Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2892

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2892
Last Modified 23 May 2014 12:08:17
Published 22 Apr 2014 10:23:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2892

Summary

Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.

Vulnerable Systems

Application

  • Libmms Project Libmms 0.6

  • Libmms Project Libmms 0.6.1

  • Libmms Project Libmms 0.6.2

  • Libmms Project Libmms 0.6.3


References

XF - libmms-getanswer-bo(92640)

BID - 66933

MLIST - [oss-security] 20140418 Re: libmms heap-based buffer overflow fix

CONFIRM - http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog

CONFIRM - http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8

SECUNIA - 57875

DEBIAN - DSA-2916

SUSE - openSUSE-SU-2014:0590


Last Updated: 27 May 2016 11:05:04