| |||||||||||||||||||
MeeGo alert MeeGo-SA-10:29 (libmikmod)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:29.libmikmod Security Advisory MeeGo Project Topic: Arbitrary Code Execution via Crafted Tracker Files Category: Audio Module: libmikmod Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 5023 CVE: CVE-2009-3995, CVE-2010-2546, CVE-2010-2971 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background libmikmod is a library used by the mikmod MOD music file player for UNIX-like systems. Supported file formats include MOD, STM, S3M, MTM, XM, ULT and IT. II. Problem Description CVE-2009-3995: Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2971: loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism III. Impact CVE-2009-3995: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) CVE-2010-2546: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) CVE-2010-2971: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) IV. Workaround None V. Solution Update to package libmikmod-3.2.0-8.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=5023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://cwe.mitre.org/data/definitions/119.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (Darwin) iQEcBAEBAgAGBQJNN6j+AAoJEEsJm1wYvCMbsBoIAK1x6XHe4bOxhqM8R+bbSOLh pG2MpUorvY6kCMBPkG/Ea0HI02+XkDOi2iCYGBA12i1KCjPaXagZf0oylChO4HKV EsizX+hPx/wgiN0IPP+p4scT8wFjPVJj33Y4CWIN7OQlgNVzIgZyhFcj6hGmAJgR MoboACb6CAdLloarFFDNI5Mjxo2EE/Bmxjb/lNKKyEKrS/0PvcsPVkzzCR7Cr9Aq PLgI79W/sFHTfuAtjxCEhoZAb3w+oL9sHGXqvPCjAWsqTbI915UmpZEQO26OnI19 IhH3Nfs60g7o4eG3/v2+0SRBWSwlVMfU8IYhuSGkwmYQ3D2WjPKKNlgXtHNYn7w= =qLnM -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security (Log in to post comments)
|
|||||||||||||||||||