Vulnerability Bulletins |
Desbordamiento de búfer en libsndfile |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | libsndfile <= 1.0.17 |
Description |
|
|
Se ha encontrado una vulnerabilidad del tipo desbordamiento de búfer en libsndfile 1.0.17 y todas sus anteriores. La vulnerabilidad reside en un error no especificado. Un atacante remoto podría ejecutar código arbitrario mediante un fichero FLAC con información PCM especialmente diseñada que contenga un bloque con un tamaño que exceda el tamaño del bloque anterior. |
|
Solution |
|
|
Actualización de software Mandriva (MDKSA-2007:191) Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libsndfile-progs-1.0.17-2.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libsndfile1-1.0.17-2.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libsndfile1-devel-1.0.17-2.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libsndfile1-static-devel-1.0.17-2.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/libsndfile-1.0.17-2.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64sndfile1-1.0.17-2.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64sndfile1-devel-1.0.17-2.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64sndfile1-static-devel-1.0.17-2.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/libsndfile-progs-1.0.17-2.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/libsndfile-1.0.17-2.1mdv2007.0.src.rpm Mandriva Linux 2007.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libsndfile-progs-1.0.17-5.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libsndfile1-1.0.17-5.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libsndfile1-devel-1.0.17-5.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libsndfile1-static-devel-1.0.17-5.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/libsndfile-1.0.17-5.1mdv2007.1.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64sndfile1-1.0.17-5.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64sndfile1-devel-1.0.17-5.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64sndfile1-static-devel-1.0.17-5.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/libsndfile-progs-1.0.17-5.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/libsndfile-1.0.17-5.1mdv2007.1.src.rpm Debian (DSA 1442-2) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16.orig.tar.gz http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2.diff.gz http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2.dsc alpha http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_alpha.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_alpha.deb http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_alpha.deb amd64 http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_amd64.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_amd64.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_amd64.deb arm http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_arm.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_arm.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_arm.deb hppa http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_hppa.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_hppa.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_hppa.deb i386 http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_i386.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_i386.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_i386.deb ia64 http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_ia64.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_ia64.deb http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_ia64.deb mips http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_mips.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_mips.deb http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_mips.deb mipsel http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_mipsel.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_mipsel.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_mipsel.deb powerpc http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_powerpc.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_powerpc.deb http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_powerpc.deb s390 http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_s390.deb http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_s390.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_s390.deb sparc http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_sparc.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_sparc.deb http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-4974 |
| BID | 25758 |
Other resources |
|
|
Mandriva Security Advisory (MDKSA-2007:191) http://www.mandriva.com/security/advisories?name=MDKSA-2007:191 Debian Security Advisory (DSA 1442-2) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00225.html SUSE Security Advisory (SUSE-SR:2008:001) http://www.novell.com/linux/security/advisories/suse_security_announce_62.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-10-03 |
| 1.1 | Aviso emitido por Debian (DSA 1442-2) | 2008-01-03 |
| 1.2 | Aviso emitido por Suse (SUSE-SR:2008:001) | 2008-01-23 |