ID OSVDB:27047 Type osvdb Reporter Luigi Auriemma(aluigi@autistici.org) Modified 2006-07-06T07:48:59
Description
Vulnerability Description
A local overflow exists in AdPlug . AdPlug fails to handle specialy crafted U6M files when unpacking them resulting in an heap overflow. A length value read directly in the header of the U6M file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.
Solution Description
Upgrade to version CVS 05 Jul 2006 or higher, as it has been reported to fix this vulnerability.
Short Description
A local overflow exists in AdPlug . AdPlug fails to handle specialy crafted U6M files when unpacking them resulting in an heap overflow. A length value read directly in the header of the U6M file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.
{"id": "OSVDB:27047", "bulletinFamily": "software", "title": "AdPlug u6m.cpp U6M File Unpacking Overflow", "description": "## Vulnerability Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted U6M files when unpacking them resulting in an heap overflow. A length value read directly in the header of the U6M file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## Solution Description\nUpgrade to version CVS 05 Jul 2006 or higher, as it has been reported to fix this vulnerability.\n## Short Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted U6M files when unpacking them resulting in an heap overflow. A length value read directly in the header of the U6M file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://adplug.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml)\n[Secunia Advisory ID:21869](https://secuniaresearch.flexerasoftware.com/advisories/21869/)\n[Secunia Advisory ID:21295](https://secuniaresearch.flexerasoftware.com/advisories/21295/)\n[Secunia Advisory ID:20972](https://secuniaresearch.flexerasoftware.com/advisories/20972/)\n[Secunia Advisory ID:21238](https://secuniaresearch.flexerasoftware.com/advisories/21238/)\n[Related OSVDB ID: 27042](https://vulners.com/osvdb/OSVDB:27042)\n[Related OSVDB ID: 27046](https://vulners.com/osvdb/OSVDB:27046)\n[Related OSVDB ID: 27044](https://vulners.com/osvdb/OSVDB:27044)\n[Related OSVDB ID: 27043](https://vulners.com/osvdb/OSVDB:27043)\n[Related OSVDB ID: 27045](https://vulners.com/osvdb/OSVDB:27045)\nOther Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html\n[CVE-2006-3582](https://vulners.com/cve/CVE-2006-3582)\n", "published": "2006-07-06T07:48:59", "modified": "2006-07-06T07:48:59", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:27047", "reporter": "Luigi Auriemma(aluigi@autistici.org)", "references": [], "cvelist": ["CVE-2006-3582"], "type": "osvdb", "lastseen": "2017-04-28T13:20:23", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "33019074e3d6c7114c9add33ce770dd9"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "b890bdff6a14183db4259a0448935770"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "b0a52844124e08686dd0330b06ab98b3"}, {"key": "href", "hash": "439fc4c78eb6c79e130ad0d1e1692a73"}, {"key": "modified", "hash": "d9526dd98fe527acd9f5ca30b1c858c4"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "d9526dd98fe527acd9f5ca30b1c858c4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "2155716932a7db74a347d98b88a5de75"}, {"key": "title", "hash": "9fdea088006108ab3b95a9956d9da427"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "7b39a94ba3da12292c8f80036a5d34b5565132986c9233621ab761c982eb1b9b", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "AdPlug", "operator": "eq", "version": "2.0"}], "enchantments": {"vulnersScore": 5.4}}
{"result": {"cve": [{"id": "CVE-2006-3582", "type": "cve", "title": "CVE-2006-3582", "description": "Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files.", "published": "2006-07-13T15:05:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3582", "cvelist": ["CVE-2006-3582"], "lastseen": "2017-07-20T10:49:25"}], "osvdb": [{"id": "OSVDB:27042", "type": "osvdb", "title": "AdPlug cff.cpp CFF File Unpacking Overflow", "description": "## Vulnerability Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted CFF files when unpacking them resulting in an heap overflow. A length value read directly in the header of the CFF file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the CFF file allowing for the execution of arbitrary code.\n## Solution Description\nUpgrade to version CVS (2006-07-05) or higher, as it has been reported to fix this vulnerability.\n## Short Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted CFF files when unpacking them resulting in an heap overflow. A length value read directly in the header of the CFF file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the CFF file allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://adplug.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml)\n[Secunia Advisory ID:21869](https://secuniaresearch.flexerasoftware.com/advisories/21869/)\n[Secunia Advisory ID:21295](https://secuniaresearch.flexerasoftware.com/advisories/21295/)\n[Secunia Advisory ID:20972](https://secuniaresearch.flexerasoftware.com/advisories/20972/)\n[Secunia Advisory ID:21238](https://secuniaresearch.flexerasoftware.com/advisories/21238/)\n[Related OSVDB ID: 27047](https://vulners.com/osvdb/OSVDB:27047)\n[Related OSVDB ID: 27046](https://vulners.com/osvdb/OSVDB:27046)\n[Related OSVDB ID: 27044](https://vulners.com/osvdb/OSVDB:27044)\n[Related OSVDB ID: 27043](https://vulners.com/osvdb/OSVDB:27043)\n[Related OSVDB ID: 27045](https://vulners.com/osvdb/OSVDB:27045)\nOther Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html\n[CVE-2006-3582](https://vulners.com/cve/CVE-2006-3582)\n", "published": "2006-07-06T07:48:59", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:27042", "cvelist": ["CVE-2006-3582"], "lastseen": "2017-04-28T13:20:23"}, {"id": "OSVDB:27043", "type": "osvdb", "title": "AdPlug mtk.cpp MTK File Unpacking Overflow", "description": "## Vulnerability Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted MTK files when unpacking them resulting in an heap overflow. A length value read directly in the header of the MTK file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## Solution Description\nUpgrade to version CVS (2006-07-05) or higher, as it has been reported to fix this vulnerability.\n## Short Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted MTK files when unpacking them resulting in an heap overflow. A length value read directly in the header of the MTK file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://adplug.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml)\n[Secunia Advisory ID:21869](https://secuniaresearch.flexerasoftware.com/advisories/21869/)\n[Secunia Advisory ID:21295](https://secuniaresearch.flexerasoftware.com/advisories/21295/)\n[Secunia Advisory ID:20972](https://secuniaresearch.flexerasoftware.com/advisories/20972/)\n[Secunia Advisory ID:21238](https://secuniaresearch.flexerasoftware.com/advisories/21238/)\n[Related OSVDB ID: 27042](https://vulners.com/osvdb/OSVDB:27042)\n[Related OSVDB ID: 27047](https://vulners.com/osvdb/OSVDB:27047)\n[Related OSVDB ID: 27046](https://vulners.com/osvdb/OSVDB:27046)\n[Related OSVDB ID: 27044](https://vulners.com/osvdb/OSVDB:27044)\n[Related OSVDB ID: 27045](https://vulners.com/osvdb/OSVDB:27045)\nOther Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html\n[CVE-2006-3582](https://vulners.com/cve/CVE-2006-3582)\n", "published": "2006-07-06T07:48:59", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:27043", "cvelist": ["CVE-2006-3582"], "lastseen": "2017-04-28T13:20:23"}, {"id": "OSVDB:27044", "type": "osvdb", "title": "AdPlug dmo.cpp DMO File Unpacking Overflow", "description": "## Vulnerability Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted DMO files when unpacking them resulting in an heap overflow. A length value read directly in the header of the DMO file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## Solution Description\nUpgrade to version CVS 05 Jul 2006 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted DMO files when unpacking them resulting in an heap overflow. A length value read directly in the header of the DMO file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://adplug.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml)\n[Secunia Advisory ID:21869](https://secuniaresearch.flexerasoftware.com/advisories/21869/)\n[Secunia Advisory ID:21295](https://secuniaresearch.flexerasoftware.com/advisories/21295/)\n[Secunia Advisory ID:20972](https://secuniaresearch.flexerasoftware.com/advisories/20972/)\n[Secunia Advisory ID:21238](https://secuniaresearch.flexerasoftware.com/advisories/21238/)\n[Related OSVDB ID: 27042](https://vulners.com/osvdb/OSVDB:27042)\n[Related OSVDB ID: 27047](https://vulners.com/osvdb/OSVDB:27047)\n[Related OSVDB ID: 27046](https://vulners.com/osvdb/OSVDB:27046)\n[Related OSVDB ID: 27043](https://vulners.com/osvdb/OSVDB:27043)\n[Related OSVDB ID: 27045](https://vulners.com/osvdb/OSVDB:27045)\nOther Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html\n[CVE-2006-3582](https://vulners.com/cve/CVE-2006-3582)\n", "published": "2006-07-06T07:48:59", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:27044", "cvelist": ["CVE-2006-3582"], "lastseen": "2017-04-28T13:20:23"}], "nessus": [{"id": "GENTOO_GLSA-200607-13.NASL", "type": "nessus", "title": "GLSA-200607-13 : Audacious: Multiple heap and buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200607-13 (Audacious: Multiple heap and buffer overflows)\n\n Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows.\n Impact :\n\n An attacker can entice a user to load a specially crafted media file, resulting in a crash or possible execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-08-04T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22142", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "lastseen": "2017-10-29T13:33:34"}, {"id": "GENTOO_GLSA-200609-06.NASL", "type": "nessus", "title": "GLSA-200609-06 : AdPlug: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200609-06 (AdPlug: Multiple vulnerabilities)\n\n AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M.\n Impact :\n\n By enticing a user to load a specially crafted file, an attacker could execute arbitrary code with the privileges of the user running AdPlug.\n Workaround :\n\n There are no known workarounds at this time.", "published": "2006-09-15T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22351", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "lastseen": "2017-10-29T13:34:45"}], "gentoo": [{"id": "GLSA-200607-13", "type": "gentoo", "title": "Audacious: Multiple heap and buffer overflows", "description": "### Background\n\nAudacious is a media player that has been forked from Beep Media Player. \n\n### Description\n\nLuigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. \n\n### Impact\n\nAn attacker can entice a user to load a specially crafted media file, resulting in a crash or possible execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Audacious users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/audacious-1.1.0\"", "published": "2006-07-29T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200607-13", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "lastseen": "2016-09-06T19:46:05"}, {"id": "GLSA-200609-06", "type": "gentoo", "title": "AdPlug: Multiple vulnerabilities", "description": "### Background\n\nAdPlug is a free, cross-platform, and hardware-independent AdLib sound player library. \n\n### Description\n\nAdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. \n\n### Impact\n\nBy enticing a user to load a specially crafted file, an attacker could execute arbitrary code with the privileges of the user running AdPlug. \n\n### Workaround\n\nThere are no known workarounds at this time. \n\n### Resolution\n\nAll AdPlug users should update to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/adplug-2.0.1\"", "published": "2006-09-12T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200609-06", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "lastseen": "2016-09-06T19:46:53"}], "openvas": [{"id": "OPENVAS:57850", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200607-13 (audacious)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200607-13.", "published": "2008-09-24T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57850", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "lastseen": "2017-07-24T12:50:13"}, {"id": "OPENVAS:57884", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200609-06 (adplug)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200609-06.", "published": "2008-09-24T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57884", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "lastseen": "2017-07-24T12:50:00"}]}}