CVE-2010-2971
published 2010-08-05CVE-2010-2971: loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows…
PriorityP338critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
3.69%
88.3th percentile
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libmikmod | < libmikmod 3.1.11-6.3 (bookworm) | libmikmod 3.1.11-6.3 (bookworm) |
| raphael_assenat | libmikmod | — | — |
| raphael_assenat | libmikmod | >= 0 < 3.1.11-6.3 | 3.1.11-6.3 |
| raphael_assenat | libmikmod | >= 0 < 3.1.11-6.3 | 3.1.11-6.3 |
| raphael_assenat | libmikmod | >= 0 < 3.1.11-6.3 | 3.1.11-6.3 |
| raphael_assenat | libmikmod | >= 0 < 3.1.11-6.3 | 3.1.11-6.3 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libMikMod vulnerabilities
vendor_ubuntu·2010-09-29·CVSS 4.3
CVE-2009-3995 [MEDIUM] libMikMod vulnerabilities
Title: libMikMod vulnerabilities
It was discovered that libMikMod incorrectly handled songs with different
channel counts. If a user were tricked into opening a crafted song file,
an attacker could cause a denial of service. (CVE-2007-6720)
It was discovered that libMikMod incorrectly handled certain malformed XM
files. If a user were tricked into opening a crafted XM file, an attacker
could cause a denial of service. (CVE-2009-0179)
It was discovered that libMikMod incorrectly handled certain malformed
Impulse Tracker files. If a user were tricked into opening a crafted
Impulse Tracker file, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)
It was discovered
Red Hat
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
vendor_redhat·2010-02-05·CVSS 9.3
CVE-2010-2971 [CRITICAL] libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Package: mikmod (Red Hat Enterprise Linux 4) - Affected
Package: mikmod (Red Hat Enterprise Linux 5) - Affected
Debian
CVE-2010-2971: libmikmod - loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for t...
vendor_debian·2010·CVSS 9.3
CVE-2010-2971 [CRITICAL] CVE-2010-2971: libmikmod - loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for t...
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Scope: local
bookworm: resolved (fixed in 3.1.11-6.3)
bullseye: resolved (fixed in 3.1.11-6.3)
forky: resolved (fixed in 3.1.11-6.3)
sid: resolved (fixed in 3.1.11-6.3)
trixie: resolved (fixed in 3.1.11-6.3)
GHSA
GHSA-7xx4-x85v-pc9j: loaders/load_it
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-2971 [CRITICAL] CWE-119 GHSA-7xx4-x85v-pc9j: loaders/load_it
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
OSV
CVE-2010-2971: loaders/load_it
osv·2010-08-05·CVSS 9.3
CVE-2010-2971 [CRITICAL] CVE-2010-2971: loaders/load_it
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Suricata
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-2971 [HIGH] ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid SELECT
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid SELECT"; flow:established,to_server; http.uri; content:"/getnewsitem.php?"; nocase; content:"newsid="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2007-2971; reference:url,www.milw0rm.com/exploits/3988; classtype:web-application-attack; sid:2004108; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
Suricata
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-2971 [HIGH] ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UNION SELECT
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UNION SELECT"; flow:established,to_server; http.uri; content:"/getnewsitem.php?"; nocase; content:"newsid="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-2971; reference:url,www.milw0rm.com/exploits/3988; classtype:web-application-attack; sid:2004109; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-2971 [HIGH] ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UPDATE
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UPDATE"; flow:established,to_server; http.uri; content:"/getnewsitem.php?"; nocase; content:"newsid="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2007-2971; reference:url,www.milw0rm.com/exploits/3988; classtype:web-application-attack; sid:2004113; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-2971 [HIGH] ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid ASCII
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid ASCII"; flow:established,to_server; http.uri; content:"/getnewsitem.php?"; nocase; content:"newsid="; nocase; content:"ASCII"; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-2971; reference:url,www.milw0rm.com/exploits/3988; classtype:web-application-attack; sid:2004112; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name
Suricata
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-2971 [HIGH] ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid DELETE
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid DELETE"; flow:established,to_server; http.uri; content:"/getnewsitem.php?"; nocase; content:"newsid="; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2007-2971; reference:url,www.milw0rm.com/exploits/3988; classtype:web-application-attack; sid:2004111; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
Suricata
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-2971 [HIGH] ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid INSERT
ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid INSERT"; flow:established,to_server; http.uri; content:"/getnewsitem.php?"; nocase; content:"newsid="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2007-2971; reference:url,www.milw0rm.com/exploits/3988; classtype:web-application-attack; sid:2004110; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
No public exploits indexed.
http://secunia.com/advisories/48244http://security.gentoo.org/glsa/glsa-201203-10.xmlhttp://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227http://www.debian.org/security/2010/dsa-2081http://www.mandriva.com/security/advisories?name=MDVSA-2010:151https://bugzilla.redhat.com/show_bug.cgi?id=614643http://secunia.com/advisories/48244http://security.gentoo.org/glsa/glsa-201203-10.xmlhttp://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227http://www.debian.org/security/2010/dsa-2081http://www.mandriva.com/security/advisories?name=MDVSA-2010:151https://bugzilla.redhat.com/show_bug.cgi?id=614643
2010-08-05
Published