CVE-2007-6631

Name of the Vulnerable Software and Affected Versions LScube libnemesi versions 0.6.4-rc1 and earlier

Description The issue allows remote attackers to execute arbitrary code due to multiple buffer overflows. This can be triggered by a reply that begins with a long version string, affecting the handle rtsp pkt function in rtsp handlers.c. Additionally, long headers can cause overflows in functions such as send pause request, send play request, send setup request, or send teardown request in rtsp send.c, for example, via the Content-Base header. A long Transport header can also trigger overflows in functions like get transport str sctp, get transport str tcp, or get transport str udp in rtsp transport.c.

Recommendations For LScube libnemesi versions 0.6.4-rc1 and earlier, consider disabling the handle rtsp pkt function in rtsp handlers.c, as well as the send pause request, send play request, send setup request, and send teardown request functions in rtsp send.c to prevent exploitation until a patch is available. Restrict access to the get transport str sctp, get transport str tcp, and get transport str udp functions in rtsp transport.c to minimize the risk. Avoid using long version strings, Content-Base headers, or Transport headers in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.