Buffer overflow : Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.800146

Kategorie: Buffer overflow

Titel: Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)

Zusammenfassung: The host is installed with Streamripper, which is prone to Multiple; Buffer Overflow Vulnerabilities.

Beschreibung: Summary:
The host is installed with Streamripper, which is prone to Multiple
Buffer Overflow Vulnerabilities.

Vulnerability Insight:
The flaws are due to boundary error within,

- http_parse_sc_header() function in lib/http.c, when parsing an overly long
HTTP header starting with Zwitterion v.

- http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a
specially crafted pls playlist containing an overly long entry or m3u
playlist containing an overly long File entry.

Vulnerability Impact:
Successful attack could lead to execution of arbitrary code by tricking a
user into connecting to a malicious server or can even cause denial of service condition.

Affected Software/OS:
Streamripper Version 1.63.5 and earlier on Windows.

Solution:
Upgrade to Version 1.64.0 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 32356
Common Vulnerability Exposure (CVE) ID: CVE-2008-4829
http://www.securityfocus.com/bid/32356
Bugtraq: 20081119 Secunia Research: Streamripper Multiple Buffer Overflows (Google Search)
http://www.securityfocus.com/archive/1/498486/100/0/threaded
Debian Security Information: DSA-1683 (Google Search)
http://www.debian.org/security/2008/dsa-1683
http://secunia.com/secunia_research/2008-50/
http://www.osvdb.org/49997
http://secunia.com/advisories/32562
http://secunia.com/advisories/33052
http://secunia.com/advisories/33061
http://securityreason.com/securityalert/4647
http://www.vupen.com/english/advisories/2008/3207

Copyright Copyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.800146
Kategorie:	Buffer overflow
Titel:	Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)
Zusammenfassung:	The host is installed with Streamripper, which is prone to Multiple; Buffer Overflow Vulnerabilities.
Beschreibung:	Summary: The host is installed with Streamripper, which is prone to Multiple Buffer Overflow Vulnerabilities. Vulnerability Insight: The flaws are due to boundary error within, - http_parse_sc_header() function in lib/http.c, when parsing an overly long HTTP header starting with Zwitterion v. - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a specially crafted pls playlist containing an overly long entry or m3u playlist containing an overly long File entry. Vulnerability Impact: Successful attack could lead to execution of arbitrary code by tricking a user into connecting to a malicious server or can even cause denial of service condition. Affected Software/OS: Streamripper Version 1.63.5 and earlier on Windows. Solution: Upgrade to Version 1.64.0 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 32356 Common Vulnerability Exposure (CVE) ID: CVE-2008-4829 http://www.securityfocus.com/bid/32356 Bugtraq: 20081119 Secunia Research: Streamripper Multiple Buffer Overflows (Google Search) http://www.securityfocus.com/archive/1/498486/100/0/threaded Debian Security Information: DSA-1683 (Google Search) http://www.debian.org/security/2008/dsa-1683 http://secunia.com/secunia_research/2008-50/ http://www.osvdb.org/49997 http://secunia.com/advisories/32562 http://secunia.com/advisories/33052 http://secunia.com/advisories/33061 http://securityreason.com/securityalert/4647 http://www.vupen.com/english/advisories/2008/3207
Copyright	Copyright (C) 2008 Greenbone Networks GmbH