Executive Summary
| Summary | |
|---|---|
| Title | New streamripper packages fix potential code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-1683 | First vendor Publication | 2008-12-08 |
| Vendor | Debian | Last vendor Modification | 2008-12-08 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper (CVE-2007-4337, CVE-2008-4829). For the stable distribution (etch), these problems have been fixed in version 1.61.27-1+etch1. For the unstable distribution (sid) and the testing distribution (lenny), these problems have been fixed in version 1.63.5-2. We recommend that you upgrade your streamripper package. |
Original Source
| Url : http://www.debian.org/security/2008/dsa-1683 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20067 | |||
| Oval ID: | oval:org.mitre.oval:def:20067 | ||
| Title: | DSA-1683-1 streamripper - potential code execution | ||
| Description: | Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper (<a href="http://security-tracker.debian.org/tracker/CVE-2007-4337">CVE-2007-4337</a>, <a href="http://security-tracker.debian.org/tracker/CVE-2008-4829">CVE-2008-4829</a>). | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1683-1 CVE-2007-4337 CVE-2008-4829 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | streamripper |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8216 | |||
| Oval ID: | oval:org.mitre.oval:def:8216 | ||
| Title: | DSA-1683 streamripper -- buffer overflow | ||
| Description: | Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper (CVE-2007-4337, CVE-2008-4829). For the stable distribution (etch), these problems have been fixed in version 1.61.27-1+etch1. For the unstable distribution (sid) and the testing distribution (lenny), these problems have been fixed in version 1.63.5-2. We recommend that you upgrade your streamripper package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1683 CVE-2007-4337 CVE-2008-4829 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | streamripper |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-01-13 | Name : Gentoo Security Advisory GLSA 200901-05 (streamripper) File : nvt/glsa_200901_05.nasl |
| 2008-12-10 | Name : Debian Security Advisory DSA 1683-1 (streamripper) File : nvt/deb_1683_1.nasl |
| 2008-12-01 | Name : Streamripper Multiple Buffer Overflow Vulnerabilities (Linux) File : nvt/gb_streamripper_mult_bof_vuln_nov08_lin.nasl |
| 2008-12-01 | Name : Streamripper Multiple Buffer Overflow Vulnerabilities (Win) File : nvt/gb_streamripper_mult_bof_vuln_nov08_win.nasl |
| 2008-11-24 | Name : FreeBSD Ports: streamripper File : nvt/freebsd_streamripper.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-03 (streamripper) File : nvt/glsa_200709_03.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 49997 | Streamripper lib/http.c Multiple Function Remote Overflows |
| 39533 | Streamripper lib/http.c httplib_parse_sc_header() Function Multiple HTTP Head... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-01-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200901-05.nasl - Type : ACT_GATHER_INFO |
| 2008-12-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1683.nasl - Type : ACT_GATHER_INFO |
| 2008-11-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4d4caee0b93911dda5780030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2007-09-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-03.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:28:03 |
|
