|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Alsaplayer: buffer overflow via a ogg file
Synthesis of the vulnerability
An attacker can construct a malicious ogg file in order to run code on computer of victims listening this file.
Vulnerable software: Debian, Unix (platform) ~ not comprehensive.
Severity of this announce: 2/4.
Consequences of an intrusion: user access/rights.
Attacker's origin: document.
Creation date: 11/10/2007.
Revision date: 10/04/2008.
Références of this computer vulnerability: CVE-2007-5301, DSA-1538-1, VIGILANCE-VUL-7243.
Description of the vulnerability
The alsaplayer player manages several file type, including the ogg file type. Ogg files possesses tags containing information about the encoded sound (title, artist, album, genre, year, track and comment).
At the opening of the ogg file, the vorbis_stream_info() function of the /alsaplayer/input/vorbis/vorbis_engine.c file stores in memory information contained in tags with the strcpy() function without making control on these information size.
Example: strcpy(info->tag, x ? x : "");
An attacker can thus construct an ogg file with very long information stored in tags, in order to create a buffer overflow in alsaplayer, and thus to run code on the computer of the victim listening the file.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a network vulnerability watch. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.