[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0811101019580.609@faron.mitre.org>
Date: Mon, 10 Nov 2008 10:20:41 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: libcdaudio
On Wed, 5 Nov 2008, Thomas Biege wrote:
> Hello,
> we need a CVE-ID for a buffer overflow in libcdaudio.
> It is a remotely exploitable heap-based buffer overflow.
Out of curiosity, what makes it remote?
Use CVE-2008-5030
- Steve
======================================================
Name: CVE-2008-5030
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030
Reference: MLIST:[oss-security] 20081105 CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/1
Reference: MLIST:[oss-security] 20081107 Re: CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/07/1
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
Reference: BID:32122
Reference: URL:http://www.securityfocus.com/bid/32122
Heap-based buffer overflow in the cddb_read_disc_data function in
cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute
arbitrary code via long CDDB data.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
