9.3 - MDVSA-2009:055

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	MDVSA-2009:055	First vendor Publication	2009-02-25
Vendor	Mandriva	Last vendor Modification	2009-02-25
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been identified and corrected in audacity:

Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string (CVE-2009-0490).

The updated packages have been patched to prevent this.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:055

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Audacityteam Audacity cpe:2.3:a:audacityteam:audacity:1.3.2:::::::* cpe:2.3:a:audacityteam:audacity:1.2.6:::::::* cpe:2.3:a:audacityteam:audacity::::::::	3

OpenVAS Exploits

Date	Description
2009-06-05	Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl
2009-03-07	Name : Gentoo Security Advisory GLSA 200903-03 (audacity) File : nvt/glsa_200903_03.nasl
2009-03-02	Name : Mandrake Security Advisory MDVSA-2009:055 (audacity) File : nvt/mdksa_2009_055.nasl
2009-02-18	Name : Audacity Buffer Overflow Vulnerability (Linux) File : nvt/secpod_audacity_bof_vuln_lin.nasl
2009-02-18	Name : Audacity Buffer Overflow Vulnerability (Win) File : nvt/secpod_audacity_bof_vuln_win.nasl
2009-02-18	Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
51070	Audacity lib-src/allegro/strparse.cpp String_parse::get_nonspace_quoted() Fun...

Nessus® Vulnerability Scanner

Date	Description
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_audacity-090212.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_audacity-090212.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-055.nasl - Type : ACT_GATHER_INFO
2009-03-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-03.nasl - Type : ACT_GATHER_INFO
2009-02-13	Name : The remote openSUSE host is missing a security update. File : suse_audacity-5997.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:40:03	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	3
osvdb(s)	1
Openvas Exploit(s)	6
Nessus® Exploit(s)	5

	Related
9.3	CVE-2009-0490
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)