Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
BID:12770
Info
Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
| Bugtraq ID: | 12770 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0706 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 10 2005 12:00AM |
| Updated: | Apr 16 2015 05:50PM |
| Credit: | Discovery is credited to Joseph VanAndel. |
| Vulnerable: |
S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux 8.1 S.u.S.E. Linux 8.0 i386 S.u.S.E. Linux 8.0 S.u.S.E. Linux 7.3 sparc S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 i386 S.u.S.E. Linux 7.3 S.u.S.E. Linux 7.2 i386 S.u.S.E. Linux 7.2 S.u.S.E. Linux 7.1 x86 S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.0 sparc S.u.S.E. Linux 7.0 ppc S.u.S.E. Linux 7.0 i386 S.u.S.E. Linux 7.0 alpha S.u.S.E. Linux 7.0 S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 6.4 i386 S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.3 ppc S.u.S.E. Linux 6.3 alpha S.u.S.E. Linux 6.3 S.u.S.E. Linux 6.2 S.u.S.E. Linux 6.1 alpha S.u.S.E. Linux 6.1 RedHat Linux Advanced Workstation 2.1 for the Ita 2.1 IA64 RedHat Linux Advanced Work Station 2.1 RedHat Linux 9.0 i386 RedHat Linux 7.3 i386 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 Red Hat Fedora Core1 Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux AS 2.1 IA64 Red Hat Enterprise Linux AS 2.1 Peachtree Linux release 1 Mandriva Linux Mandrake 2009.0 x86_64 Mandriva Linux Mandrake 2009.0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 libcdaudio CD Control Library 0.99.12 libcdaudio CD Control Library 0.99.11 libcdaudio CD Control Library 0.99.10 libcdaudio CD Control Library 0.99.9 libcdaudio CD Control Library 0.99.8 libcdaudio CD Control Library 0.99.7 libcdaudio CD Control Library 0.99.6 libcdaudio CD Control Library 0.99.5 libcdaudio CD Control Library 0.99.4 Grip Grip 3.2 .0 Grip Grip 3.1.4 Grip Grip 3.1.2 Grip Grip 3.0.7 Grip Grip 3.0.4 Grip Grip 2.96 GNOME GnomeVFS 2.8.4 GNOME GnomeVFS 2.8.3 GNOME GnomeVFS 2.8.2 GNOME GnomeVFS 2.8.1 GNOME GnomeVFS 2.8 GNOME GnomeVFS 2.7.5 GNOME GnomeVFS 2.7.4 GNOME GnomeVFS 2.7.3 GNOME GnomeVFS 2.7.2 GNOME GnomeVFS 2.7.1 GNOME GnomeVFS 2.7 GNOME GnomeVFS 2.6.2 GNOME GnomeVFS 2.4.2 GNOME GnomeVFS 2.2.5 GNOME GnomeVFS 2.1.3 Gentoo Linux Conectiva Linux 10.0 Avaya Proactive Contact 4.0 Avaya Proactive Contact 3.0 Avaya Proactive Contact 0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 4.0 Avaya Messaging Storage Server 3.1 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Message Networking Avaya Intuity AUDIX LX 2.0 Avaya Intuity AUDIX LX 1.0 |
| Not Vulnerable: | |
Discussion
Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
A buffer-overflow issue in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches.
To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.
Grip 3.1.2 and 3.2.0 are affected; other versions may also be affected.
A buffer-overflow issue in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches.
To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.
Grip 3.1.2 and 3.2.0 are affected; other versions may also be affected.
Exploit / POC
Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
Solution:
Fixes are available. Please see the references for details.
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
libcdaudio CD Control Library 0.99.10
libcdaudio CD Control Library 0.99.9
Conectiva Linux 10.0
GNOME GnomeVFS 2.8.4
Grip Grip 2.96
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 3.0 x86_64
Grip Grip 3.0.4
Grip Grip 3.1.4
Grip Grip 3.2 .0
Solution:
Fixes are available. Please see the references for details.
Mandriva Linux Mandrake 2008.0 x86_64
-
Mandriva lib64cdaudio1-0.99.12-4.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64cdaudio1-devel-0.99.12-4.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0
-
Mandriva libcdaudio1-0.99.12-4.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libcdaudio1-devel-0.99.12-4.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2009.0 x86_64
-
Mandriva lib64cdaudio1-0.99.12-6.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64cdaudio1-devel-0.99.12-6.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1 x86_64
-
Mandriva lib64cdaudio1-0.99.12-5.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64cdaudio1-devel-0.99.12-5.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1
-
Mandriva libcdaudio1-0.99.12-5.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libcdaudio1-devel-0.99.12-5.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
libcdaudio CD Control Library 0.99.10
-
Mandriva lib64cdaudio1-0.99.10-1.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva lib64cdaudio1-0.99.10-2.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva lib64cdaudio1-devel-0.99.10-1.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva lib64cdaudio1-devel-0.99.10-2.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libcdaudio1-0.99.10-1.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libcdaudio1-0.99.10-2.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libcdaudio1-devel-0.99.10-1.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libcdaudio1-devel-0.99.10-2.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3
libcdaudio CD Control Library 0.99.9
-
Mandriva libcdaudio1-0.99.9-1.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libcdaudio1-0.99.9-1.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libcdaudio1-devel-0.99.9-1.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libcdaudio1-devel-0.99.9-1.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www1.mandrivalinux.com/en/ftp.php3
Conectiva Linux 10.0
-
Conectiva grip-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-3.2.0-49646U10_1cl.i3 86.rpm -
Conectiva grip-i18n-bg-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-bg-3.2.0-49646U1 0_1cl.i386.rpm -
Conectiva grip-i18n-ca-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-ca-3.2.0-49646U1 0_1cl.i386.rpm -
Conectiva grip-i18n-es-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-es-3.2.0-49646U1 0_1cl.i386.rpm -
Conectiva grip-i18n-fi-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-fi-3.2.0-49646U1 0_1cl.i386.rpm -
Conectiva grip-i18n-fr-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-fr-3.2.0-49646U1 0_1cl.i386.rpm -
Conectiva grip-i18n-it-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-it-3.2.0-49646U1 0_1cl.i386.rpm -
Conectiva grip-i18n-ja-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-ja-3.2.0-49646U1 0_1cl.i386.rpm -
Conectiva grip-i18n-pt_BR-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-pt_BR-3.2.0-4964 6U10_1cl.i386.rpm -
Conectiva grip-i18n-ru-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-ru-3.2.0-49646U1 0_1cl.i386.rpm -
Conectiva grip-i18n-zh_CN-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-zh_CN-3.2.0-4964 6U10_1cl.i386.rpm -
Conectiva grip-i18n-zh_TW-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-zh_TW-3.2.0-4964 6U10_1cl.i386.rpm -
Conectiva nss_ldap-240-53589U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/nss_ldap-240-53589U10_1cl. i386.rpm -
Conectiva nss_ldap-240-53589U10_1cl.i386.rpm
Conectiva 10:
nss_ldap-240-53589U10_1cl.i386.rpm -
Conectiva pam_ldap-180-47667U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/pam_ldap-180-47667U10_1cl. i386.rpm -
Conexant grip-i18n-de-3.2.0-49646U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/grip-i18n-de-3.2.0-49646U1 0_1cl.i386.rpm
GNOME GnomeVFS 2.8.4
-
Mandriva gnome-vfs2-2.8.4-6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva gnome-vfs2-2.8.4-6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva lib64gnome-vfs2_0-2.8.4-6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva lib64gnome-vfs2_0-devel-2.8.4-6.1.102mdk.x86_64.rpm
Mandrake Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libgnome-vfs2_0-2.8.4-6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva libgnome-vfs2_0-devel-2.8.4-6.1.102mdk.i586.rpm
Mandrake Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3
Grip Grip 2.96
-
RedHat Fedora grip-2.96-2.2.legacy.i386.rpm
Red Hat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/grip-2.96-2.2 .legacy.i386.rpm
MandrakeSoft Corporate Server 3.0
-
Mandriva libcdaudio1-0.99.9-1.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libcdaudio1-devel-0.99.9-1.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 3.0 x86_64
-
Mandriva libcdaudio1-0.99.9-1.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva libcdaudio1-devel-0.99.9-1.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/
Grip Grip 3.0.4
-
RedHat Fedora grip-3.0.4-5.2.legacy.i386.rpm
Red Hat Linux 9
http://download.fedoralegacy.org/redhat/9/updates/i386/grip-3.0.4-5.2. legacy.i386.rpm -
RedHat Fedora grip-3.0.7-3.2.legacy.i386.rpm
Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/grip-3.0.7-3.2. legacy.i386.rpm
Grip Grip 3.1.4
-
Mandrake grip-3.1.4-1.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake grip-3.1.4-1.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake grip-3.1.4-1.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake grip-3.1.4-1.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
Grip Grip 3.2 .0
-
Fedora grip-3.2.0-3.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora grip-3.2.0-3.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora grip-3.2.0-4.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora grip-3.2.0-4.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora grip-debuginfo-3.2.0-3.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora grip-debuginfo-3.2.0-3.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora grip-debuginfo-3.2.0-4.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora grip-debuginfo-3.2.0-4.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Mandrake grip-3.2.0-3.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake grip-3.2.0-3.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php
References
Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
References:
References:
- GnomeVFS Home Page (Gnome)
- Grip Homepage (Grip)
- libcdaudio Home Page (libcdaudio)
- RHSA-2005:304-08 - grip security update (RedHat)
- ASA-2009-036 gnome-vfs, gnome-vfs2 security update (RHSA-2009-0005) (Avaya)