CERT-In Advisory CIAD-2009-54
Multiple Vulnerabilities in Fedora
Original Issue Date: December 07, 2009
Severity Rating:High
System Affected
Overview
Multiple vulnerabilities have been reported in libsndfile package in Fedora, which could be exploited by remote attackers to cause a denial of service conditions, execute an arbitrary code or potentially compromise an affected system.
Description
" libsndfile" is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface.
1. libsndfile CAF File Processing Integer Overflow Vulnerability
(CVE-2009-0186)
This vulnerability is caused by an integer overflow error when processing CAF description chunks in libsndfile package. A remote attacker could exploit this vulnerability by tricking a user into opening a specially crafted CAF audio file to trigger heap-based buffer overflow error . Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service condition or execute an arbitrary code.
2. libsndfile VOC and AIFF Files Processing Buffer Overflow Vulnerabilities (CVE-2009-1788 , CVE-2009-1791)
These vulnerabilities are caused by buffer overflow errors in the "voc_read_header()" [src/voc.c] and "aiff_read_header()" [src/aiff.c] functions when processing VOC and AIFF files in libsndfile package. A remote attacker could exploit these vulnerabilities via a specially crafted VOC and AIFF file with an invalid header values to trigger heap-based buffer overflow error . Successful exploitation of these vulnerabilities could allow a remote attacker to cause denial of service condition and possibly execute an arbitrary code.
Solutions
Upgrade the affected package (libsndfile)
http://docs.fedoraproject.org/yum/
Vendor Information https://www.redhat.com/archives/fedora-package-announce/
2009-December/msg00238.html
https://www.redhat.com/archives/fedora-package-announce/
2009-December/msg00251.html
References Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=488361
https://bugzilla.redhat.com/show_bug.cgi?id=502657
https://bugzilla.redhat.com/show_bug.cgi?id=502658
Secunia
http://secunia.com/advisories/37538/1/
http://secunia.com/advisories/35443
http://secunia.com/advisories/34791
SecurityFocus
http://www.securityfocus.com/bid/34978
http://www.securityfocus.com/bid/33963
VUPEN
http://www.vupen.com/english/advisories/2009/0585
http://www.vupen.com/english/advisories/2009/3387
http://www.vupen.com/english/advisories/2009/1348
ISS X FORCE
http://xforce.iss.net/xforce/xfdb/50541
CVE Name
CVE-2009-0186
CVE-2009-1788
CVE-2009-1791
CWE Name
CWE-189
CWE-119
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
