The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

threat bulletin CVE-2007-5301

Alsaplayer: buffer overflow via a ogg file

Synthesis of the vulnerability

An attacker can construct a malicious ogg file in order to run code on computer of victims listening this file.
Severity of this announce: 2/4.
Creation date: 11/10/2007.
Revision date: 10/04/2008.
Références of this computer vulnerability: CVE-2007-5301, DSA-1538-1, VIGILANCE-VUL-7243.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The alsaplayer player manages several file type, including the ogg file type. Ogg files possesses tags containing information about the encoded sound (title, artist, album, genre, year, track and comment).

At the opening of the ogg file, the vorbis_stream_info() function of the /alsaplayer/input/vorbis/vorbis_engine.c file stores in memory information contained in tags with the strcpy() function without making control on these information size.

Example: strcpy(info->tag, x ? x : "");

An attacker can thus construct an ogg file with very long information stored in tags, in order to create a buffer overflow in alsaplayer, and thus to run code on the computer of the victim listening the file.
Full Vigil@nce bulletin... (Free trial)

This computer threat bulletin impacts software or systems such as Debian, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this security threat is medium.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability alert.

Solutions for this threat

Alsaplayer: patch for vorbis_engine.
A patch is available.

Debian 4.0: new alsaplayer packages.
New packages are available:
  http://security.debian.org/pool/updates/main/a/alsaplayer/*_0.99.76-9+etch1_*.deb
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerabilities patch. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.