Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900431
Kategorie:Buffer overflow
Titel:Amarok Player Multiple Vulnerabilities
Zusammenfassung:This host is installed with Amarok Player for Linux and is prone; to Multiple Vulnerabilities.
Beschreibung:Summary:
This host is installed with Amarok Player for Linux and is prone
to Multiple Vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to integer overflow errors within the
Audible::Tag::readTag function in src/metadata/audible/audibletag.cpp. This
can be exploited via specially crafted Audible Audio files with a large nlen
or vlen Tag value.

Vulnerability Impact:
Successful exploitation will allow attacker to execute malicious arbitrary
codes or can cause heap overflow in the context of the application.

Affected Software/OS:
Amarok Player version prior to 2.0.1.1 on Linux

Solution:
Upgrade to the latest version 2.0.1.1.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 33210
Common Vulnerability Exposure (CVE) ID: CVE-2009-0135
http://www.securityfocus.com/bid/33210
Bugtraq: 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/499984/100/0/threaded
Debian Security Information: DSA-1706 (Google Search)
http://www.debian.org/security/2009/dsa-1706
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html
http://security.gentoo.org/glsa/glsa-200903-34.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:030
http://trapkit.de/advisories/TKADV2009-002.txt
http://openwall.com/lists/oss-security/2009/01/14/2
http://www.securitytracker.com/id?1021558
http://secunia.com/advisories/33505
http://secunia.com/advisories/33522
http://secunia.com/advisories/33640
http://secunia.com/advisories/33819
http://secunia.com/advisories/34315
http://secunia.com/advisories/34407
http://securityreason.com/securityalert/4915
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://www.ubuntu.com/usn/USN-739-1
http://www.vupen.com/english/advisories/2009/0100
Common Vulnerability Exposure (CVE) ID: CVE-2009-0136
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.