oss-sec mailing list archives

Re: CVE request: libcdaudio

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 10 Nov 2008 10:20:41 -0500 (EST)



On Wed, 5 Nov 2008, Thomas Biege wrote:

Hello,
we need a CVE-ID for a buffer overflow in libcdaudio.
It is a remotely exploitable heap-based buffer overflow.


Out of curiosity, what makes it remote?

Use CVE-2008-5030

- Steve

======================================================
Name: CVE-2008-5030
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5030
Reference: MLIST:[oss-security] 20081105 CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/1
Reference: MLIST:[oss-security] 20081107 Re: CVE request: libcdaudio
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/07/1
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
Reference: BID:32122
Reference: URL:http://www.securityfocus.com/bid/32122

Heap-based buffer overflow in the cddb_read_disc_data function in
cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute
arbitrary code via long CDDB data.

Current thread:

CVE request: libcdaudio Thomas Biege (Nov 04)
- Re: CVE request: libcdaudio Tomas Hoger (Nov 07)
  - Re: CVE request: libcdaudio Thomas Biege (Nov 11)
- Re: CVE request: libcdaudio Steven M. Christey (Nov 10)
  - Re: CVE request: libcdaudio Tomas Hoger (Nov 11)
    - Re: CVE request: libcdaudio Thomas Biege (Nov 11)