Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:157 (musicbrainz)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57317

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:157 (musicbrainz)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to musicbrainz
announced via advisory MDKSA-2006:157.

Multiple buffer overflows in libmusicbrainz (aka mb_client or
MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and
earlier, allow remote attackers to cause a denial of service (crash)
or execute arbitrary code via (1) a long Location header by the HTTP
server, which triggers an overflow in the MBHttp::Download function in
lib/http.cpp
and (2) a long URL in RDF data, as demonstrated by a URL
in an rdf:resource field in an RDF XML document, which triggers
overflows in many functions in lib/rdfparse.c.

The updated packages have been patched to correct this issue.

Affected: 2006.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:157

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4197
BugTraq ID: 19508
http://www.securityfocus.com/bid/19508
Bugtraq: 20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2 (Google Search)
http://www.securityfocus.com/archive/1/443205/100/0/threaded
Bugtraq: 20060830 rPSA-2006-0161-1 libmusicbrainz (Google Search)
http://www.securityfocus.com/archive/1/444843/100/0/threaded
Debian Security Information: DSA-1162 (Google Search)
http://www.debian.org/security/2006/dsa-1162
http://security.gentoo.org/glsa/glsa-200610-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:157
http://aluigi.altervista.org/adv/brainzbof-adv.txt
http://securitytracker.com/id?1016691
http://secunia.com/advisories/21404
http://secunia.com/advisories/21668
http://secunia.com/advisories/21699
http://secunia.com/advisories/22191
http://secunia.com/advisories/22393
http://secunia.com/advisories/22517
http://secunia.com/advisories/22639
http://securityreason.com/securityalert/1399
SuSE Security Announcement: SUSE-SR:2006:025 (Google Search)
http://www.novell.com/linux/security/advisories/2006_25_sr.html
http://www.ubuntu.com/usn/usn-363-1
XForce ISS Database: libmusicbrainz-mbhttpdownload-bo(28367)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28367
XForce ISS Database: libmusicbrainz-rdfparse-bo(28368)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28368

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57317
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:157 (musicbrainz)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to musicbrainz announced via advisory MDKSA-2006:157. Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. The updated packages have been patched to correct this issue. Affected: 2006.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:157 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4197 BugTraq ID: 19508 http://www.securityfocus.com/bid/19508 Bugtraq: 20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2 (Google Search) http://www.securityfocus.com/archive/1/443205/100/0/threaded Bugtraq: 20060830 rPSA-2006-0161-1 libmusicbrainz (Google Search) http://www.securityfocus.com/archive/1/444843/100/0/threaded Debian Security Information: DSA-1162 (Google Search) http://www.debian.org/security/2006/dsa-1162 http://security.gentoo.org/glsa/glsa-200610-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:157 http://aluigi.altervista.org/adv/brainzbof-adv.txt http://securitytracker.com/id?1016691 http://secunia.com/advisories/21404 http://secunia.com/advisories/21668 http://secunia.com/advisories/21699 http://secunia.com/advisories/22191 http://secunia.com/advisories/22393 http://secunia.com/advisories/22517 http://secunia.com/advisories/22639 http://securityreason.com/securityalert/1399 SuSE Security Announcement: SUSE-SR:2006:025 (Google Search) http://www.novell.com/linux/security/advisories/2006_25_sr.html http://www.ubuntu.com/usn/usn-363-1 XForce ISS Database: libmusicbrainz-mbhttpdownload-bo(28367) https://exchange.xforce.ibmcloud.com/vulnerabilities/28367 XForce ISS Database: libmusicbrainz-rdfparse-bo(28368) https://exchange.xforce.ibmcloud.com/vulnerabilities/28368
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com