Dynamic Universal Music Bibliotheque DUMB 0.9.3 it_read_envelope memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Dynamic Universal Music Bibliotheque DUMB 0.9.3. It has been classified as critical. This issue affects the function it_read_envelope. Performing a manipulation results in memory corruption.
This vulnerability is known as CVE-2006-3668. Furthermore, an exploit is available.
Upgrading the affected component is recommended.
Details
A vulnerability classified as critical has been found in Dynamic Universal Music Bibliotheque DUMB 0.9.3. This affects the function it_read_envelope. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.
The bug was discovered 07/16/2006. The weakness was published 07/18/2006 by Luigi Auriemma (Website). The advisory is shared at xforce.iss.net. This vulnerability is uniquely identified as CVE-2006-3668 since 07/17/2006. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known.
A public exploit has been developed in ANSI C. The exploit is shared for download at securityfocus.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 22665 (Debian DSA-1123-1 : libdumb - buffer overflow), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context l.
Upgrading eliminates this vulnerability. A possible mitigation has been published 6 days after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (27789), Tenable (22665), SecurityFocus (BID 19025†), OSVDB (27340†) and Secunia (SA21092†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.0
VulDB Base Score: 10.0
VulDB Temp Score: 9.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 22665
Nessus Name: Debian DSA-1123-1 : libdumb - buffer overflow
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 57158
OpenVAS Name: Debian Security Advisory DSA 1123-1 (libdumb)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
06/26/2006 🔍07/16/2006 🔍
07/17/2006 🔍
07/17/2006 🔍
07/18/2006 🔍
07/18/2006 🔍
07/18/2006 🔍
07/24/2006 🔍
08/15/2006 🔍
10/14/2006 🔍
03/12/2015 🔍
06/24/2019 🔍
Sources
Advisory: xforce.iss.netResearcher: Luigi Auriemma
Status: Not defined
CVE: CVE-2006-3668 (🔍)
GCVE (CVE): GCVE-0-2006-3668
GCVE (VulDB): GCVE-100-31365
X-Force: 27789
SecurityFocus: 19025 - DUMB Impulse Tracker Files Remote Heap Buffer Overflow Vulnerability
Secunia: 21092 - DUMB "it_read_envelope()" Function Buffer Overflow, Moderately Critical
OSVDB: 27340 - CVE-2006-3668 - DUMB - Buffer Overflow Issue
Vulnerability Center: 12523 - Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and Earlier Remote Code Execution, Medium
Vupen: ADV-2006-2835
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/12/2015 14:25Updated: 06/24/2019 10:46
Changes: 03/12/2015 14:25 (78), 06/24/2019 10:46 (9)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.