Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6626

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6626
Last Modified 07 Mar 2011 10:03:19
Published 03 Jan 2008 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6626

Summary

Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line of a response, as demonstrated by a long VER line; or (2) a long second line of a response, as demonstrated by a message that follows a RETURN line.

Vulnerable Systems

Application

  • Feng 0.1.15


References

VUPEN - ADV-2008-0011

BID - 27049

BUGTRAQ - 20071227 Multiple vulnerabilities in Feng 0.1.15

OSVDB - 40532

MISC - http://aluigi.org/poc/fengulo.zip

MISC - http://aluigi.altervista.org/adv/fengulo-adv.txt

SREASON - 3507

SECUNIA - 28229


Last Updated: 27 May 2016 10:46:33