Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 202747 (CVE-2007-6454) - media-sound/peercast < 0.1218 "handshakeHTTP()" Buffer Overflow (CVE-2007-6454)
Summary: media-sound/peercast < 0.1218 "handshakeHTTP()" Buffer Overflow (CVE-2007-6454)
Status: RESOLVED FIXED
Alias: CVE-2007-6454
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/28120/
Whiteboard: B1 [glsa]
Keywords:
: 203083 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-12-19 03:12 UTC by Robert Buchholz (RETIRED)
Modified: 2008-03-24 19:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-19 03:12:41 UTC
Secunia:

Luigi Auriemma has reported a vulnerability in PeerCast, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "handshakeHTTP()" function. This can be exploited to cause a heap-based buffer overflow via a specially crafted "SOURCE" HTTP request.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-12-19 03:13:44 UTC
Sound, please advise.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-12-29 01:14:45 UTC
Sound, please bump this ebuild or apply patches.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-12-29 01:15:49 UTC
*** Bug 203083 has been marked as a duplicate of this bug. ***
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-01-10 22:37:30 UTC
*peercast-0.1218 (10 Jan 2008)

  10 Jan 2008; Robert Buchholz <rbu@gentoo.org> +peercast-0.1218.ebuild:
  Version bump for Security, fixing a Heap-based buffer overflow
  (CVE-2007-6454, bug #202747)

Arches, please test and mark stable media-sound/peercast-0.1218.
Target keywords : "amd64 x86"
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-01-10 22:39:07 UTC
amd64 stable ;-)
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2008-01-11 08:03:55 UTC
x86 stable, last one so update the whiteboard
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-01-11 08:22:28 UTC
(In reply to comment #6)
> x86 stable, last one so update the whiteboard
> 

thanks, request filed.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-03-24 19:49:58 UTC
GLSA 200801-22