Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1034

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1034
Last Modified 05 Sep 2008 04:40:09
Published 01 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1034

Summary

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

Vulnerable Systems

Operating System

  • Gentoo Linux

Application

  • Gxine 0.3

  • Kaffeine Player 0.4.2

  • Kaffeine Player 0.4.3

  • Kaffeine Player 0.4.3b

  • Kaffeine Player 0.5 Rc1


References

BID - 11528

XF - kaffeine-ram-bo(17849)

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1060299&group_id=9655&atid=109655

GENTOO - GLSA-200411-14

SECUNIA - 13117

FULLDISC - 20041025 Kaffeine Media Player Conteny Type overflow


Last Updated: 27 May 2016 10:38:52