Gentoo Bug 245649 - media-libs/libcdaudio <0.99.12-1: remotely exploitable buffer overflow (CVE-2008-5030)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	245649
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Stefan Behte <craig@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 245649 depends on:			Show dependency tree
Bug 245649 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-11-05 12:14 0000

I'm unsure about the versions, got this one from Thomas Biege @ oss-sec:

--- src/cddb.c
+++ src/cddb.c
@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct disc_data
*outdata)
free(file);

while(!feof(cddb_data)) {
- fgets(inbuffer, 512, cddb_data);
+ fgets(inbuffer, 256, cddb_data);
cddb_process_line(inbuffer, data);
}

I checked that: we've got a vulnerable version in our tree.

------- Comment #1 From Peter Alfredsen 2008-11-05 13:13:36 0000 -------

InCVS as libcdaudio-0.99.12-r1

------- Comment #2 From Christian Hoffmann 2008-11-05 13:49:13 0000 -------

Arches, please test and mark stable
  =media-libs/libcdaudio-0.99.12-r1
Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

I'm re-rating this as B2 as it most likely requires user interaction (i.e. the
user has to open a malicious URL or file)

------- Comment #3 From Brent Baude 2008-11-06 02:52:57 0000 -------

ppc64 done

------- Comment #4 From Jeroen Roovers 2008-11-06 12:03:10 0000 -------

Stable for HPPA.

------- Comment #5 From Markus Meier 2008-11-08 12:58:54 0000 -------

amd64/x86 stable

------- Comment #6 From Markus Meier 2008-11-08 13:00:12 0000 -------

btw please note:

dodoc: ChangLog does not exist
>>> Completed installing libcdaudio-0.99.12-r1 into /var/tmp/portage/media-libs/libcdaudio-0.99.12-r1/image/

------- Comment #7 From Raúl Porcel 2008-11-08 17:15:31 0000 -------

alpha/arm/ia64/sparc stable

------- Comment #8 From Tobias Scherbaum 2008-11-15 18:41:46 0000 -------

ppc stable

------- Comment #9 From Robert Buchholz 2008-11-27 11:54:08 0000 -------

CVE-2008-5030 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5030):
  Heap-based buffer overflow in the cddb_read_disc_data function in
  cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute
  arbitrary code via long CDDB data.

------- Comment #10 From Pierre-Yves Rofes 2009-03-17 21:33:22 0000 -------

GLSA 200903-31

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 245649

media-libs/libcdaudio <0.99.12-1: remotely exploitable buffer overflow (CVE-2008-5030)

Last modified: 2009-03-17 21:33:22 0000