Common Vulnerabilities and Exposures assigned an identifier CVE-2005-0706 to the following vulnerability: Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. References: http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714 http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714 http://www.securityfocus.com/bid/12770 http://xforce.iss.net/xforce/xfdb/19648
This issue was already fixed in grip as shipped in Red Hat Enterprise Linux 2.1: http://rhn.redhat.com/errata/RHSA-2005-304.html However, even though the patch is attached to grip's SF.net bug tracker, it does not seem to be included in current Fedora grip packages (based on upstream 3.2.0). Additionally, the same fix is needed for libcdaudio as well: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libcdaudio/files/libcdaudio-0.99-CAN-2005-0706.patch (The Gentoo's libcdaudio patch was the way how I came across this.)
Created attachment 322866 [details] Patch for grip from upstream bug http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714
Seems the patch got lost in Core/Extras merger. Somehow it has been only applied to the released branches. I will include it.
Created attachment 322871 [details] Local copy of Gentoo's libcdaudio-0.99-CAN-2005-0706.patch
grip-3.2.0-24.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/grip-3.2.0-24.fc10
grip-3.2.0-24.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/grip-3.2.0-24.fc9
grip-3.2.0-24.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/grip-3.2.0-24.fc8
This also affects gnome-vfs* in Red Hat Enterprise Linux prior to version 5.
The libcdaudio package as shipped with Fedora releases of 8, 9 and 10 (libcdaudio-0.99.12p2-8.fc7 and libcdaudio-0.99.12p2-9.fc9) and as shipped with Extra Packages for Enterprise Linux for RHEL4 and RHEL5 (libcdaudio-0.99.12p2-8.el{4,5.1}) are still vulnerable to the CVE-2005-0706 issue. Relevant part of the code (src/cddb.c -- please have a look at c#4 for the Gentoo's libcdaudio-0.99-CAN-2005-0706.patch): 1054 query->query_matches = 0; 1055 while(!cddb_read_line(sock, inbuffer, 256)) { 1056 slashed = 0; 1057 if(strchr(inbuffer, '/') != NULL && parse_disc_artist) { 1058 index = 0; Axel, could you please update the F{8,9,10} packages with this patch?
This issue affects the version of the gnome-vfs and gnome-vfs2 package, as shipped with Red Hat Enterprise Linux 2.1, 3 and 4. This issue does NOT affect the versions of the gnome-vfs2 package, as shipped with Red Hat Enterprise Linux 5 and Fedora relesases of 8, 9 and 10.
grip-3.2.0-24.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
grip-3.2.0-24.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
grip-3.2.0-24.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
libcdaudio-0.99.12p2-11.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/libcdaudio-0.99.12p2-11.fc9
libcdaudio-0.99.12p2-11.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libcdaudio-0.99.12p2-11.fc10
libcdaudio-0.99.12p2-11.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/libcdaudio-0.99.12p2-11.fc8
(In reply to comment #9) > Axel, could you please update the F{8,9,10} packages with this patch? The packages are submitted for the testing repo. If you consider this more urgent feel free to push directly into stable. Thanks.
libcdaudio-0.99.12p2-11.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
libcdaudio-0.99.12p2-11.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via: Red Hat Enterprise Linux version 2.1 (RHSA-2005:304) Red Hat Enterprise Linux version 2.1 (RHSA-2009:0005) Red Hat Enterprise Linux version 3 (RHSA-2009:0005) Red Hat Enterprise Linux version 4 (RHSA-2009:0005)