Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 255363 (CVE-2007-6720) - media-libs/libmikmod: DoS when loading multiple music files with varying channels (CVE-2007-6720,CVE-2009-0179)
Summary: media-libs/libmikmod: DoS when loading multiple music files with varying chan...
Status: RESOLVED FIXED
Alias: CVE-2007-6720
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard: B3 [noglsa]
Keywords:
: 190283 212852 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-01-18 10:45 UTC by Matti Bickel (RETIRED)
Modified: 2010-03-07 20:40 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matti Bickel (RETIRED) gentoo-dev 2009-01-18 10:45:28 UTC
From the debian bug by Brandon:

There is bug in mikmod that causes an app to segfault or abort when
loading multiple music files with varying number of channels. This is
the same bug that I reported, and fixed, almost a year ago in
SDL-mixer, which until recently used an internal version of a slightly
older libmikmod. Here is the (now archived) bug report:
http://bugs.debian.org/422021

Previously, I believed that the latest version of libmikmod, which
Debian uses, was unaffected by this bug. I had done some preliminary,
non-conclusive tests in this regard. I was wrong. Libmikmod is indeed
affected.
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2009-01-18 11:05:26 UTC
We can include the debian patch or wait for upstream it seems.

Can you confirm and provide an updated ebuild, sound herd?
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2009-01-18 11:19:19 UTC
You might also want to check bug #252950 .
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-23 21:46:12 UTC
CVE-2007-6720 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6720):
  libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
  possibly other products, relies on the channel count of the last
  loaded song, rather than the currently playing song, for certain
  playback calculations, which allows user-assisted attackers to cause
  a denial of service (application crash) by loading multiple songs
  (aka MOD files) with different numbers of channels.

CVE-2009-0179 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0179):
  libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
  products, allows user-assisted attackers to cause a denial of service
  (application crash) by loading an XM file.

Comment 4 Samuli Suominen (RETIRED) gentoo-dev 2009-07-19 20:31:11 UTC
*** Bug 190283 has been marked as a duplicate of this bug. ***
Comment 5 Samuli Suominen (RETIRED) gentoo-dev 2009-07-19 20:31:41 UTC
*** Bug 212852 has been marked as a duplicate of this bug. ***
Comment 6 Samuli Suominen (RETIRED) gentoo-dev 2010-01-03 18:01:22 UTC
The patches for these seem to be at,

http://cvs.fedoraproject.org/viewvc/rpms/libmikmod/devel/
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2010-01-03 18:19:54 UTC
*libmikmod-3.2.0_beta2-r1 (03 Jan 2010)

  03 Jan 2010; Samuli Suominen <ssuominen@gentoo.org>
  +libmikmod-3.2.0_beta2-r1.ebuild, +files/libmikmod-CVE-2007-6720.patch,
  +files/libmikmod-CVE-2009-0179.patch:
  Fix security bug #255363 (CVE-2007-6720 and CVE-2009-0179).

This can go stable.
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2010-01-03 22:14:23 UTC
x86 stable
Comment 9 Joe Jezak (RETIRED) gentoo-dev 2010-01-05 00:09:06 UTC
Marked ppc/ppc64 stable.
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2010-01-09 19:56:12 UTC
Stable for HPPA.
Comment 11 Tobias Klausmann (RETIRED) gentoo-dev 2010-01-16 10:00:38 UTC
Stable on alpha.
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2010-01-25 19:24:13 UTC
arm/ia64/sh/sparc stable
Comment 13 Markus Meier gentoo-dev 2010-01-31 00:19:35 UTC
amd64 stable, all arches done.
Comment 14 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-07 20:40:26 UTC
It's an application crash only: closing noglsa.
Feel free to reopen if you think this needs a GLSA.