Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 10 Nov 2008 10:20:41 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: libcdaudio



On Wed, 5 Nov 2008, Thomas Biege wrote:

> Hello,
> we need a CVE-ID for a buffer overflow in libcdaudio.
> It is a remotely exploitable heap-based buffer overflow.

Out of curiosity, what makes it remote?

Use CVE-2008-5030

- Steve

======================================================
Name: CVE-2008-5030
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030
Reference: MLIST:[oss-security] 20081105 CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/1
Reference: MLIST:[oss-security] 20081107 Re: CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/07/1
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
Reference: BID:32122
Reference: URL:http://www.securityfocus.com/bid/32122

Heap-based buffer overflow in the cddb_read_disc_data function in
cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute
arbitrary code via long CDDB data.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux