Bug 470544 (CVE-2008-5030)
Summary: | CVE-2008-5030 libcdaudio: buffer overflow in cddb reply parsing | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | adrian, axel.thimm, karsten, manuel.wolfshant |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-11-11 08:49:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-11-07 16:28:17 UTC
This is mostly a heads-up bug report, as Fedora libcdaudio packages are not affected, as they have a patch for this flaw included for quite a long time. Unlike current upstream patch, instead of using shorter fgets, it mallocs more space (see libcdaudio-0.99.12-buffovfl.patch). http://cvs.fedoraproject.org/viewvc/rpms/libcdaudio/devel/libcdaudio-0.99.12-buffovfl.patch Seems to be included as of: * Tue Sep 13 2005 Axel Thimm <Axel.Thimm> - Patch to fix buffer overflow by Brian C. Huffman <huffman>. I also checked grip, which has CDDB code similar to libcdaudio. Version of grip as shipped in Red Hat Enterprise Linux 2.1 is not affected by this flaw, current grip version shipped in Fedora / EPEL does not seem to be affected by this either. CVE id CVE-2008-5030 was assigned to this issue: Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute arbitrary code via long CDDB data. libcdaudio packages shipped in Fedora already contain patch to address this issue. CDDB handling in gnome-vfs2 and grip is not affected by this flaw. |