Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-0406

Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2007-0406 (Candidate) is related to these bugs:

Bug #87874: overflow with long HOME environment variable

		In	Importance	Status
87874	overflow with long HOME environment variable	gxine (Ubuntu)	Undecided	Invalid
87874	overflow with long HOME environment variable	gxine (Ubuntu Dapper)	Low	Invalid
87874	overflow with long HOME environment variable	gxine (Ubuntu Edgy)	Low	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://xinehq.de/index...
OSVDB: 38320
OSVDB: 38321
VUPEN: ADV-2007-0259
CONFIRM: http://sourceforge.net...
XF: gxine-serversetup-serv...