Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3355

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3355
Last Modified 05 Sep 2008 05:06:53
Published 06 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3355

Summary

Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.

Vulnerable Systems

Application

  • Mpg123 Pre0.59s R11


References

GENTOO - GLSA-200607-01

SECUNIA - 20937

MISC - http://bugs.gentoo.org/show_bug.cgi?id=133988

BID - 18794


Last Updated: 27 May 2016 10:42:58