PlayMidi Local Buffer Overflow Vulnerability
BID:12274
Info
PlayMidi Local Buffer Overflow Vulnerability
| Bugtraq ID: | 12274 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0020 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 17 2005 12:00AM |
| Updated: | Jul 12 2009 05:56PM |
| Credit: | Erik Sjölund is credited with the discovery of this issue. |
| Vulnerable: |
Playmidi Linux Midi Player 2.4 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 Mandriva Linux Mandrake 10.0 AMD64 Mandriva Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 |
| Not Vulnerable: | |
Discussion
PlayMidi Local Buffer Overflow Vulnerability
A local buffer overflow vulnerability affects Playmidi. This issue is due to a failure of the an unspecified setuid utility that is packaged with the Playmidi suite to properly validate the length of user-supplied strings prior to copying them into static process buffers.
This BID will be updated as more information becomes available.
A local attacker may leverage this issue to execute arbitrary instructions with the privileges of the superuser. This may facilitate privilege escalation and potentially unauthorized access.
A local buffer overflow vulnerability affects Playmidi. This issue is due to a failure of the an unspecified setuid utility that is packaged with the Playmidi suite to properly validate the length of user-supplied strings prior to copying them into static process buffers.
This BID will be updated as more information becomes available.
A local attacker may leverage this issue to execute arbitrary instructions with the privileges of the superuser. This may facilitate privilege escalation and potentially unauthorized access.
Exploit / POC
PlayMidi Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
PlayMidi Local Buffer Overflow Vulnerability
Solution:
Debian linux has made an advisory (DSA 641-1) available dealing with this issue. Please see the referenced advisory for more information.
Mandrake has released an advisory MDKSA-2005:010 to address this issue. Please see the referenced advisory for more information.
Playmidi Linux Midi Player 2.4
Solution:
Debian linux has made an advisory (DSA 641-1) available dealing with this issue. Please see the referenced advisory for more information.
Mandrake has released an advisory MDKSA-2005:010 to address this issue. Please see the referenced advisory for more information.
Playmidi Linux Midi Player 2.4
-
Debian playmidi_2.4-4woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_alpha.deb -
Debian playmidi_2.4-4woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_arm.deb -
Debian playmidi_2.4-4woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_hppa.deb -
Debian playmidi_2.4-4woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_i386.deb -
Debian playmidi_2.4-4woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_ia64.deb -
Debian playmidi_2.4-4woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_m68k.deb -
Debian playmidi_2.4-4woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_mips.deb -
Debian playmidi_2.4-4woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_mipsel.deb -
Debian playmidi_2.4-4woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_powerpc.deb -
Debian playmidi_2.4-4woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_s390.deb -
Debian playmidi_2.4-4woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4 woody1_sparc.deb