(Debian Issues Fix) Zinf Playlist Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1012127
|
|
SecurityTracker URL: http://securitytracker.com/id?1012127
|
|
CVE Reference: CAN-2004-0964
(Links to External Site)
|
Date: Nov 8 2004
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.2.1; possibly other versions
|
Description: A buffer overflow vulnerability was reported in Zinf. A remote user can execute arbitrary code on the target system.
Luigi Auriemma reported that a remote user can create a specially crafted '.pls' playlist file that, when loaded by the target user,
will trigger the buffer overflow and potentially execute arbitrary code.
A demonstration exploit is available at:
http://aluigi.altervista.org/poc/zinf-bof.pls
|
Impact: A remote user can cause arbitrary code to be executed on the target system with the privileges of the target user.
|
Solution: Debian has released a fix for Zinf (Freeamp) for the stable distribution (woody) in version 2.1.1.0-4woody2.
Debian GNU/Linux
3.0 alias woody:
Source archives:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2.dsc
Size/MD5 checksum: 944 39d51f9def21f5b1d5542ccbcbc01e29
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2.diff.gz
Size/MD5 checksum: 32347 783b34ce5201a8e4e10a8722fd00ad8f
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0.orig.tar.gz
Size/MD5 checksum: 3116888 d465da9fcdcc6ee7991e9b6cd968127b
Architecture independent components:
http://security.debian.org/pool/updates/main/f/freeamp/
freeamp-doc_2.1.1.0-4woody2_all.deb
Size/MD5 checksum: 282330 ffb91e1362db38b0e063839afdb7eefa
Alpha architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_alpha.deb
Size/MD5 checksum: 2399962 187f779ad3fa78a1bcb6f79837a733ba
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_alpha.deb
Size/MD5 checksum:
90476 d184dd97abf70f5db80579e76bdca43a
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_alpha.deb
Size/MD5 checksum: 34752 97704f6cd7245b6821d4683ee7999015
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_alpha.deb
Size/MD5 checksum: 33376 77bbee46f4b02464e387d40fd850fac9
ARM architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4
woody2_arm.deb
Size/MD5 checksum: 2194684 c37e64837c2353be71062e9c74934028
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woo
dy2_arm.deb
Size/MD5 checksum: 82794 6e6e0079c0f912c6aba7e3a73bc7963d
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody
2_arm.deb
Size/MD5 checksum: 29440 615324c7d033b4c327a883239b5afe9c
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody
2_arm.deb
Size/MD5 checksum: 29342 d745a17d3a3c59dd6d004babcfa7563b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/f/freeamp
/freeamp_2.1.1.0-4woody2_i386.deb
Size/MD5 checksum: 2032164 5c68a2b2940d9bfa3f5f3320f9a85d5b
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-
extras_2.1.1.0-4woody2_i386.deb
Size/MD5 checksum: 73482 091fe47ddd9308edcd2df707b00fefc8
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp
-alsa_2.1.1.0-4woody2_i386.deb
Size/MD5 checksum: 29382 3b22fa0992c89e05542d06b78ca263df
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-
esound_2.1.1.0-4woody2_i386.deb
Size/MD5 checksum: 28476 0142da2d0ed0d50e7fe454171d7066da
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_ia64.deb
Size/MD5 checksum: 2367142 c43140e99b8dd87934e9611a060fe1bc
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_ia64.deb
Size/MD5 checksum: 84638
6e55107e3071f451b08d77aed3260d44
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_ia64.deb
Size/MD5 checksum: 27532 84b0e8df2b31326b378ce79e404ec4cd
HP Precision architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.
1.1.0-4woody2_hppa.deb
Size/MD5 checksum: 2184294 a8a7ec3fa22215201fc05c9572c89074
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.
1.0-4woody2_hppa.deb
Size/MD5 checksum: 105354 ed97bdb2ae641dc2eecc66e7dfd2daf8
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1
.1.0-4woody2_hppa.deb
Size/MD5 checksum: 27602 bae0e367bfb7b40d2c4b0390c6638d3f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_m68k.deb
Size/MD5 checksum: 1744992 25bf614e89c0bfddc8863d1e007335d4
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_m68k.deb
Size/MD5 checksum: 72386
a0faa0affb7912807c340d65c6049cd5
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_m68k.deb
Size/MD5 checksum: 28706 f226affa56379550b2d74c8cded44520
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp
_2.1.1.0-4woody2_mips.deb
Size/MD5 checksum: 1864476 d8874d057b941058a7981a3233fdaa65
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2
.1.1.0-4woody2_mips.deb
Size/MD5 checksum: 69940 7f2ae3c9420e113583932b40eb8604dd
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.
1.1.0-4woody2_mips.deb
Size/MD5 checksum: 28610 9eb1bec2958a24a12872486c81e7a106
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2
.1.1.0-4woody2_mips.deb
Size/MD5 checksum: 27854 88ef872d3fdaa6e6cd274549f250b434
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_mipsel.deb
Size/MD5 checksum: 1827610
3bd082fa5eca1e96b2ad2fec3293a8bd
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_mipsel.deb
Size/MD5 checksum: 68796 d772ca8a111e64cab746a1f9efe5cf98
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_mipsel.deb
Size/MD5 checksum: 27546 d9eb6b5c8f6f608c09e695333e2cd477
PowerPC architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.
1.0-4woody2_powerpc.deb
Size/MD5 checksum: 2046412 539183b9f14aeeabbd74049bb9dcbca8
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1
.1.0-4woody2_powerpc.deb
Size/MD5 checksum: 75370 033f91e19fbb6da25da8a864a2fde435
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2
.1.1.0-4woody2_powerpc.deb
Size/MD5 checksum: 29854 405d64cb8eae9c9f24e32191e1ffd8da
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esou
nd_2.1.1.0-4woody2_powerpc.deb
Size/MD5 checksum: 29042 595cd2062229e98a2ce6d5c4ccbbc882
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_s390.deb
Size/MD5 checksum: 1962584 ea73c5dcf1b3d54eb04ebaeb4e190290
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_s390.deb
Size/MD5 checksum: 73074
93857a08ea97df7926b688b3d7b75e0d
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_s390.deb
Size/MD5 checksum: 29334 4aec2ae5a414e6d2bfbb73c6409f78c7
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1
.0-4woody2_sparc.deb
Size/MD5 checksum: 1969882 b220f88f807c80d6b96d7cfab862b2a3
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.
0-4woody2_sparc.deb
Size/MD5 checksum: 74556 cfb464ec0bf2c9859b5df5f80e9dabbc
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.
0-4woody2_sparc.deb
Size/MD5 checksum: 28814 9d7d9735acc60e36dac2d19c51d9ace9
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.
1.0-4woody2_sparc.deb
Size/MD5 checksum: 27802 5c91f275ac283265a8c4bd6d94b5122f
|
Vendor URL: www.zinf.org/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Debian)
|
Underlying OS Comments: 3.0
|
Reported By: joey@infodrom.org (Martin Schulze)
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 8 Nov 2004 13:00:00 +0100 (CET)
From: joey@infodrom.org (Martin Schulze)
Subject: [SECURITY] [DSA 587-1] New freeam packages fix arbitrary code execution
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 587-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 8th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : freeamp
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0964
Luigi Auriemma discovered a buffer overflow condition in the playlist
module of freeamp which could lead to arbitrary code execution.
Recent versions of freeamp were renamed into zinf.
For the stable distribution (woody) this problem has been fixed in
version 2.1.1.0-4woody2.
For the unstable distribution (sid) this problem does not exist in the
zinf packageas the code in question was rewritten.
We recommend that you upgrade your freeamp packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2.dsc
Size/MD5 checksum: 944 39d51f9def21f5b1d5542ccbcbc01e29
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2.diff.gz
Size/MD5 checksum: 32347 783b34ce5201a8e4e10a8722fd00ad8f
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0.orig.tar.gz
Size/MD5 checksum: 3116888 d465da9fcdcc6ee7991e9b6cd968127b
Architecture independent components:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-doc_2.1.1.0-4woody2_all.deb
Size/MD5 checksum: 282330 ffb91e1362db38b0e063839afdb7eefa
Alpha architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_alpha.deb
Size/MD5 checksum: 2399962 187f779ad3fa78a1bcb6f79837a733ba
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_alpha.deb
Size/MD5 checksum: 90476 d184dd97abf70f5db80579e76bdca43a
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_alpha.deb
Size/MD5 checksum: 34752 97704f6cd7245b6821d4683ee7999015
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_alpha.de
b
Size/MD5 checksum: 33376 77bbee46f4b02464e387d40fd850fac9
ARM architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_arm.deb
Size/MD5 checksum: 2194684 c37e64837c2353be71062e9c74934028
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_arm.deb
Size/MD5 checksum: 82794 6e6e0079c0f912c6aba7e3a73bc7963d
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_arm.deb
Size/MD5 checksum: 29440 615324c7d033b4c327a883239b5afe9c
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_arm.deb
Size/MD5 checksum: 29342 d745a17d3a3c59dd6d004babcfa7563b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_i386.deb
Size/MD5 checksum: 2032164 5c68a2b2940d9bfa3f5f3320f9a85d5b
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_i386.deb
Size/MD5 checksum: 73482 091fe47ddd9308edcd2df707b00fefc8
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_i386.deb
Size/MD5 checksum: 29382 3b22fa0992c89e05542d06b78ca263df
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_i386.deb
Size/MD5 checksum: 28476 0142da2d0ed0d50e7fe454171d7066da
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_ia64.deb
Size/MD5 checksum: 2367142 c43140e99b8dd87934e9611a060fe1bc
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_ia64.deb
Size/MD5 checksum: 84638 6e55107e3071f451b08d77aed3260d44
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_ia64.deb
Size/MD5 checksum: 27532 84b0e8df2b31326b378ce79e404ec4cd
HP Precision architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_hppa.deb
Size/MD5 checksum: 2184294 a8a7ec3fa22215201fc05c9572c89074
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_hppa.deb
Size/MD5 checksum: 105354 ed97bdb2ae641dc2eecc66e7dfd2daf8
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_hppa.deb
Size/MD5 checksum: 27602 bae0e367bfb7b40d2c4b0390c6638d3f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_m68k.deb
Size/MD5 checksum: 1744992 25bf614e89c0bfddc8863d1e007335d4
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_m68k.deb
Size/MD5 checksum: 72386 a0faa0affb7912807c340d65c6049cd5
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_m68k.deb
Size/MD5 checksum: 28706 f226affa56379550b2d74c8cded44520
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_mips.deb
Size/MD5 checksum: 1864476 d8874d057b941058a7981a3233fdaa65
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_mips.deb
Size/MD5 checksum: 69940 7f2ae3c9420e113583932b40eb8604dd
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_mips.deb
Size/MD5 checksum: 28610 9eb1bec2958a24a12872486c81e7a106
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_mips.deb
Size/MD5 checksum: 27854 88ef872d3fdaa6e6cd274549f250b434
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_mipsel.deb
Size/MD5 checksum: 1827610 3bd082fa5eca1e96b2ad2fec3293a8bd
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_mipsel.deb
Size/MD5 checksum: 68796 d772ca8a111e64cab746a1f9efe5cf98
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_mipsel.d
eb
Size/MD5 checksum: 27546 d9eb6b5c8f6f608c09e695333e2cd477
PowerPC architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_powerpc.deb
Size/MD5 checksum: 2046412 539183b9f14aeeabbd74049bb9dcbca8
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_powerpc.deb
Size/MD5 checksum: 75370 033f91e19fbb6da25da8a864a2fde435
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_powerpc.de
b
Size/MD5 checksum: 29854 405d64cb8eae9c9f24e32191e1ffd8da
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_powerpc.
deb
Size/MD5 checksum: 29042 595cd2062229e98a2ce6d5c4ccbbc882
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_s390.deb
Size/MD5 checksum: 1962584 ea73c5dcf1b3d54eb04ebaeb4e190290
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_s390.deb
Size/MD5 checksum: 73074 93857a08ea97df7926b688b3d7b75e0d
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_s390.deb
Size/MD5 checksum: 29334 4aec2ae5a414e6d2bfbb73c6409f78c7
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_sparc.deb
Size/MD5 checksum: 1969882 b220f88f807c80d6b96d7cfab862b2a3
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_sparc.deb
Size/MD5 checksum: 74556 cfb464ec0bf2c9859b5df5f80e9dabbc
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_sparc.deb
Size/MD5 checksum: 28814 9d7d9735acc60e36dac2d19c51d9ace9
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_sparc.de
b
Size/MD5 checksum: 27802 5c91f275ac283265a8c4bd6d94b5122f
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBj1+/W5ql+IAeqTIRAnIrAJ4r0yQnxKCsU9jElkzv5CXctHJvMwCfV6/E
mY6LDP6fdnSCcwMHU2GGYUU=
=uCT5
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
