Search...

Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)

2008-12-01T00:00:00

ID OPENVAS:800147
Type openvas
Reporter Copyright (C) 2008 Greenbone Networks GmbH
Modified 2017-02-01T00:00:00

Description

The host is installed with Streamripper, which is prone to Multiple Buffer Overflow Vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_streamripper_mult_bof_vuln_nov08_lin.nasl 5158 2017-02-01 14:53:04Z mime $
#
# Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)
#
# Authors:
# Veerendra GG &lt;veerendragg@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful attack could lead to execution of arbitrary code by tricking a
  user into connecting to a malicious server or can even cause denial of
  service condition.
  Impact Level: Application";
tag_affected = "Streamripper Version 1.63.5 and earlier on Linux.";
tag_insight = "The flaws are due to boundary error within,
  - http_parse_sc_header() function in lib/http.c, when parsing an overly long
    HTTP header starting with Zwitterion v.
  - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a
    specially crafted pls playlist containing an overly long entry or m3u
    playlist containing an overly long File entry.";
tag_solution = "Upgrade to Version 1.64.0,
  http://streamripper.sourceforge.net/";
tag_summary = "The host is installed with Streamripper, which is prone to Multiple
  Buffer Overflow Vulnerabilities.";

if(description)
{
  script_id(800147);
  script_version("$Revision: 5158 $");
  script_tag(name:"last_modification", value:"$Date: 2017-02-01 15:53:04 +0100 (Wed, 01 Feb 2017) $");
  script_tag(name:"creation_date", value:"2008-12-01 15:31:19 +0100 (Mon, 01 Dec 2008)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2008-4829");
  script_bugtraq_id(32356);
  script_name("Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/32562");
  script_xref(name : "URL" , value : "http://www.frsirt.com/english/advisories/2008/3207");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 Greenbone Networks GmbH");
  script_family("Buffer overflow");
  script_mandatory_keys("login/SSH/success");
  script_dependencies("gather-package-list.nasl");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"executable_version");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("ssh_func.inc");
include("version_func.inc");

sock = ssh_login_or_reuse_connection();
if(!sock){
  exit(0);
}

binPaths = find_bin(prog_name:"streamripper", sock:sock);
foreach srBin (binPaths)
{
  if( chomp(srBin) == "" ) continue;
  srVer = get_bin_version(full_prog_name:chomp(srBin), version_argv:"-v",
                          ver_pattern:"Streamripper ([0-9.]+)", sock:sock);
  if(srVer[1] != NULL )
  {
    if(version_is_less(version:srVer[1], test_version:"1.64.0")){
      security_message(0);
    }
    ssh_close_connection();
    exit(0);
  }
}
ssh_close_connection();

JSON Vulners Source

Initial Source

{"id": "OPENVAS:800147", "type": "openvas", "bulletinFamily": "scanner", "title": "Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)", "description": "The host is installed with Streamripper, which is prone to Multiple\n Buffer Overflow Vulnerabilities.", "published": "2008-12-01T00:00:00", "modified": "2017-02-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=800147", "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "references": ["http://www.frsirt.com/english/advisories/2008/3207", "http://secunia.com/advisories/32562"], "cvelist": ["CVE-2008-4829"], "lastseen": "2017-07-02T21:10:27", "viewCount": 2, "enchantments": {"score": {"value": 8.3, "vector": "NONE", "modified": "2017-07-02T21:10:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4829"]}, {"type": "gentoo", "idList": ["GLSA-200901-05"]}, {"type": "openvas", "idList": ["OPENVAS:800146", "OPENVAS:1361412562310800147", "OPENVAS:63156", "OPENVAS:61914", "OPENVAS:62845", "OPENVAS:1361412562310800146", "OPENVAS:136141256231063156"]}, {"type": "seebug", "idList": ["SSV:4479"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200901-05.NASL", "DEBIAN_DSA-1683.NASL", "FREEBSD_PKG_4D4CAEE0B93911DDA5780030843D3802.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9446", "SECURITYVULNS:DOC:20900"]}, {"type": "freebsd", "idList": ["4D4CAEE0-B939-11DD-A578-0030843D3802"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1683-1:89649"]}], "modified": "2017-07-02T21:10:27", "rev": 2}, "vulnersScore": 8.3}, "pluginID": "800147", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_streamripper_mult_bof_vuln_nov08_lin.nasl 5158 2017-02-01 14:53:04Z mime $\n#\n# Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attack could lead to execution of arbitrary code by tricking a\n user into connecting to a malicious server or can even cause denial of\n service condition.\n Impact Level: Application\";\ntag_affected = \"Streamripper Version 1.63.5 and earlier on Linux.\";\ntag_insight = \"The flaws are due to boundary error within,\n - http_parse_sc_header() function in lib/http.c, when parsing an overly long\n HTTP header starting with Zwitterion v.\n - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a\n specially crafted pls playlist containing an overly long entry or m3u\n playlist containing an overly long File entry.\";\ntag_solution = \"Upgrade to Version 1.64.0,\n http://streamripper.sourceforge.net/\";\ntag_summary = \"The host is installed with Streamripper, which is prone to Multiple\n Buffer Overflow Vulnerabilities.\";\n\nif(description)\n{\n script_id(800147);\n script_version(\"$Revision: 5158 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-01 15:53:04 +0100 (Wed, 01 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-01 15:31:19 +0100 (Mon, 01 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4829\");\n script_bugtraq_id(32356);\n script_name(\"Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/32562\");\n script_xref(name : \"URL\" , value : \"http://www.frsirt.com/english/advisories/2008/3207\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_mandatory_keys(\"login/SSH/success\");\n script_dependencies(\"gather-package-list.nasl\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\nbinPaths = find_bin(prog_name:\"streamripper\", sock:sock);\nforeach srBin (binPaths)\n{\n if( chomp(srBin) == \"\" ) continue;\n srVer = get_bin_version(full_prog_name:chomp(srBin), version_argv:\"-v\",\n ver_pattern:\"Streamripper ([0-9.]+)\", sock:sock);\n if(srVer[1] != NULL )\n {\n if(version_is_less(version:srVer[1], test_version:\"1.64.0\")){\n security_message(0);\n }\n ssh_close_connection();\n exit(0);\n }\n}\nssh_close_connection();\n", "naslFamily": "Buffer overflow"}

{"cve": [{"lastseen": "2020-10-03T11:51:03", "description": "Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long \"Zwitterion v\" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.", "edition": 3, "cvss3": {}, "published": "2008-11-25T23:30:00", "title": "CVE-2008-4829", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4829"], "modified": "2018-10-11T20:52:00", "cpe": ["cpe:/a:streamripper:streamripper:1.63.5"], "id": "CVE-2008-4829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4829", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:streamripper:streamripper:1.63.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:57:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4829"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200901-05.", "modified": "2017-07-07T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:63156", "href": "http://plugins.openvas.org/nasl.php?oid=63156", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200901-05 (streamripper)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple buffer overflows have been discovered in Streamripper, allowing\nfor user-assisted execution of arbitrary code.\";\ntag_solution = \"All Streamripper users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/streamripper-1.64.0'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200901-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=249039\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200901-05.\";\n\n \n \n\nif(description)\n{\n script_id(63156);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-4829\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200901-05 (streamripper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-sound/streamripper\", unaffected: make_list(\"ge 1.64.0\"), vulnerable: make_list(\"lt 1.64.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4829"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200901-05.", "modified": "2018-04-06T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:136141256231063156", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063156", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200901-05 (streamripper)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple buffer overflows have been discovered in Streamripper, allowing\nfor user-assisted execution of arbitrary code.\";\ntag_solution = \"All Streamripper users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/streamripper-1.64.0'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200901-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=249039\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200901-05.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63156\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-4829\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200901-05 (streamripper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-sound/streamripper\", unaffected: make_list(\"ge 1.64.0\"), vulnerable: make_list(\"lt 1.64.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4829"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-30T00:00:00", "published": "2008-11-24T00:00:00", "id": "OPENVAS:61914", "href": "http://plugins.openvas.org/nasl.php?oid=61914", "type": "openvas", "title": "FreeBSD Ports: streamripper", "sourceData": "#\n#VID 4d4caee0-b939-11dd-a578-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 4d4caee0-b939-11dd-a578-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: streamripper\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/secunia_research/2008-50/\nhttp://streamripper.cvs.sourceforge.net/viewvc/streamripper/sripper_1x/CHANGES?revision=1.196\nhttp://www.vuxml.org/freebsd/4d4caee0-b939-11dd-a578-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(61914);\n script_version(\"$Revision: 4188 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-30 07:56:47 +0200 (Fri, 30 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-24 23:46:43 +0100 (Mon, 24 Nov 2008)\");\n script_cve_id(\"CVE-2008-4829\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: streamripper\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"streamripper\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.64.0\")<0) {\n txt += 'Package streamripper version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4829"], "description": "The host is installed with Streamripper, which is prone to Multiple\n Buffer Overflow Vulnerabilities.", "modified": "2017-02-20T00:00:00", "published": "2008-12-01T00:00:00", "id": "OPENVAS:800146", "href": "http://plugins.openvas.org/nasl.php?oid=800146", "type": "openvas", "title": "Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_streamripper_mult_bof_vuln_nov08_win.nasl 5370 2017-02-20 15:24:26Z cfi $\n#\n# Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attack could lead to execution of arbitrary code by tricking a\n user into connecting to a malicious server or can even cause denial of\n service condition.\n Impact Level: Application\";\ntag_affected = \"Streamripper Version 1.63.5 and earlier on Windows.\";\ntag_insight = \"The flaws are due to boundary error within,\n - http_parse_sc_header() function in lib/http.c, when parsing an overly long\n HTTP header starting with Zwitterion v.\n - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a\n specially crafted pls playlist containing an overly long entry or m3u\n playlist containing an overly long File entry.\";\ntag_solution = \"Upgrade to Version 1.64.0,\n http://streamripper.sourceforge.net/\";\ntag_summary = \"The host is installed with Streamripper, which is prone to Multiple\n Buffer Overflow Vulnerabilities.\";\n\nif(description)\n{\n script_id(800146);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-01 15:31:19 +0100 (Mon, 01 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4829\");\n script_bugtraq_id(32356);\n script_name(\"Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/32562\");\n script_xref(name : \"URL\" , value : \"http://www.frsirt.com/english/advisories/2008/3207\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nsrPath = registry_get_sz(item:\"UninstallString\", key:\"SOFTWARE\\Microsoft\" +\n \"\\Windows\\CurrentVersion\\Uninstall\\Streamripper\");\nif(!srPath){\n exit(0);\n}\n\nsrFile = srPath - \"Uninstall.exe\" + \"CHANGES\";\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:srFile);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:srFile);\n\nsrVer = read_file(share:share, file:file, offset:0, count:256);\nsrVer = eregmatch(pattern:\"New for ([0-9.]+)\", string:srVer);\n\nif(srVer[1] != NULL )\n{\n if(version_is_less(version:srVer[1], test_version:\"1.64.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-16T16:58:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4829"], "description": "The host is installed with Streamripper, which is prone to Multiple\n Buffer Overflow Vulnerabilities.", "modified": "2020-04-14T00:00:00", "published": "2008-12-01T00:00:00", "id": "OPENVAS:1361412562310800146", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800146", "type": "openvas", "title": "Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800146\");\n script_version(\"2020-04-14T08:15:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-14 08:15:28 +0000 (Tue, 14 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-12-01 15:31:19 +0100 (Mon, 01 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4829\");\n script_bugtraq_id(32356);\n script_name(\"Streamripper Multiple Buffer Overflow Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/32562\");\n script_xref(name:\"URL\", value:\"http://www.frsirt.com/english/advisories/2008/3207\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n script_tag(name:\"impact\", value:\"Successful attack could lead to execution of arbitrary code by tricking a\n user into connecting to a malicious server or can even cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Streamripper Version 1.63.5 and earlier on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to boundary error within,\n\n - http_parse_sc_header() function in lib/http.c, when parsing an overly long\n HTTP header starting with Zwitterion v.\n\n - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a\n specially crafted pls playlist containing an overly long entry or m3u\n playlist containing an overly long File entry.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Version 1.64.0 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Streamripper, which is prone to Multiple\n Buffer Overflow Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nsrPath = registry_get_sz(item:\"UninstallString\", key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Streamripper\");\nif(!srPath){\n exit(0);\n}\n\nsrFile = srPath - \"Uninstall.exe\" + \"CHANGES\";\nsrVer = smb_read_file(fullpath:srFile, offset:0, count:256);\nsrVer = eregmatch(pattern:\"New for ([0-9.]+)\", string:srVer);\n\nif(srVer[1] != NULL )\n{\n if(version_is_less(version:srVer[1], test_version:\"1.64.0\")){\n report = report_fixed_ver(installed_version:srVer[1], fixed_version:\"1.64.0\", install_path:srPath);\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-31T19:14:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4829"], "description": "The host is installed with Streamripper, which is prone to Multiple\n Buffer Overflow Vulnerabilities.", "modified": "2020-03-27T00:00:00", "published": "2008-12-01T00:00:00", "id": "OPENVAS:1361412562310800147", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800147", "type": "openvas", "title": "Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800147\");\n script_version(\"2020-03-27T14:05:33+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-27 14:05:33 +0000 (Fri, 27 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-12-01 15:31:19 +0100 (Mon, 01 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4829\");\n script_bugtraq_id(32356);\n script_name(\"Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_mandatory_keys(\"login/SSH/success\");\n script_dependencies(\"gather-package-list.nasl\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/32562\");\n script_xref(name:\"URL\", value:\"http://www.frsirt.com/english/advisories/2008/3207\");\n\n script_tag(name:\"impact\", value:\"Successful attack could lead to execution of arbitrary code by tricking a\n user into connecting to a malicious server or can even cause denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"Streamripper Version 1.63.5 and earlier on Linux.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to boundary error within,\n\n - http_parse_sc_header() function in lib/http.c, when parsing an overly long\n HTTP header starting with Zwitterion v.\n\n - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a\n specially crafted pls playlist containing an overly long entry or m3u\n playlist containing an overly long File entry.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Version 1.64.0 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Streamripper, which is prone to Multiple\n Buffer Overflow Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock)\n exit(0);\n\nbinPaths = ssh_find_bin(prog_name:\"streamripper\", sock:sock);\nif(!binPaths){\n ssh_close_connection();\n exit(0);\n}\n\nforeach srBin(binPaths){\n\n srBin = chomp(srBin);\n if(!srBin) continue;\n\n srVer = ssh_get_bin_version(full_prog_name:srBin, version_argv:\"-v\", ver_pattern:\"Streamripper ([0-9.]+)\", sock:sock);\n if(srVer[1]){\n if(version_is_less(version:srVer[1], test_version:\"1.64.0\")){\n report = report_fixed_ver(installed_version:srVer[1], fixed_version:\"1.64.0\", install_path:srBin);\n security_message(port:0, data:report);\n ssh_close_connection();\n exit(0);\n }\n }\n}\n\nssh_close_connection();\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4337", "CVE-2008-4829"], "description": "The remote host is missing an update to streamripper\nannounced via advisory DSA 1683-1.", "modified": "2017-07-07T00:00:00", "published": "2008-12-10T00:00:00", "id": "OPENVAS:62845", "href": "http://plugins.openvas.org/nasl.php?oid=62845", "type": "openvas", "title": "Debian Security Advisory DSA 1683-1 (streamripper)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1683_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1683-1 (streamripper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple buffer overflows involving HTTP header and playlist parsing\nhave been discovered in streamripper (CVE-2007-4337, CVE-2008-4829).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.61.27-1+etch1.\n\nFor the unstable distribution (sid) and the testing distribution\n(lenny), these problems have been fixed in version 1.63.5-2.\n\nWe recommend that you upgrade your streamripper package.\";\ntag_summary = \"The remote host is missing an update to streamripper\nannounced via advisory DSA 1683-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201683-1\";\n\n\nif(description)\n{\n script_id(62845);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-10 05:23:56 +0100 (Wed, 10 Dec 2008)\");\n script_cve_id(\"CVE-2007-4337\", \"CVE-2008-4829\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1683-1 (streamripper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"streamripper\", ver:\"1.61.27-1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4829"], "edition": 1, "description": "### Background\n\nStreamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. \n\n### Description\n\nStefan Cornelius from Secunia Research reported multiple buffer overflows in the http_parse_sc_header(), http_get_pls() and http_get_m3u() functions in lib/http.c when parsing overly long HTTP headers, or pls and m3u playlists with overly long entries. \n\n### Impact\n\nA remote attacker could entice a user to connect to a malicious server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Streamripper users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/streamripper-1.64.0\"", "modified": "2009-01-11T00:00:00", "published": "2009-01-11T00:00:00", "id": "GLSA-200901-05", "href": "https://security.gentoo.org/glsa/200901-05", "type": "gentoo", "title": "Streamripper: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:21", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4829"], "description": "\nSecunia reports:\n\nA boundary error exists within http_parse_sc_header() in lib/http.c\n\t when parsing an overly long HTTP header starting with \"Zwitterion v\".\nA boundary error exists within http_get_pls() in lib/http.c when\n\t parsing a specially crafted pls playlist containing an overly long\n\t entry.\nA boundary error exists within http_get_m3u() in lib/http.c when\n\t parsing a specially crafted m3u playlist containing an overly long\n\t \"File\" entry.\n\n", "edition": 4, "modified": "2008-11-05T00:00:00", "published": "2008-11-05T00:00:00", "id": "4D4CAEE0-B939-11DD-A578-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/4d4caee0-b939-11dd-a578-0030843d3802.html", "title": "streamripper -- multiple buffer overflows", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-4829"], "description": "Buffer overflows on HTTP response headers parsing, .m3u and .pls playlists parsing.", "edition": 1, "modified": "2008-11-21T00:00:00", "published": "2008-11-21T00:00:00", "id": "SECURITYVULNS:VULN:9446", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9446", "title": "Streamripper multiple buffer overflows", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-4829"], "description": "====================================================================== \r\n\r\n Secunia Research 19/11/2008\r\n\r\n - Streamripper Multiple Buffer Overflows -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Streamripper 1.63.5.\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Moderately critical\r\nImpact: System access\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"Records Shoutcast and Live365 MP3 streams to a hard disk, creating\r\nseparate files for each track. Runs under Unix and Windows."\r\n\r\nProduct Link:\r\nhttp://streamripper.sourceforge.net/\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered some vulnerabilities in Streamripper,\r\nwhich can be exploited by malicious people to compromise a user's\r\nsystem.\r\n\r\n1) A boundary error exists within http_parse_sc_header() in lib/http.c\r\nwhen parsing an overly long HTTP header starting with "Zwitterion v".\r\n\r\n2) A boundary error exists within http_get_pls() in lib/http.c when \r\nparsing a specially crafted pls playlist containing an overly long \r\nentry.\r\n\r\n3) A boundary error exists within http_get_m3u() in lib/http.c when \r\nparsing a specially crafted m3u playlist containing an overly long \r\n"File" entry.\r\n\r\nSuccessful exploitation allows execution of arbitrary code, but \r\nrequires that a user is tricked into connecting to a malicious server.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nPatches should be available shortly.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n05/11/2008 - Vendor notified.\r\n10/11/2008 - Vendor response.\r\n14/11/2008 - Vendor informs that fixes are ready and will be uploaded\r\n to CVS on the agreed disclosure date.\r\n19/11/2008 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Stefan Cornelius, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nCVE-2008-4829 for the vulnerabilities.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-50/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "modified": "2008-11-21T00:00:00", "published": "2008-11-21T00:00:00", "id": "SECURITYVULNS:DOC:20900", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20900", "title": "Secunia Research: Streamripper Multiple Buffer Overflows", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:20:21", "description": "BUGTRAQ ID: 32356\r\nCVE(CAN) ID: CVE-2008-4829\r\n\r\nStreamRipper\u80fd\u591f\u5c06\u7f51\u4e0a\u7684MP3\u6d41\u5a92\u4f53\u4fdd\u5b58\u5230\u786c\u76d8\u4e2d\uff0c\u7279\u522b\u9002\u5408\u5f55\u5236\u7f51\u7edcMP3\u5e7f\u64ad\u3002\r\n\r\nStreamripper\u7684lib/http.c\u6587\u4ef6\u4e2d\u7684http_parse_sc_header()\u51fd\u6570\u5728\u89e3\u6790\u4ee5Zwitterion v\u5f00\u59cb\u7684\u8d85\u957fHTTP\u5934\u65f6\u3001http_get_pls()\u51fd\u6570\u5728\u89e3\u6790\u5305\u542b\u6709\u8d85\u957f\u9879\u7684\u7279\u5236pls\u64ad\u653e\u5217\u8868\u65f6\u3001http_get_m3u()\u51fd\u6570\u5728\u89e3\u6790\u5305\u542b\u6709\u8d85\u957fFile\u9879\u7684\u7279\u5236m3u\u64ad\u653e\u5217\u8868\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u8fde\u63a5\u5230\u4e86\u6076\u610f\u7684\u670d\u52a1\u5668\u5e76\u52a0\u8f7d\u4e86\u6076\u610f\u7684\u5a92\u4f53\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e9b\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\n\nStreamripper 1.63.5\n Streamripper\r\n------------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n<a href=http://streamripper.sourceforge.net/ target=_blank>http://streamripper.sourceforge.net/</a>", "published": "2008-11-21T00:00:00", "title": "Streamripper lib/http.c\u6587\u4ef6\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4829"], "modified": "2008-11-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4479", "id": "SSV:4479", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2021-01-07T10:43:16", "description": "Secunia reports :\n\nA boundary error exists within http_parse_sc_header() in lib/http.c\nwhen parsing an overly long HTTP header starting with 'Zwitterion v'.\n\nA boundary error exists within http_get_pls() in lib/http.c when\nparsing a specially crafted pls playlist containing an overly long\nentry.\n\nA boundary error exists within http_get_m3u() in lib/http.c when\nparsing a specially crafted m3u playlist containing an overly long\n'File' entry.", "edition": 26, "published": "2008-11-24T00:00:00", "title": "FreeBSD : streamripper -- multiple buffer overflows (4d4caee0-b939-11dd-a578-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4829"], "modified": "2008-11-24T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:streamripper"], "id": "FREEBSD_PKG_4D4CAEE0B93911DDA5780030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/34940", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34940);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-4829\");\n\n script_name(english:\"FreeBSD : streamripper -- multiple buffer overflows (4d4caee0-b939-11dd-a578-0030843d3802)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA boundary error exists within http_parse_sc_header() in lib/http.c\nwhen parsing an overly long HTTP header starting with 'Zwitterion v'.\n\nA boundary error exists within http_get_pls() in lib/http.c when\nparsing a specially crafted pls playlist containing an overly long\nentry.\n\nA boundary error exists within http_get_m3u() in lib/http.c when\nparsing a specially crafted m3u playlist containing an overly long\n'File' entry.\"\n );\n # http://secunia.com/secunia_research/2008-50/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2008-50/\"\n );\n # http://streamripper.cvs.sourceforge.net/viewvc/streamripper/sripper_1x/CHANGES?revision=1.196\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b3e4431\"\n );\n # https://vuxml.freebsd.org/freebsd/4d4caee0-b939-11dd-a578-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16f240fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:streamripper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"streamripper<1.64.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:27", "description": "The remote host is affected by the vulnerability described in GLSA-200901-05\n(Streamripper: Multiple vulnerabilities)\n\n Stefan Cornelius from Secunia Research reported multiple buffer\n overflows in the http_parse_sc_header(), http_get_pls() and\n http_get_m3u() functions in lib/http.c when parsing overly long HTTP\n headers, or pls and m3u playlists with overly long entries.\n \nImpact :\n\n A remote attacker could entice a user to connect to a malicious server,\n possibly resulting in the remote execution of arbitrary code with the\n privileges of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2009-01-12T00:00:00", "title": "GLSA-200901-05 : Streamripper: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4829"], "modified": "2009-01-12T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:streamripper", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200901-05.NASL", "href": "https://www.tenable.com/plugins/nessus/35349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200901-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35349);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-4829\");\n script_xref(name:\"GLSA\", value:\"200901-05\");\n\n script_name(english:\"GLSA-200901-05 : Streamripper: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200901-05\n(Streamripper: Multiple vulnerabilities)\n\n Stefan Cornelius from Secunia Research reported multiple buffer\n overflows in the http_parse_sc_header(), http_get_pls() and\n http_get_m3u() functions in lib/http.c when parsing overly long HTTP\n headers, or pls and m3u playlists with overly long entries.\n \nImpact :\n\n A remote attacker could entice a user to connect to a malicious server,\n possibly resulting in the remote execution of arbitrary code with the\n privileges of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200901-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Streamripper users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/streamripper-1.64.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:streamripper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-sound/streamripper\", unaffected:make_list(\"ge 1.64.0\"), vulnerable:make_list(\"lt 1.64.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Streamripper\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:10", "description": "Multiple buffer overflows involving HTTP header and playlist parsing\nhave been discovered in streamripper (CVE-2007-4337, CVE-2008-4829 ).", "edition": 25, "published": "2008-12-09T00:00:00", "title": "Debian DSA-1683-1 : streamripper - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4337", "CVE-2008-4829"], "modified": "2008-12-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:streamripper"], "id": "DEBIAN_DSA-1683.NASL", "href": "https://www.tenable.com/plugins/nessus/35061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1683. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35061);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4337\", \"CVE-2008-4829\");\n script_xref(name:\"DSA\", value:\"1683\");\n\n script_name(english:\"Debian DSA-1683-1 : streamripper - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflows involving HTTP header and playlist parsing\nhave been discovered in streamripper (CVE-2007-4337, CVE-2008-4829 ).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1683\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the streamripper package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.61.27-1+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:streamripper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"streamripper\", reference:\"1.61.27-1+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:00:03", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4337", "CVE-2008-4829"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1683-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nDecember 08, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : streamripper\nVulnerability : buffer overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-4337 CVE-2008-4829\nDebian Bug : 506377\n\nMultiple buffer overflows involving HTTP header and playlist parsing\nhave been discovered in streamripper (CVE-2007-4337, CVE-2008-4829).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.61.27-1+etch1.\n\nFor the unstable distribution (sid) and the testing distribution\n(lenny), these problems have been fixed in version 1.63.5-2.\n\nWe recommend that you upgrade your streamripper package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27.orig.tar.gz\n Size/MD5 checksum: 294218 8761dda030f92cbdfa38e73a981cc6bc\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1.diff.gz\n Size/MD5 checksum: 5040 0a4fe994a155d07163b3455df5c2668b\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1.dsc\n Size/MD5 checksum: 964 67ddf22de3c0642e41245e07e534c992\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_alpha.deb\n Size/MD5 checksum: 84142 9450efa0b7fcfce8e976a0a1acb9e837\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_amd64.deb\n Size/MD5 checksum: 75808 0d0d435b05e1c7b5bf2aa375b6569ae4\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_arm.deb\n Size/MD5 checksum: 70992 3d77dcfe3d7785aaed4544cdfd3a8489\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_hppa.deb\n Size/MD5 checksum: 77884 aff00b60cc13c3c46232f86a1bfab553\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_i386.deb\n Size/MD5 checksum: 71180 61c43e7298aac28f4e96287e7eb8b1b0\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_ia64.deb\n Size/MD5 checksum: 99678 b18634cd32a198e747aa99470d3863ab\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_mips.deb\n Size/MD5 checksum: 78584 a417879681280d7f4640557cf1b6085a\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_mipsel.deb\n Size/MD5 checksum: 78814 c92e229fc90db4cf408ee44a619545ee\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_powerpc.deb\n Size/MD5 checksum: 76114 45d0eaaea3a1ec5d874aa9f51221d89c\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_s390.deb\n Size/MD5 checksum: 75984 7aaff15041ece4095eaa1ab470aed7b6\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_sparc.deb\n Size/MD5 checksum: 70322 78e266c09b92286776216406420f1220\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 8, "modified": "2008-12-08T18:58:40", "published": "2008-12-08T18:58:40", "id": "DEBIAN:DSA-1683-1:89649", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00275.html", "title": "[SECURITY] [DSA 1683-1] New streamripper packages fix potential code execution", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}