Test ID:	1.3.6.1.4.1.25623.1.0.62927
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:233 (libcdaudio)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libcdaudio announced via advisory MDVSA-2008:233. A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. Affected: 2008.1, 2009.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:233 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5030 BugTraq ID: 32122 http://www.securityfocus.com/bid/32122 Debian Security Information: DSA-1665 (Google Search) http://www.debian.org/security/2008/dsa-1665 http://security.gentoo.org/glsa/glsa-200903-31.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:233 http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442 http://www.openwall.com/lists/oss-security/2008/11/05/1 http://www.openwall.com/lists/oss-security/2008/11/07/1 http://www.openwall.com/lists/oss-security/2008/11/11/4 http://www.openwall.com/lists/oss-security/2008/11/11/6 http://secunia.com/advisories/32678 http://secunia.com/advisories/34353 SuSE Security Announcement: SUSE-SR:2008:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://www.vupen.com/english/advisories/2008/3132 XForce ISS Database: libcdaudio-cddb-bo(46392) https://exchange.xforce.ibmcloud.com/vulnerabilities/46392 Common Vulnerability Exposure (CVE) ID: CVE-2005-0706 12770 http://www.securityfocus.com/bid/12770 32803 http://secunia.com/advisories/32803 33389 http://secunia.com/advisories/33389 33824 http://secunia.com/advisories/33824 FEDORA-2008-11956 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00188.html FEDORA-2008-9521 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00490.html FEDORA-2008-9604 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00429.html FLSA:152919 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919 GLSA-200503-21 http://security.gentoo.org/glsa/glsa-200503-21.xml RHSA-2005:304 http://www.redhat.com/support/errata/RHSA-2005-304.html RHSA-2009:0005 http://www.redhat.com/support/errata/RHSA-2009-0005.html grip-cddb-bo(19648) https://exchange.xforce.ibmcloud.com/vulnerabilities/19648 http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714 http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714 oval:org.mitre.oval:def:10768 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10768
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.