Bug 470552 (CVE-2005-0706)
| Summary: | CVE-2005-0706 grip,libcdaudio: buffer overflow caused by large amount of CDDB replies | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | unspecified | CC: | adrian, jlieskov, karsten, kreilly, manuel.wolfshant, notting, tbzatek, vdanen | ||||||
| Target Milestone: | --- | Keywords: | Security | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0706 | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2010-12-22 02:15:40 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 150712, 471050, 471051, 471052, 471053 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
|
Description
Tomas Hoger
2008-11-07 16:45:39 UTC
This issue was already fixed in grip as shipped in Red Hat Enterprise Linux 2.1: http://rhn.redhat.com/errata/RHSA-2005-304.html However, even though the patch is attached to grip's SF.net bug tracker, it does not seem to be included in current Fedora grip packages (based on upstream 3.2.0). Additionally, the same fix is needed for libcdaudio as well: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libcdaudio/files/libcdaudio-0.99-CAN-2005-0706.patch (The Gentoo's libcdaudio patch was the way how I came across this.) Created attachment 322866 [details] Patch for grip from upstream bug http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714 Seems the patch got lost in Core/Extras merger. Somehow it has been only applied to the released branches. I will include it. Created attachment 322871 [details]
Local copy of Gentoo's libcdaudio-0.99-CAN-2005-0706.patch
grip-3.2.0-24.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/grip-3.2.0-24.fc10 grip-3.2.0-24.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/grip-3.2.0-24.fc9 grip-3.2.0-24.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/grip-3.2.0-24.fc8 This also affects gnome-vfs* in Red Hat Enterprise Linux prior to version 5. The libcdaudio package as shipped with Fedora releases of 8, 9 and 10
(libcdaudio-0.99.12p2-8.fc7 and libcdaudio-0.99.12p2-9.fc9)
and as shipped with Extra Packages for Enterprise Linux for RHEL4 and RHEL5 (libcdaudio-0.99.12p2-8.el{4,5.1}) are still vulnerable to the CVE-2005-0706
issue.
Relevant part of the code (src/cddb.c -- please have a look
at c#4 for the Gentoo's libcdaudio-0.99-CAN-2005-0706.patch):
1054 query->query_matches = 0;
1055 while(!cddb_read_line(sock, inbuffer, 256)) {
1056 slashed = 0;
1057 if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
1058 index = 0;
Axel, could you please update the F{8,9,10} packages with this patch?
This issue affects the version of the gnome-vfs and gnome-vfs2 package, as shipped with Red Hat Enterprise Linux 2.1, 3 and 4. This issue does NOT affect the versions of the gnome-vfs2 package, as shipped with Red Hat Enterprise Linux 5 and Fedora relesases of 8, 9 and 10. grip-3.2.0-24.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. grip-3.2.0-24.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. grip-3.2.0-24.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. libcdaudio-0.99.12p2-11.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/libcdaudio-0.99.12p2-11.fc9 libcdaudio-0.99.12p2-11.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libcdaudio-0.99.12p2-11.fc10 libcdaudio-0.99.12p2-11.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/libcdaudio-0.99.12p2-11.fc8 (In reply to comment #9) > Axel, could you please update the F{8,9,10} packages with this patch? The packages are submitted for the testing repo. If you consider this more urgent feel free to push directly into stable. Thanks. libcdaudio-0.99.12p2-11.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. libcdaudio-0.99.12p2-11.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. This was addressed via: Red Hat Enterprise Linux version 2.1 (RHSA-2005:304) Red Hat Enterprise Linux version 2.1 (RHSA-2009:0005) Red Hat Enterprise Linux version 3 (RHSA-2009:0005) Red Hat Enterprise Linux version 4 (RHSA-2009:0005) |