Bug 479833 - (CVE-2009-0179) CVE-2009-0179 mikmod: crash when loading XM files
CVE-2009-0179 mikmod: crash when loading XM files
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://bugs.debian.org/cgi-bin/bugrep...
reported=20090113,public=20080416,imp...
: Security
Depends On: 519992
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-13 09:15 EST by Jan Lieskovsky
Modified: 2010-07-22 12:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-22 12:36:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2009-01-13 09:15:54 EST
A denial of service flaw was found in the MikMod player, used for playing
MOD files. If an attacker would trick the mikmod user to load an XM file,
this could lead to denial of service (application crash).

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339

Patch:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=31.xm-header.patch;att=1;bug=476339
Comment 1 Jan Lieskovsky 2009-01-13 09:18:13 EST
This issue does NOT affect the versions of the mikmod package, as shipped
with Red Hat Enterprise Linux 2.1 and 3.

This issue affects the versions of the mikmod package, as shipped
with Red Hat Enterprise Linux 4 and 5.

This issue affects the versions of the libmikmod package, as shipped
with Fedora releases of 9, 10 and devel.

This issue does NOT affect the versions of the mikmod package, as shipped
with Fedora releases of 9, 10 and devel (the libmikmod part was extracted
to a separate 'libmikmod' package).
Comment 2 Jan Lieskovsky 2009-01-13 10:18:24 EST
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.  More information regarding
issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Comment 3 Tomas Hoger 2009-01-21 08:32:39 EST
CVE-2009-0179:
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file.
Comment 4 Vincent Danen 2009-08-27 17:34:57 EDT
This issue affects, and has not been corrected in, Fedora 10, 11, and rawhide:

~/cvs-scratch/fedora/libmikmod/F-11/libmikmod-3.2.0-beta2/ >% patch -p1 <~/31.xm-header.patch 
patching file loaders/load_xm.c
patching file playercode/mloader.c
Hunk #1 succeeded at 451 (offset 1 line).
Comment 6 Fedora Update System 2009-08-28 03:38:08 EDT
libmikmod-3.2.0-5.beta2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libmikmod-3.2.0-5.beta2.fc11
Comment 7 Fedora Update System 2009-08-28 03:39:10 EDT
libmikmod-3.2.0-4.beta2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libmikmod-3.2.0-4.beta2.fc10
Comment 8 Fedora Update System 2009-08-28 17:59:11 EDT
libmikmod-3.2.0-4.beta2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2009-08-28 18:01:38 EDT
libmikmod-3.2.0-5.beta2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Tomas Hoger 2010-07-22 12:36:28 EDT
Reading the patch, this is more of a bug than a security flaw.  The problem seems to be triggered by certain valid XM files that mikmod incorrectly recognizes as invalid (load_xm.c part of the patch).  Missing loading return value check in mloader.c can cause mikmod to choke as 'of' may be left in inconsistent state.  of.numsmp may be non-zero, but failure in LoadInstruments() will cause samples[] array allocation to be skipped, leading to NULL pointer dereference crash.

The patch is already included in Fedora packages.  There's not plan to backport a fix for this crash-only bug to mikmod packages in Red Hat Enterprise Linux 3, 4, and 5.

Note You need to log in before you can comment on or make changes to this bug.