Full Disclosure mailing list archives
[ GLSA 200610-13 ] Cheese Tracker: Buffer Overflow
From: Raphael Marichez <falco () gentoo org>
Date: Fri, 27 Oct 2006 00:12:04 +0200
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200610-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Cheese Tracker: Buffer Overflow Date: October 26, 2006 Bugs: #142391 ID: 200610-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Cheese Tracker contains a buffer overflow allowing the remote execution of arbitrary code. Background ========== Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/cheesetracker < 0.9.9-r1 >= 0.9.9-r1 Description =========== Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp. Impact ====== An attacker could execute arbitrary code with the rights of the user running Cheese Tracker by enticing a user to load a crafted file with large amount of extra data. Workaround ========== There is no known workaround at this time. Resolution ========== All Cheese Tracker users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/cheesetracker-0.9.9-r1" References ========== [ 1 ] CVE-2006-3814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3814 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200610-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ GLSA 200610-13 ] Cheese Tracker: Buffer Overflow Raphael Marichez (Oct 26)