine:kaffeine_player:0.4.3b:::::::*
cpe:2.3:a:kaffeine:kaffeine_player:0.5_rc1:::::::*
cpe:2.3:a:kaffeine:kaffeine_player:0.7.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/19525	SECUNIA	Patch Vendor Advisory
2	http://secunia.com/advisories/19540	SECUNIA
3	http://secunia.com/advisories/19542	SECUNIA
4	http://secunia.com/advisories/19549	SECUNIA
5	http://secunia.com/advisories/19557	SECUNIA
6	http://secunia.com/advisories/19571	SECUNIA
7	http://securitytracker.com/id?1015863	SECTRACK
8	http://www.debian.org/security/2006/dsa-1023	DEBIAN
9	http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml	GENTOO
10	http://www.kde.org/info/security/advisory-20060404-1.txt	CONFIRM	Patch Vendor Advisory
11	http://www.mandriva.com/security/advisories?name=MDKSA-2006:065	MANDRIVA
12	http://www.novell.com/linux/security/advisories/2006_08_sr.html	SUSE
13	http://www.securityfocus.com/archive/1/430319/100/0/threaded	BUGTRAQ
14	http://www.securityfocus.com/bid/17372	BID
15	http://www.vupen.com/english/advisories/2006/1229	VUPEN
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/25631	XF
17	https://usn.ubuntu.com/268-1/	UBUNTU

Common Vulnerabilities List

JVN Vulnerability Information

Kaffeine Player におけるバッファオーバーフローの脆弱性

Title	Kaffeine Player におけるバッファオーバーフローの脆弱性
Summary	Kaffeine Player には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	攻撃者により、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	April 5, 2006, midnight
Registration Date	March 11, 2014, 5:43 p.m.
Last Update	March 11, 2014, 5:43 p.m.

Affected System

kaffeine

kaffeine player 0.4.2 から 0.7.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-0051	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0051
National Vulnerability Database (NVD)
2	CVE-2006-0051	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0051

ベンダー情報

No	Name	URL
関連リンク
1	advisory-20060404-1.txt	http://www.kde.org/info/security/advisory-20060404-1.txt
2	SA19525	http://secunia.com/advisories/19525

Change Log

No	Changed Details	Date of change
0	[2014年03月11日] 掲載	Feb. 17, 2018, 10:37 a.m.