Vulnerabilities > CVE-2005-0706 - Matches Buffer Overflow vulnerability in Grip CDDB Response
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_10010.NASL description This update fixes the following security problems : - The VFS scripts contained in GNOME are vulnerable to attacks on temporary files as well as command execution via shell meta-characters. These bugs can be exploited by accessing a malformated archive file. (CVE-2004-0494) - Insufficient checks when processing CDDB queries could lead to buffer and integer overflows. (CVE-2005-0706) last seen 2020-06-01 modified 2020-06-02 plugin id 41069 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41069 title SuSE9 Security Update : gnome-vfs2,gnome-vfs2-doc (YOU Patch Number 10010) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41069); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2004-0494", "CVE-2005-0706"); script_name(english:"SuSE9 Security Update : gnome-vfs2,gnome-vfs2-doc (YOU Patch Number 10010)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes the following security problems : - The VFS scripts contained in GNOME are vulnerable to attacks on temporary files as well as command execution via shell meta-characters. These bugs can be exploited by accessing a malformated archive file. (CVE-2004-0494) - Insufficient checks when processing CDDB queries could lead to buffer and integer overflows. (CVE-2005-0706)" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2004-0494/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2005-0706/" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 10010."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"gnome-vfs2-2.4.2-68.9")) flag++; if (rpm_check(release:"SUSE9", reference:"gnome-vfs2-doc-2.4.2-68.9")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"gnome-vfs2-32bit-9-200504131658")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-233.NASL description A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36292 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36292 title Mandriva Linux Security Advisory : libcdaudio (MDVSA-2008:233-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:233. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(36292); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2005-0706", "CVE-2008-5030"); script_xref(name:"MDVSA", value:"2008:233"); script_xref(name:"MDVSA", value:"2008:233-1"); script_name(english:"Mandriva Linux Security Advisory : libcdaudio (MDVSA-2008:233-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cdaudio1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cdaudio1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcdaudio1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcdaudio1-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64cdaudio1-0.99.12-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64cdaudio1-devel-0.99.12-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcdaudio1-0.99.12-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcdaudio1-devel-0.99.12-4.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64cdaudio1-0.99.12-5.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64cdaudio1-devel-0.99.12-5.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libcdaudio1-0.99.12-5.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libcdaudio1-devel-0.99.12-5.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64cdaudio1-0.99.12-6.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64cdaudio1-devel-0.99.12-6.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libcdaudio1-0.99.12-6.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libcdaudio1-devel-0.99.12-6.1mdv2009.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BCF2700294C311D9A9E00001020EED82.NASL description Joseph VanAndel reports that grip is vulnerability to a buffer overflow vulnerability when receiving more than 16 CDDB responses. This could lead to a crash in grip and potentially execution arbitrary code. A workaround is to disable CDDB lookups. last seen 2020-06-01 modified 2020-06-02 plugin id 19101 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19101 title FreeBSD : grip -- CDDB response multiple matches buffer overflow vulnerability (bcf27002-94c3-11d9-a9e0-0001020eed82) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(19101); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2005-0706"); script_bugtraq_id(12770); script_name(english:"FreeBSD : grip -- CDDB response multiple matches buffer overflow vulnerability (bcf27002-94c3-11d9-a9e0-0001020eed82)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Joseph VanAndel reports that grip is vulnerability to a buffer overflow vulnerability when receiving more than 16 CDDB responses. This could lead to a crash in grip and potentially execution arbitrary code. A workaround is to disable CDDB lookups." ); # http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?78976a2e" ); # https://vuxml.freebsd.org/freebsd/bcf27002-94c3-11d9-a9e0-0001020eed82.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?eb11a33d" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:grip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/02"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"grip<3.2.0_7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2008-11956.NASL description This update fixes a potential buffer overflow caused by large amount of CDDB replies (CVE-2005-0706). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35592 published 2009-02-05 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35592 title Fedora 9 : libcdaudio-0.99.12p2-11.fc9 (2008-11956) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-11956. # include("compat.inc"); if (description) { script_id(35592); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2005-0706"); script_xref(name:"FEDORA", value:"2008-11956"); script_name(english:"Fedora 9 : libcdaudio-0.99.12p2-11.fc9 (2008-11956)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a potential buffer overflow caused by large amount of CDDB replies (CVE-2005-0706). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=470552" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/019828.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3987d82f" ); script_set_attribute( attribute:"solution", value:"Update the affected libcdaudio package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libcdaudio"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"libcdaudio-0.99.12p2-11.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcdaudio"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0005.NASL description From Red Hat Security Advisory 2009:0005 : Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 67784 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67784 title Oracle Linux 3 / 4 : gnome-vfs / gnome-vfs2 (ELSA-2009-0005) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0005 and # Oracle Linux Security Advisory ELSA-2009-0005 respectively. # include("compat.inc"); if (description) { script_id(67784); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2005-0706"); script_xref(name:"RHSA", value:"2009:0005"); script_name(english:"Oracle Linux 3 / 4 : gnome-vfs / gnome-vfs2 (ELSA-2009-0005)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:0005 : Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706) Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running GNOME sessions must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-January/000853.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-January/000854.html" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-vfs and / or gnome-vfs2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnome-vfs2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnome-vfs2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gnome-vfs2-smb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"gnome-vfs2-2.2.5-2E.3.3")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"gnome-vfs2-2.2.5-2E.3.3")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"gnome-vfs2-devel-2.2.5-2E.3.3")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"gnome-vfs2-devel-2.2.5-2E.3.3")) flag++; if (rpm_check(release:"EL4", reference:"gnome-vfs2-2.8.2-8.7.el4_7.2")) flag++; if (rpm_check(release:"EL4", reference:"gnome-vfs2-devel-2.8.2-8.7.el4_7.2")) flag++; if (rpm_check(release:"EL4", reference:"gnome-vfs2-smb-2.8.2-8.7.el4_7.2")) flag++; if (rpm_check(release:"EL4", reference:"samba-3.0.28-0.0.2.el4.9")) flag++; if (rpm_check(release:"EL4", reference:"samba-client-3.0.28-0.0.2.el4.9")) flag++; if (rpm_check(release:"EL4", reference:"samba-common-3.0.28-0.0.2.el4.9")) flag++; if (rpm_check(release:"EL4", reference:"samba-swat-3.0.28-0.0.2.el4.9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-vfs2 / gnome-vfs2-devel / gnome-vfs2-smb / samba / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-304.NASL description A new grip package is available that fixes a remote buffer overflow. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and cdda2wav) and Ogg Vorbis encoders. Dean Brettle discovered a buffer overflow bug in the way grip handles data returned by CDDB servers. It is possible that if a user connects to a malicious CDDB server, an attacker could execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 17644 published 2005-03-29 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17644 title RHEL 2.1 : grip (RHSA-2005:304) NASL family Fedora Local Security Checks NASL id FEDORA_2008-11848.NASL description This update fixes a potential buffer overflow caused by large amount of CDDB replies (CVE-2005-0706). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37013 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37013 title Fedora 10 : libcdaudio-0.99.12p2-11.fc10 (2008-11848) NASL family SuSE Local Security Checks NASL id SUSE9_10009.NASL description This update fixes the following security problems : - The VFS scripts contained in GNOME are vulnerable to attacks on temporary files as well as command execution via shell meta-characters. These bugs can be exploited by accessing a malformated archive file. (CVE-2004-0494) - Insufficient checks when processing CDDB queries could lead to buffer and integer overflows. (CVE-2005-0706) last seen 2020-06-01 modified 2020-06-02 plugin id 41068 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41068 title SuSE9 Security Update : gnome-vfs (YOU Patch Number 10009) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0005.NASL description Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 35311 published 2009-01-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35311 title CentOS 3 / 4 : gnome-vfs2 (CESA-2009:0005) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BD730827DFE011DDA7650030843D3802.NASL description securityfocus reports : The last seen 2020-06-01 modified 2020-06-02 plugin id 35343 published 2009-01-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35343 title FreeBSD : libcdaudio -- remote buffer overflow and code execution (bd730827-dfe0-11dd-a765-0030843d3802) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200504-07.NASL description The remote host is affected by the vulnerability described in GLSA-200504-07 (GnomeVFS, libcdaudio: CDDB response overflow) Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results (see GLSA 200503-21). The same overflow is present in GnomeVFS and libcdaudio code. Impact : A malicious CDDB server could cause applications making use of GnomeVFS or libcdaudio libraries to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18001 published 2005-04-08 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18001 title GLSA-200504-07 : GnomeVFS, libcdaudio: CDDB response overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0005.NASL description Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 35301 published 2009-01-07 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35301 title RHEL 2.1 / 3 / 4 : gnome-vfs, gnome-vfs2 (RHSA-2009:0005) NASL family Fedora Local Security Checks NASL id FEDORA_2008-10126.NASL description - Sun Nov 9 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-24 - fixed last seen 2020-06-01 modified 2020-06-02 plugin id 36704 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36704 title Fedora 10 : grip-3.2.0-24.fc10 (2008-10126) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9604.NASL description - Sun Nov 9 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-24 - fixed last seen 2020-06-01 modified 2020-06-02 plugin id 34825 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34825 title Fedora 9 : grip-3.2.0-24.fc9 (2008-9604) NASL family Scientific Linux Local Security Checks NASL id SL_20090107_GNOME_VFS2_ON_SL3_X.NASL description A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 60511 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60511 title Scientific Linux Security Update : gnome-vfs2 on SL3.x, SL4.x i386/x86_64 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-066.NASL description A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user last seen 2020-06-01 modified 2020-06-02 plugin id 17678 published 2005-04-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17678 title Mandrake Linux Security Advisory : grip (MDKSA-2005:066) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-074.NASL description A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user last seen 2020-06-01 modified 2020-06-02 plugin id 18104 published 2005-04-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18104 title Mandrake Linux Security Advisory : gnome-vfs2 (MDKSA-2005:074) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-21.NASL description The remote host is affected by the vulnerability described in GLSA-200503-21 (Grip: CDDB response overflow) Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results. Impact : A malicious CDDB server could cause Grip to crash by returning more then 16 matches, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround : Disable automatic CDDB queries, but we highly encourage users to upgrade to 3.3.0. last seen 2020-06-01 modified 2020-06-02 plugin id 17353 published 2005-03-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17353 title GLSA-200503-21 : Grip: CDDB response overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-075.NASL description A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user last seen 2020-06-01 modified 2020-06-02 plugin id 18105 published 2005-04-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18105 title Mandrake Linux Security Advisory : libcdaudio1 (MDKSA-2005:075) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9521.NASL description - Sun Nov 9 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-24 - fixed last seen 2020-06-01 modified 2020-06-02 plugin id 34824 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34824 title Fedora 8 : grip-3.2.0-24.fc8 (2008-9521)
Oval
| accepted | 2013-04-29T04:08:32.561-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10768 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected. | ||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html
- http://secunia.com/advisories/32803
- http://secunia.com/advisories/33389
- http://secunia.com/advisories/33824
- http://security.gentoo.org/glsa/glsa-200503-21.xml
- http://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714
- http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714
- http://www.redhat.com/support/errata/RHSA-2005-304.html
- http://www.redhat.com/support/errata/RHSA-2009-0005.html
- http://www.securityfocus.com/bid/12770
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19648
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10768
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00429.html
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00490.html
- https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00188.html