|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-21] Grip: CDDB response overflow Vulnerability Scan
Vulnerability Scan Summary
Grip: CDDB response overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-21
(Grip: CDDB response overflow)
Joseph VanAndel has discovered a buffer overflow in Grip when
processing large CDDB results.
Impact
A malicious CDDB server could cause Grip to crash by returning
more then 16 matches, potentially allowing the execution of arbitrary
code with the rights of the user running the application.
Workaround
Disable automatic CDDB queries, but we highly encourage users to
upgrade to 3.3.0.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0706
http://sourceforge.net/tracker/?group_id=3714&atid=103714&func=detail&aid=834724
Solution:
All Grip users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/grip-3.3.0"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
