Abrir sesión
logo

DEFENSA FRENTE A LAS CIBERAMENAZAS

barra-separadora

Boletines de Vulnerabilidades


Desbordamiento de búfer en PeerCast y SVN

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Obtener acceso
Dificultad Experto
Requerimientos del atacante Acceso remoto sin cuenta a un servicio estandar

Información sobre el sistema

Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado PeerCast <= 0.1217
SVN <= 344

Descripción

Se ha encontrado una vulnerabilidad de tipo desbordamiento de búfer en PeerCast, en la versión 0.1217 y anteriores, y en SVN, en la versión 344 y anteriores. La vulnerabilidad reside en un error en el archivo servhs.cpp en la función handshakeHTTP.

Un atacante remoto podría causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una petición SOURCE grande.

Solución



Actualización de software

Debian (DSA 1441-1)

Debian Linux 4.0
Source
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0.dsc
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314.orig.tar.gz
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0.diff.gz
Architecture independent
http://security.debian.org/pool/updates/main/p/peercast/peercast-handlers_0.1217.toots.20060314-1etch0_all.deb
alpha
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_alpha.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_alpha.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_alpha.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_alpha.deb
amd64
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_amd64.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_amd64.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_amd64.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_amd64.deb
arm
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_arm.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_arm.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_arm.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_arm.deb
hppa
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_hppa.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_hppa.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_hppa.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_hppa.deb
i386
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_i386.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_i386.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_i386.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_i386.deb
ia64
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_ia64.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_ia64.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_ia64.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_ia64.deb
mips
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_mips.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_mips.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_mips.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_mips.deb
mipsel
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_mipsel.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_mipsel.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_mipsel.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_mipsel.deb
powerpc
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_powerpc.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_powerpc.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_powerpc.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_powerpc.deb
s390
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_s390.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_s390.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_s390.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_s390.deb
sparc
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_sparc.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_sparc.deb
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_sparc.deb
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_sparc.deb

Debian (DSA-1583-1)

Debian Linux 4.0
Source
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0.dsc
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0.diff.gz
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4.orig.tar.gz
alpha (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_alpha.deb
amd64 (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_amd64.deb
hppa (HP PA RISC)
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_hppa.deb
i386 (Intel ia32)
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_i386.deb
ia64 (Intel ia64)
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_ia64.deb
mips (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_mips.deb
mipsel (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_mipsel.deb
powerpc (PowerPC)
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_powerpc.deb
s390 (IBM S/390)
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_s390.deb
sparc (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_sparc.deb

Identificadores estándar

Propiedad Valor
CVE CVE-2007-6454
BID 26899

Recursos adicionales

Debian Security Advisory (DSA 1441-1)
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00224.html

Debian Security Advisory (DSA-1583-1)
http://lists.debian.org/debian-security-announce/2008/msg00161.html

Histórico de versiones

Versión Comentario Fecha
1.0 Aviso emitido 2008-01-04
1.1 Aviso emitido por Debian (DSA-1583-1) 2008-05-21
Volver

Este sitio web utiliza cookies propias y de terceros para el correcto funcionamiento y visualización del sitio web por parte del usuario, así como la recogida de estadísticas. Si continúa navegando, consideramos que acepta su uso. Puede cambiar la configuración u obtener más información. Modificar configuración