CVE-2007-6629 - Vulnerability Details - OpenCVE

Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Feng	Feng

Configuration 1 [-]

cpe:2.3:a:feng:feng:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/fengulo-adv.txt
http://aluigi.org/poc/fengulo.zip
http://osvdb.org/40537
http://secunia.com/advisories/28229
http://securityreason.com/securityalert/3507
http://www.securityfocus.com/archive/1/485574/100/0/threaded
http://www.securityfocus.com/bid/27049
http://www.vupen.com/english/advisories/2008/0011

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-04T00:00:00

Updated: 2024-08-07T16:11:06.094Z

Reserved: 2008-01-03T00:00:00

Link: CVE-2007-6629

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-01-04T00:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6629

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "40537", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40537"}, {"name": "20071227 Multiple vulnerabilities in Feng 0.1.15", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485574/100/0/threaded"}, {"name": "27049", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27049"}, {"name": "ADV-2008-0011", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0011"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.org/poc/fengulo.zip"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/fengulo-adv.txt"}, {"name": "3507", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3507"}, {"name": "28229", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28229"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6629", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "40537", "refsource": "OSVDB", "url": "http://osvdb.org/40537"}, {"name": "20071227 Multiple vulnerabilities in Feng 0.1.15", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485574/100/0/threaded"}, {"name": "27049", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27049"}, {"name": "ADV-2008-0011", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0011"}, {"name": "http://aluigi.org/poc/fengulo.zip", "refsource": "MISC", "url": "http://aluigi.org/poc/fengulo.zip"}, {"name": "http://aluigi.altervista.org/adv/fengulo-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/fengulo-adv.txt"}, {"name": "3507", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3507"}, {"name": "28229", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28229"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:11:06.094Z"}, "title": "CVE Program Container", "references": [{"name": "40537", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40537"}, {"name": "20071227 Multiple vulnerabilities in Feng 0.1.15", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485574/100/0/threaded"}, {"name": "27049", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27049"}, {"name": "ADV-2008-0011", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0011"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.org/poc/fengulo.zip"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/fengulo-adv.txt"}, {"name": "3507", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3507"}, {"name": "28229", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28229"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6629", "datePublished": "2008-01-04T00:00:00", "dateReserved": "2008-01-03T00:00:00", "dateUpdated": "2024-08-07T16:11:06.094Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:feng:feng:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B682043-086D-461F-ABFF-24D0A6B10F5E", "versionEndIncluding": "0.1.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line."}, {"lang": "es", "value": "Conflicto de interpretaci\u00f3n en LScube Feng 0.1.15 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (Referencia a Null y ca\u00edda de demonio) mediante la l\u00ednea de cabecera User-Agent que contiene un caracter retorno de carro, lo cual es considerado como un delimitador de l\u00ednea cuando la cabecera se fracciona en l\u00edneas individuales, pero no cuando log_user_agent de RTSP_utils.c analiza sit\u00e1cticamente del contenido de la l\u00ednea User-Agent."}], "id": "CVE-2007-6629", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-04T00:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/fengulo-adv.txt"}, {"source": "cve@mitre.org", "url": "http://aluigi.org/poc/fengulo.zip"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/40537"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28229"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3507"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485574/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/27049"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/fengulo-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.org/poc/fengulo.zip"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40537"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485574/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/27049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0011"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}