Bug 488361 - (CVE-2009-0186) CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code
CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=important,source=fulldisclosur...
: Security
Depends On: 488362 488363 488364
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-03 16:50 EST by Vincent Danen
Modified: 2010-12-20 17:16 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-20 17:16:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
possible patch to fix CVE-2009-0186 (688 bytes, patch)
2009-03-03 17:07 EST, Vincent Danen
no flags Details | Diff

  None (edit)
Description Vincent Danen 2009-03-03 16:50:59 EST
Quoting Secunia's advisory:

Secunia Research has discovered a vulnerability in libsndfile, which
can be exploited by malicious people to compromise an application
using the library.

The vulnerability is caused due to an integer overflow error in the
processing of CAF description chunks. This can be exploited to cause
a heap-based buffer overflow by tricking the user into processing a
specially crafted CAF audio file.

Successful exploitation may allow execution of arbitrary code.

The original advisory can be found here:

http://secunia.com/secunia_research/2009-7/

Verification of the vulnerability was against 1.0.18; 1.0.19 corrects the problem
Comment 1 Vincent Danen 2009-03-03 16:51:31 EST
Created libsndfile tracking bugs for this issue

CVE-2009-0186 Affects: F10 [bug #488362]
CVE-2009-0186 Affects: F9 [bug #488363]
CVE-2009-0186 Affects: epel-5 [bug #488364]
Comment 2 Vincent Danen 2009-03-03 17:07:22 EST
Created attachment 333940 [details]
possible patch to fix CVE-2009-0186

Quick look in the changelog shows:

    * src/caf.c
    Validate channels per frame value before using, fixing a possible integer
    overflow bug, leading to a possible heap overflow. Found by Alin Rad Pop of
    Secunia Research (CVE-2009-0186).

and the patch attached contains the relevant changes that look like they would correct this issue.
Comment 3 Fedora Update System 2009-12-03 00:03:56 EST
libsndfile-1.0.20-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2009-12-03 00:06:53 EST
libsndfile-1.0.20-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Michel Alexandre Salim 2010-07-03 17:41:28 EDT
Odd, this bug should have been automatically closed. Could someone verify that the problem is fixed?
Comment 6 Vincent Danen 2010-07-05 11:22:20 EDT
There is still a tracker open against EPEL5, which does not look to be fixed.
Comment 7 Michel Alexandre Salim 2010-07-05 18:04:35 EDT
Thanks. I'll be requesting a fast-track decision to take over the package -- a security bug that only needs updating the EL-5 branch to fix is rather unacceptable.

Note You need to log in before you can comment on or make changes to this bug.