Lucene search
RootSSV:4479HistoryNov 21, 2008 - 12:00 a.m.
Streamripper lib/http.c文件多个缓冲区溢出漏洞
2008-11-2100:00:00
Root
www.seebug.org
46
EPSS
0.141
Percentile
95.7%
BUGTRAQ ID: 32356
CVE(CAN) ID: CVE-2008-4829
StreamRipper能够将网上的MP3流媒体保存到硬盘中,特别适合录制网络MP3广播。
Streamripper的lib/http.c文件中的http_parse_sc_header()函数在解析以Zwitterion v开始的超长HTTP头时、http_get_pls()函数在解析包含有超长项的特制pls播放列表时、http_get_m3u()函数在解析包含有超长File项的特制m3u播放列表时存在缓冲区溢出漏洞。如果用户受骗连接到了恶意的服务器并加载了恶意的媒体文件的话,就可以触发这些溢出,导致执行任意指令。
Streamripper 1.63.5
Streamripper
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=“http://streamripper.sourceforge.net/” target=“_blank”>http://streamripper.sourceforge.net/</a>
Related
securityvulns
securityvulns
Streamripper multiple buffer overflows
2008-11-21 00:00:00
Secunia Research: Streamripper Multiple Buffer Overflows
2008-11-21 00:00:00
nessus
nessus
GLSA-200901-05 : Streamripper: Multiple vulnerabilities
2009-01-12 00:00:00
FreeBSD : streamripper -- multiple buffer overflows (4d4caee0-b939-11dd-a578-0030843d3802)
2008-11-24 00:00:00
Debian DSA-1683-1 : streamripper - buffer overflow
2008-12-09 00:00:00
ubuntucve
ubuntucve
CVE-2008-4829
2008-11-25 00:00:00
debiancve
debiancve
CVE-2008-4829
2008-11-25 23:30:00
openvas
openvas
Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)
2008-12-01 00:00:00
FreeBSD Ports: streamripper
2008-11-24 00:00:00
Gentoo Security Advisory GLSA 200901-05 (streamripper)
2009-01-13 00:00:00
cve
cve
CVE-2008-4829
2008-11-25 23:30:00
gentoo
gentoo
Streamripper: Multiple vulnerabilities
2009-01-11 00:00:00
freebsd
freebsd
streamripper -- multiple buffer overflows
2008-11-05 00:00:00
cvelist
cvelist
CVE-2008-4829
2008-11-25 23:00:00
prion
prion
Buffer overflow
2008-11-25 23:30:00
nvd
nvd
CVE-2008-4829
2008-11-25 23:30:00
osv
osv
streamripper - potential code execution
2008-12-08 00:00:00
debian
debian