The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Alsaplayer: buffer overflow via a ogg file

Synthesis of the vulnerability 

An attacker can construct a malicious ogg file in order to run code on computer of victims listening this file.
Vulnerable software: Debian, Unix (platform) ~ not comprehensive.
Severity of this announce: 2/4.
Creation date: 11/10/2007.
Revision date: 10/04/2008.
Références of this computer vulnerability: CVE-2007-5301, DSA-1538-1, VIGILANCE-VUL-7243.

Description of the vulnerability 

The alsaplayer player manages several file type, including the ogg file type. Ogg files possesses tags containing information about the encoded sound (title, artist, album, genre, year, track and comment).

At the opening of the ogg file, the vorbis_stream_info() function of the /alsaplayer/input/vorbis/vorbis_engine.c file stores in memory information contained in tags with the strcpy() function without making control on these information size.

Example: strcpy(info->tag, x ? x : "");

An attacker can thus construct an ogg file with very long information stored in tags, in order to create a buffer overflow in alsaplayer, and thus to run code on the computer of the victim listening the file.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat bulletin impacts software or systems such as Debian, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this security threat is medium.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability alert.

Solutions for this threat 

Alsaplayer: patch for vorbis_engine.
A patch is available.

Debian 4.0: new alsaplayer packages.
New packages are available:*_0.99.76-9+etch1_*.deb
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerabilities patch. The technology watch team tracks security threats targeting the computer system.