Vulnerability Bulletins |
Múltiples desbordamientos de búfer en AlsaPlayer |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Denegación de Servicio |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | AlsaPlayer < 0.99.76 |
Description |
|
|
Se han descubierto múltiples vulnerabilidades de tipo desbordamiento de búfer en AlsaPlayer 0.99.76 y anteriores. La vulnerabilidad reside en errores en el manejo de un campo "Location" enviado por el servidor Web, que lanza un desbordamiento en la función "reconnect" en "reader/http/http.c"; una URL enviada por un servidor Web cuando AlsaPlayer está buscando un fichero multimedia para la lista de reproducción, que lanza un desbordamiento en "new_list_item" y "CbUpdated" en "interface/gtk/PlaylistWindow.cpp"; y una respuesta enviada por un servidor CDDB, que lanza un desbordamiento en "cddb_lookup" en "input/ccda/cdda_engine.c". Un atacante remoto podría causar una denegación de servicio o tener otro impacto desconocido. |
|
Solution |
|
|
Actualización de software Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1.dsc http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1.diff.gz http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_alpha.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_amd64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_amd64.deb ARM http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_arm.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_arm.deb HP Precision http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_hppa.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_i386.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_ia64.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_m68k.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_mips.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_mipsel.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_powerpc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_s390.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_sparc.deb http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-4089 |
| BID | 19450 |
Other resources |
|
|
SUSE Security Advisory (SUSE-SR:2006:021) http://www.novell.com/linux/security/advisories/2006_21_sr.html Debian Security Advisory DSA 1179-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00272.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-09-04 |
| 1.1 | Aviso emitido por Debian (DSA 1179-1) | 2006-09-29 |