Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2008:233-1 | First vendor Publication | 2008-12-07 |
| Vendor | Mandriva | Last vendor Modification | 2008-12-07 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:233-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10768 | |||
| Oval ID: | oval:org.mitre.oval:def:10768 | ||
| Title: | Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. | ||
| Description: | Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-0706 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20121 | |||
| Oval ID: | oval:org.mitre.oval:def:20121 | ||
| Title: | DSA-1665-1 libcdaudio - heap overflow | ||
| Description: | It was discovered that a heap overflow in the CDDB retrieval code of libcdaudio, a library for controlling a CD-ROM when playing audio CDs, may result in the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1665-1 CVE-2008-5030 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libcdaudio |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7934 | |||
| Oval ID: | oval:org.mitre.oval:def:7934 | ||
| Title: | DSA-1665 libcdaudio -- heap overflow | ||
| Description: | It was discovered that a heap overflow in the CDDB retrieval code of libcdaudio, a library for controlling a CD-ROM when playing audio CDs, may result in the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1665 CVE-2008-5030 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libcdaudio |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 | |
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for gnome-vfs CESA-2009:0005-01 centos2 i386 File : nvt/gb_CESA-2009_0005-01_gnome-vfs_centos2_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gnome-vfs2 CESA-2009:0005 centos3 i386 File : nvt/gb_CESA-2009_0005_gnome-vfs2_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gnome-vfs2 CESA-2009:0005 centos4 i386 File : nvt/gb_CESA-2009_0005_gnome-vfs2_centos4_i386.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2008:233-1 (libcdaudio) File : nvt/mdksa_2008_233_1.nasl |
| 2009-10-10 | Name : SLES9: Security update for gnome-vfs File : nvt/sles9p5014621.nasl |
| 2009-10-10 | Name : SLES9: Security update for gnome-vfs2,gnome-vfs2-doc File : nvt/sles9p5014116.nasl |
| 2009-04-09 | Name : Mandriva Update for libcdaudio MDVSA-2008:233 (libcdaudio) File : nvt/gb_mandriva_MDVSA_2008_233.nasl |
| 2009-03-20 | Name : Gentoo Security Advisory GLSA 200903-31 (libcdaudio) File : nvt/glsa_200903_31.nasl |
| 2009-02-17 | Name : Fedora Update for grip FEDORA-2008-9521 File : nvt/gb_fedora_2008_9521_grip_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for grip FEDORA-2008-9604 File : nvt/gb_fedora_2008_9604_grip_fc9.nasl |
| 2009-02-16 | Name : Fedora Update for grip FEDORA-2008-10126 File : nvt/gb_fedora_2008_10126_grip_fc10.nasl |
| 2009-02-13 | Name : Fedora Core 9 FEDORA-2008-11956 (libcdaudio) File : nvt/fcore_2008_11956.nasl |
| 2009-02-10 | Name : CentOS Security Advisory CESA-2009:0005-01 (gnome-vfs) File : nvt/ovcesa2009_0005_01.nasl |
| 2009-02-10 | Name : Fedora Core 10 FEDORA-2008-11848 (libcdaudio) File : nvt/fcore_2008_11848.nasl |
| 2009-01-13 | Name : FreeBSD Ports: libcdaudio File : nvt/freebsd_libcdaudio.nasl |
| 2009-01-13 | Name : CentOS Security Advisory CESA-2009:0005 (gnome-vfs2) File : nvt/ovcesa2009_0005.nasl |
| 2009-01-07 | Name : RedHat Security Advisory RHSA-2009:0005 File : nvt/RHSA_2009_0005.nasl |
| 2008-11-19 | Name : Debian Security Advisory DSA 1665-1 (libcdaudio) File : nvt/deb_1665_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-21 (grip) File : nvt/glsa_200503_21.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200504-07 (GnomeVFS) File : nvt/glsa_200504_07.nasl |
| 2008-09-04 | Name : FreeBSD Ports: grip File : nvt/freebsd_grip.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 49821 | libcdaudio cddb.c cddb_read_disc_data Function CDDB Data Handling Remote Over... |
| 14643 | grip CDDB Multiple Matches Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0005.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090107_gnome_vfs2_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10010.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10009.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10126.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11848.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-233.nasl - Type : ACT_GATHER_INFO |
| 2009-03-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-31.nasl - Type : ACT_GATHER_INFO |
| 2009-02-05 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11956.nasl - Type : ACT_GATHER_INFO |
| 2009-01-12 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_bd730827dfe011dda7650030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-01-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0005.nasl - Type : ACT_GATHER_INFO |
| 2009-01-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0005.nasl - Type : ACT_GATHER_INFO |
| 2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9604.nasl - Type : ACT_GATHER_INFO |
| 2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9521.nasl - Type : ACT_GATHER_INFO |
| 2008-11-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1665.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_bcf2700294c311d9a9e00001020eed82.nasl - Type : ACT_GATHER_INFO |
| 2005-04-21 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-074.nasl - Type : ACT_GATHER_INFO |
| 2005-04-21 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-075.nasl - Type : ACT_GATHER_INFO |
| 2005-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200504-07.nasl - Type : ACT_GATHER_INFO |
| 2005-04-02 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-066.nasl - Type : ACT_GATHER_INFO |
| 2005-03-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-304.nasl - Type : ACT_GATHER_INFO |
| 2005-03-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-21.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:39:49 |
|
