漏洞信息详情
AlsaPlayer多个缓冲区溢出漏洞
- CNNVD编号:CNNVD-200608-185
- 危害等级: 中危
- CVE编号: CVE-2006-4089
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-08-11
- 威胁类型: 远程
- 更新时间: 2006-08-14
- 厂 商: andy_lo-a-foe
- 漏洞来源: Luigi Auriemma is ...
漏洞简介
Andy Lo-A-Foe AlsaPlayer 0.99.76及早期版本存在多个缓冲区溢出漏洞,远程攻击者可借助以下向量触发拒绝服务攻击(应用程序崩溃),也可能存在未知影响:(1) 网络服务器发送的一个超长Location字段,会在reader/http/http.c程序的reconnect函数中引发溢出错误;(2) 在AlsaPlayer寻找播放列表的媒体文件时,一个网络服务器发送的超长URL,会在interface/gtk/PlaylistWindow.cpp程序的new_list_item函数和CbUpdated函数中引发溢出错误;以及(3) CDDB服务器发送的一个超长响应,会在input/ccda/cdda_engine.c程序的cddb_lookup函数中引发溢出错误。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Alsaplayer Alsaplayer 0.99.76
Debian alsaplayer-alsa_0.99.76-0.3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_amd64.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_arm.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_hppa.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_i386.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_ia64.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_m68k.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_mips.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_mipsel.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_powerpc.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_s390.deb
Debian alsaplayer-alsa_0.99.76-0.3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-a lsa_0.99.76-0.3sarge1_sparc.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_amd64.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_arm.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_hppa.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_i386.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_ia64.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_m68k.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_mips.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_mipsel.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.3sarge1_powerpc.deb
Debian alsaplayer-common_0.99.76-0.3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-c ommon_0.99.76-0.
参考网址
来源: BID
名称: 19450
链接:http://www.securityfocus.com/bid/19450
来源: BUGTRAQ
名称: 20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76
链接:http://www.securityfocus.com/archive/1/archive/1/442725/100/0/threaded
来源: XF
名称: alsaplayer-cddblookup-bo(28308)
链接:http://xforce.iss.net/xforce/xfdb/28308
来源: XF
名称: alsaplayer-gtkplaylist-bo(28307)
链接:http://xforce.iss.net/xforce/xfdb/28307
来源: XF
名称: alsaplayer-reconnect-bo(28306)
链接:http://xforce.iss.net/xforce/xfdb/28306
来源: OSVDB
名称: 27885
链接:http://www.osvdb.org/27885
来源: OSVDB
名称: 27884
链接:http://www.osvdb.org/27884
来源: OSVDB
名称: 27883
链接:http://www.osvdb.org/27883
来源: SUSE
名称: SUSE-SR:2006:021
链接:http://www.novell.com/linux/security/advisories/2006_21_sr.HTML
来源: VUPEN
名称: ADV-2006-3235
链接:http://www.frsirt.com/english/advisories/2006/3235
来源: DEBIAN
名称: DSA-1179
链接:http://www.debian.org/security/2006/dsa-1179
来源: SREASON
名称: 1356
链接:http://securityreason.com/securityalert/1356
来源: GENTOO
名称: GLSA-200608-24
链接:http://security.gentoo.org/glsa/glsa-200608-24.xml
来源: SECUNIA
名称: 22018
链接:http://secunia.com/advisories/22018
来源: SECUNIA
名称: 21749
链接:http://secunia.com/advisories/21749
来源: SECUNIA
名称: 21639
链接:http://secunia.com/advisories/21639
来源: SECUNIA
名称: 21422
链接:http://secunia.com/advisories/21422
来源: FULLDISC
名称: 20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.HTML
来源: MISC
链接:http://aluigi.altervista.org/adv/alsapbof-adv.txt
受影响实体
- Andy_lo-A-Foe Alsaplayer:0.99.76
补丁
暂无
评论