245649 – (CVE-2008-5030) media-libs/libcdaudio <0.99.12-1: remotely exploitable buffer overflow (CVE-2008-5030)

Bug 245649 (CVE-2008-5030) - media-libs/libcdaudio <0.99.12-1: remotely exploitable buffer overflow (CVE-2008-5030)

Summary: media-libs/libcdaudio <0.99.12-1: remotely exploitable buffer overflow (CVE-2...

Status:	RESOLVED FIXED

Alias:	CVE-2008-5030

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa]
Keywords:	STABLEREQ

Depends on:
Blocks:

Reported:	2008-11-05 12:14 UTC by Stefan Behte (RETIRED)
Modified:	2009-03-17 21:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2008-11-05 12:14:06 UTC

I'm unsure about the versions, got this one from Thomas Biege @ oss-sec:

--- src/cddb.c
+++ src/cddb.c
@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct disc_data
*outdata)
free(file);

while(!feof(cddb_data)) {
- fgets(inbuffer, 512, cddb_data);
+ fgets(inbuffer, 256, cddb_data);
cddb_process_line(inbuffer, data);
}

I checked that: we've got a vulnerable version in our tree.

Comment 1 Peter Alfredsen (RETIRED) gentoo-dev

2008-11-05 13:13:36 UTC

InCVS as libcdaudio-0.99.12-r1

Comment 2 Christian Hoffmann (RETIRED) gentoo-dev

2008-11-05 13:49:13 UTC

Arches, please test and mark stable
  =media-libs/libcdaudio-0.99.12-r1
Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

I'm re-rating this as B2 as it most likely requires user interaction (i.e. the user has to open a malicious URL or file)

Comment 3 Brent Baude (RETIRED) gentoo-dev

2008-11-06 02:52:57 UTC

ppc64 done

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2008-11-06 12:03:10 UTC

Stable for HPPA.

Comment 5 Markus Meier gentoo-dev

2008-11-08 12:58:54 UTC

amd64/x86 stable

Comment 6 Markus Meier gentoo-dev

2008-11-08 13:00:12 UTC

btw please note:

dodoc: ChangLog does not exist
>>> Completed installing libcdaudio-0.99.12-r1 into /var/tmp/portage/media-libs/libcdaudio-0.99.12-r1/image/

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2008-11-08 17:15:31 UTC

alpha/arm/ia64/sparc stable

Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev

2008-11-15 18:41:46 UTC

ppc stable

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2008-11-27 11:54:08 UTC

CVE-2008-5030 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5030):
  Heap-based buffer overflow in the cddb_read_disc_data function in
  cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute
  arbitrary code via long CDDB data.

Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-03-17 21:33:22 UTC

GLSA 200903-31