Gentoo Archives: gentoo-announce

From: Robert Buchholz <rbu@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200907-07 ] ModPlug: User-assisted execution of arbitrary code
Date: Sun, 12 Jul 2009 17:54:20
Message-Id: 200907121940.40314.rbu@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200907-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: ModPlug: User-assisted execution of arbitrary code
9 Date: July 12, 2009
10 Bugs: #266913
11 ID: 200907-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 ModPlug contains several buffer overflows that could lead to the
19 execution of arbitrary code.
20
21 Background
22 ==========
23
24 ModPlug is a library for playing MOD-like music.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 media-libs/libmodplug < 0.8.7 >= 0.8.7
33 2 media-libs/gst-plugins-bad < 0.10.11 >= 0.10.11
34 -------------------------------------------------------------------
35 2 affected packages on all of their supported architectures.
36 -------------------------------------------------------------------
37
38 Description
39 ===========
40
41 Two vulnerabilities have been reported in ModPlug:
42
43 * dummy reported an integer overflow in the CSoundFile::ReadMed()
44 function when processing a MED file with a crafted song comment or
45 song name, which triggers a heap-based buffer overflow
46 (CVE-2009-1438).
47
48 * Manfred Tremmel and Stanislav Brabec reported a buffer overflow in
49 the PATinst() function when processing a long instrument name
50 (CVE-2009-1513).
51
52 The GStreamer Bad plug-ins (gst-plugins-bad) before 0.10.11 built a
53 vulnerable copy of ModPlug.
54
55 Impact
56 ======
57
58 A remote attacker could entice a user to read specially crafted files,
59 possibly resulting in the execution of arbitrary code with the
60 privileges of the user running the application.
61
62 Workaround
63 ==========
64
65 There is no known workaround at this time.
66
67 Resolution
68 ==========
69
70 All ModPlug users should upgrade to the latest version:
71
72 # emerge --sync
73 # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8.7"
74
75 gst-plugins-bad 0.10.11 and later versions do not include the ModPlug
76 plug-in (it has been moved to media-plugins/gst-plugins-modplug). All
77 gst-plugins-bad users should upgrade to the latest version and install
78 media-plugins/gst-plugins-modplug:
79
80 # emerge --sync
81 # emerge --ask --oneshot -v ">=media-libs/gst-plugins-bad-0.10.11"
82 # emerge --ask --verbose "media-plugins/gst-plugins-modplug"
83
84 References
85 ==========
86
87 [ 1 ] CVE-2009-1438
88 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1438
89 [ 2 ] CVE-2009-1513
90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1513
91
92 Availability
93 ============
94
95 This GLSA and any updates to it are available for viewing at
96 the Gentoo Security Website:
97
98 http://security.gentoo.org/glsa/glsa-200907-07.xml
99
100 Concerns?
101 =========
102
103 Security is a primary focus of Gentoo Linux and ensuring the
104 confidentiality and security of our users machines is of utmost
105 importance to us. Any security concerns should be addressed to
106 security@g.o or alternatively, you may file a bug at
107 http://bugs.gentoo.org.
108
109 License
110 =======
111
112 Copyright 2009 Gentoo Foundation, Inc; referenced text
113 belongs to its owner(s).
114
115 The contents of this document are licensed under the
116 Creative Commons - Attribution / Share Alike license.
117
118 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature