https://www.securityfocus.com/bid/32356
https://cxsecurity.com/issue/WLB-2008110037
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200811-396
Streamripper 'lib/http.c'文件多个缓冲区溢出漏洞






漏洞ID | 1184527 | 漏洞类型 | 缓冲区溢出 |
发布时间 | 2008-11-19 | 更新时间 | 2008-12-08 |
![]() |
CVE-2008-4829 | ![]() |
CNNVD-200811-396 |
漏洞平台 | N/A | CVSS评分 | 9.3 |
|漏洞来源
|漏洞详情
StreamRipper能够将网上的MP3流媒体保存到硬盘中,特别适合录制网络MP3广播。Streamripper的lib/http.c文件中的http_parse_sc_header()函数在解析以Zwitterionv开始的超长HTTP头时、http_get_pls()函数在解析包含有超长项的特制pls播放列表时、http_get_m3u()函数在解析包含有超长File项的特制m3u播放列表时存在缓冲区溢出漏洞。如果用户受骗连接到了恶意的服务器并加载了恶意的媒体文件的话,就可以触发这些溢出,导致执行任意指令。
|漏洞EXP
======================================================================
Secunia Research 19/11/2008
- Streamripper Multiple Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Streamripper 1.63.5.
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Moderately critical
Impact: System access
Where: Remote
======================================================================
3) Vendor's Description of Software
"Records Shoutcast and Live365 MP3 streams to a hard disk, creating
separate files for each track. Runs under Unix and Windows."
Product Link:
http://streamripper.sourceforge.net/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered some vulnerabilities in Streamripper,
which can be exploited by malicious people to compromise a user's
system.
1) A boundary error exists within http_parse_sc_header() in lib/http.c
when parsing an overly long HTTP header starting with "Zwitterion v".
2) A boundary error exists within http_get_pls() in lib/http.c when
parsing a specially crafted pls playlist containing an overly long
entry.
3) A boundary error exists within http_get_m3u() in lib/http.c when
parsing a specially crafted m3u playlist containing an overly long
"File" entry.
Successful exploitation allows execution of arbitrary code, but
requires that a user is tricked into connecting to a malicious server.
======================================================================
5) Solution
Patches should be available shortly.
======================================================================
6) Time Table
05/11/2008 - Vendor notified.
10/11/2008 - Vendor response.
14/11/2008 - Vendor informs that fixes are ready and will be uploaded
to CVS on the agreed disclosure date.
19/11/2008 - Public disclosure.
======================================================================
7) Credits
Discovered by Stefan Cornelius, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-4829 for the vulnerabilities.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-50/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
|受影响的产品
Streamripper Streamripper 1.63.5
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Deb
|参考资料
来源:BID
名称:32356
链接:http://www.securityfocus.com/bid/32356
来源:BUGTRAQ
名称:20081119SecuniaResearch:StreamripperMultipleBufferOverflows
链接:http://www.securityfocus.com/archive/1/archive/1/498486/100/0/threaded
来源:OSVDB
名称:49997
链接:http://www.osvdb.org/49997
来源:VUPEN
名称:ADV-2008-3207
链接:http://www.frsirt.com/english/advisories/2008/3207
来源:DEBIAN
名称:DSA-1683
链接:http://www.debian.org/security/2008/dsa-1683
来源:SREASON
名称:4647
链接:http://securityreason.com/securityalert/4647
来源:MISC
链接:http://secunia.com/secunia_research/2008-50/
来源:SECUNIA
名称:33061
链接:http://secunia.com/advisories/33061
来源:SECUNIA
名称:33052
链接:http://secunia.com/advisories/33052
来源:SECUNIA
名称:32562
链接:http://secunia.com/advisories/32562
检索漏洞
开始时间
结束时间