CVE-2006-0051

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-0051 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Dirk Mueller.
The original article can be found at: http://www.kde.org/info/security/advisory-20060404-1.txt

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-0051

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Kaffeine version 0.4.2 and above
* Kaffeine version 0.7.1 and prior

Immune Systems:
* Kaffeine version 0.8.0

Kaffeine can produce a buffer overflow in http_peek() while creating HTTP request headers for fetching remote playlists, which under certain circumstances could be used to crash the application and/or execute arbitrary code.

Vendor Status:
The vendor has issued a fix:
Patch for Kaffeine 0.7.x is available from ftp://ftp.kde.org/pub/kde/security_patches :
45cdf59fc1d9d94b045915e9583187d8 kaffeine-0.7.x-CVE-2006-0051.patch

Patch for Kaffeine 0.5.x is available from ftp://ftp.kde.org/pub/kde/security_patches :
86109b6919cc2984f85dc6a463627c50 kaffeine-0.5.x-CVE-2006-0051.patch

Patch for Kaffeine 0.4.x is available from ftp://ftp.kde.org/pub/kde/security_patches :
feb69d70388b0a4745b29a644a3f7779 kaffeine-0.4.x-CVE-2006-0051.patch

CVE Information:
CVE-2006-0051

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus