[Pkg-allegro-maintainers] Bug#379064: dumb: CVE-2006-3668:
arbitrary code execution
Alec Berryman
alec at thened.net
Thu Jul 20 22:26:59 UTC 2006
Package: libdumb
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-3668: "Heap-based buffer overflow in the it_read_envelope
function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
earlier, and current CVS as of 20060716, allows user-complicit attackers
to execute arbitrary code via a ".it" (Impulse Tracker) file with an
enveloper with a large number of nodes."
There is a proof-of-concept expoit [1] in the original advisory [2]. I
have not verified the issue. Sarge is probably vulnerable. I do not
see an upstream patch, but the original advisory suggests that the issue
will be fixed in the next version.
Please mention the CVE in your changelog.
Thanks,
Alec
[1] http://aluigi.org/poc/dumbit.zip
[2] http://aluigi.altervista.org/adv/dumbit-adv.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEwAMzAud/2YgchcQRAnROAKCAbMTcW5DcUY9cNysbNEC1cgKznQCgxeZU
bHCS1r8WWutRKUbCIaRRHw8=
=26dP
-----END PGP SIGNATURE-----
More information about the Pkg-allegro-maintainers
mailing list