Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.

From Red Hat Security Advisory 2009:0005 :

Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others.

A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706)

Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running GNOME sessions must be restarted for the update to take effect.

A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706)

All running GNOME sessions must be restarted for the update to take effect.

This update fixes the following security problems :

  - The VFS scripts contained in GNOME are vulnerable to     attacks on temporary files as well as command execution     via shell meta-characters. These bugs can be exploited     by accessing a malformated archive file. (CVE-2004-0494)

  - Insufficient checks when processing CDDB queries could     lead to buffer and integer overflows. (CVE-2005-0706)

This update fixes a potential buffer overflow caused by large amount of CDDB replies (CVE-2005-0706).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Sun Nov 9 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-24

    - fixed 'buffer overflow caused by large amount of CDDB       replies' (#470552) (CVE-2005-0706)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030).

In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied.

The updated packages have been patched to prevent these issues.

securityfocus reports :

The 'libcdaudio' library is prone to a remote heap code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions.

A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches.

To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.

Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others.

A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706)

Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running GNOME sessions must be restarted for the update to take effect.

- Sun Nov 9 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-24

    - fixed 'buffer overflow caused by large amount of CDDB       replies' (#470552) (CVE-2005-0706)

  - Thu Oct 2 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-23

    - fixed 'German Umlauts are shown incorrectly' (#459394)       (not converting de.po and fr.po to UTF-8 anymore)

  - Sat Aug 23 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-22

    - updated to better 'execute command after encode' patch       from Stefan Becker

    - Sun Aug 10 2008 Adrian Reber <adrian at lisas.de> -       1:3.2.0-21

    - added 'execute command after encode' patch (#457186)

    - Sat Jul 26 2008 Adrian Reber <adrian at lisas.de> -       1:3.2.0-20

    - fixed 'Grip silently crahses on F8' (#456721)       (converted non UTF-8 .po files to UTF-8)

  - Tue Jun 10 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-19

    - removed now unnecessary cell-renderer patch

    - fixed 'default config creates ogg files with .mp3       extension' (#427017)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Sun Nov 9 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-24

    - fixed 'buffer overflow caused by large amount of CDDB       replies' (#470552) (CVE-2005-0706)

  - Thu Oct 2 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-23

    - fixed 'German Umlauts are shown incorrectly' (#459394)       (not converting de.po and fr.po to UTF-8 anymore)

  - Sat Aug 23 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-22

    - updated to better 'execute command after encode' patch       from Stefan Becker

    - Sun Aug 10 2008 Adrian Reber <adrian at lisas.de> -       1:3.2.0-21

    - added 'execute command after encode' patch (#457186)

    - Sat Jul 26 2008 Adrian Reber <adrian at lisas.de> -       1:3.2.0-20

    - fixed 'Grip silently crahses on F8' (#456721)       (converted non UTF-8 .po files to UTF-8)

  - Tue Jun 10 2008 Adrian Reber <adrian at lisas.de> -     1:3.2.0-19

    - removed now unnecessary cell-renderer patch

    - fixed 'default config creates ogg files with .mp3       extension' (#427017)

    - Mon Feb 18 2008 Fedora Release Engineering <rel-eng at       fedoraproject.org> - 1:3.2.0-18

    - Autorebuild for GCC 4.3

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Joseph VanAndel reports that grip is vulnerability to a buffer overflow vulnerability when receiving more than 16 CDDB responses.
This could lead to a crash in grip and potentially execution arbitrary code.

A workaround is to disable CDDB lookups.

A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the libcdaudio1 code.

The updated packages have been patched to correct these issues.

A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the gnome-vfs2 code.

The updated packages have been patched to correct these issues.

The remote host is affected by the vulnerability described in GLSA-200504-07 (GnomeVFS, libcdaudio: CDDB response overflow)

    Joseph VanAndel has discovered a buffer overflow in Grip when     processing large CDDB results (see GLSA 200503-21). The same overflow     is present in GnomeVFS and libcdaudio code.
  Impact :

    A malicious CDDB server could cause applications making use of GnomeVFS     or libcdaudio libraries to crash, potentially allowing the execution of     arbitrary code with the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine.

The updated packages have been patched to correct these issues.

A new grip package is available that fixes a remote buffer overflow.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and cdda2wav) and Ogg Vorbis encoders.

Dean Brettle discovered a buffer overflow bug in the way grip handles data returned by CDDB servers. It is possible that if a user connects to a malicious CDDB server, an attacker could execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0706 to this issue.

Users of grip should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue.

The remote host is affected by the vulnerability described in GLSA-200503-21 (Grip: CDDB response overflow)

    Joseph VanAndel has discovered a buffer overflow in Grip when     processing large CDDB results.
  Impact :

    A malicious CDDB server could cause Grip to crash by returning     more then 16 matches, potentially allowing the execution of arbitrary     code with the privileges of the user running the application.
  Workaround :

    Disable automatic CDDB queries, but we highly encourage users to     upgrade to 3.3.0.

ID	Name	Product	Family	Severity
67784	Oracle Linux 3 / 4 : gnome-vfs / gnome-vfs2 (ELSA-2009-0005)	Nessus	Oracle Linux Local Security Checks	high
60511	Scientific Linux Security Update : gnome-vfs2 on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
41069	SuSE9 Security Update : gnome-vfs2,gnome-vfs2-doc (YOU Patch Number 10010)	Nessus	SuSE Local Security Checks	high
41068	SuSE9 Security Update : gnome-vfs (YOU Patch Number 10009)	Nessus	SuSE Local Security Checks	high
37013	Fedora 10 : libcdaudio-0.99.12p2-11.fc10 (2008-11848)	Nessus	Fedora Local Security Checks	high
36704	Fedora 10 : grip-3.2.0-24.fc10 (2008-10126)	Nessus	Fedora Local Security Checks	high
36292	Mandriva Linux Security Advisory : libcdaudio (MDVSA-2008:233-1)	Nessus	Mandriva Local Security Checks	critical
35592	Fedora 9 : libcdaudio-0.99.12p2-11.fc9 (2008-11956)	Nessus	Fedora Local Security Checks	high
35343	FreeBSD : libcdaudio -- remote buffer overflow and code execution (bd730827-dfe0-11dd-a765-0030843d3802)	Nessus	FreeBSD Local Security Checks	critical
35311	CentOS 3 / 4 : gnome-vfs2 (CESA-2009:0005)	Nessus	CentOS Local Security Checks	high
35301	RHEL 2.1 / 3 / 4 : gnome-vfs, gnome-vfs2 (RHSA-2009:0005)	Nessus	Red Hat Local Security Checks	high
34825	Fedora 9 : grip-3.2.0-24.fc9 (2008-9604)	Nessus	Fedora Local Security Checks	high
34824	Fedora 8 : grip-3.2.0-24.fc8 (2008-9521)	Nessus	Fedora Local Security Checks	high
19101	FreeBSD : grip -- CDDB response multiple matches buffer overflow vulnerability (bcf27002-94c3-11d9-a9e0-0001020eed82)	Nessus	FreeBSD Local Security Checks	high
18105	Mandrake Linux Security Advisory : libcdaudio1 (MDKSA-2005:075)	Nessus	Mandriva Local Security Checks	high
18104	Mandrake Linux Security Advisory : gnome-vfs2 (MDKSA-2005:074)	Nessus	Mandriva Local Security Checks	high
18001	GLSA-200504-07 : GnomeVFS, libcdaudio: CDDB response overflow	Nessus	Gentoo Local Security Checks	high
17678	Mandrake Linux Security Advisory : grip (MDKSA-2005:066)	Nessus	Mandriva Local Security Checks	high
17644	RHEL 2.1 : grip (RHSA-2005:304)	Nessus	Red Hat Local Security Checks	high
17353	GLSA-200503-21 : Grip: CDDB response overflow	Nessus	Gentoo Local Security Checks	high

Detections

Analytics

CVE-2005-0706

critical

Tenable Plugins

high

high

high

high

high

high

critical

high

critical

high

high

high

high

high

high

high

high

high

high

high