|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200608-14] DUMB: Heap buffer overflow Vulnerability Scan
Vulnerability Scan Summary DUMB: Heap buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200608-14
(DUMB: Heap buffer overflow)
Luigi Auriemma found a heap-based buffer overflow in the
it_read_envelope function which reads the envelope values for volume,
pan and pitch of the instruments referenced in a ".it" (Impulse
Tracker) file with a large number of nodes.
Impact
By enticing a user to load a malicious ".it" (Impulse Tracker) file, an
attacker may execute arbitrary code with the rights of the user running
the application that uses a vulnerable DUMB library.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3668
Solution:
All users of DUMB should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/dumb-0.9.3-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|