CVE-2007-6613 - Buffer Errors vulnerability in GNU Libcdio 0.79

Publication

2008-01-03

Last modification

2017-08-08

Summary

Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.

Description

The GNU Compact Disc Input and Control Library ('libcdio') is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. The issues occur when the 'cd-info' and 'iso-info' programs handle specially crafted ISO files.Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.The issues affect libcdio 0.79; other versions may also be affected.

Solution

A patch is available from Gentoo bugzilla. Please see the references for more information. GNU libcdio 0.79 GNU libcdio-buffer-offbyone.patch http://bugs.gentoo.org/attachment.cgi?id=140011

Exploit

The following proof of concept is available:Steps to Reproduce: 1. mkdir -p tmp/dir1 2. echo file_with_really_really_long_silly_name_to_test_iso_info_buffer 3. mkisofs -J -R -volid My_Image -o test.iso tmp 4. iso-info -l test.iso

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
GNU Libcdio  0.79