CVE-2007-0406

Name of the Vulnerable Software and Affected Versions gxine versions 0.5.9 and earlier

Description The issue is related to multiple buffer overflows in certain functions within gxine, specifically in the main function in client.c, and the server setup and server client connect functions in server.c. This can be exploited by local users via a long HOME environment variable, potentially leading to a denial of service (daemon crash) or privilege escalation.

Recommendations For gxine versions 0.5.9 and earlier, consider restricting the length of the HOME environment variable to prevent buffer overflows until a patch is available. As a temporary workaround, limiting the privileges of the gxine daemon may also help minimize the risk of exploitation.