|
|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:157: musicbrainz Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the musicbrainz package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:157 (musicbrainz).
Multiple buffer overflows in libmusicbrainz (aka mb_client or
MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and
earlier, allow remote attackers to cause a denial of service (crash)
or execute arbitrary code via (1) a long Location header by the HTTP
server, which triggers an overflow in the MBHttp::Download function in
lib/http.cpp
and (2) a long URL in RDF data, as demonstrated by a URL
in an rdf:resource field in an RDF XML document, which triggers
overflows in many functions in lib/rdfparse.c.
The updated packages have been patched to correct this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:157
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
