Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: libcdaudio, buffer overflow of CDDB

November 2008 by Vigil@nce

SYNTHESIS

An attacker can create a malicious CDDB database in order to execute code on computer of victims reading this database from libcdaudio.

Gravity: 2/4

Consequences: user access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 13/11/2008

IMPACTED PRODUCTS
- Debian Linux
- Novell Linux Desktop
- Novell Open Enterprise Server
- OpenSUSE
- SuSE Linux
- SUSE LINUX Enterprise Server

DESCRIPTION

The libcdaudio library is used in several applications reading music cdroms.

The "cddb://" uris are used to download information about a cdrom, such as artist’s name.

However, if these information contain a long field, a buffer overflow occurs in libcdaudio.

An attacker can therefore create a malicious CDDB database in order to execute code on computer of victims reading this database from libcdaudio.

CHARACTERISTICS

Identifiers: CVE-2008-5030, DSA-1665-1, SUSE-SR:2008:024, VIGILANCE-VUL-8243

http://vigilance.fr/vulnerability/8243




See previous articles

    

See next articles