发布时间 :2006-04-27 09:34:00
修订时间 :2011-03-07 21:33:14

[原文]Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript.

[CNNVD]abcmidi abcmidi-yaps 多个缓冲区溢出漏洞(CNNVD-200604-534)

        abcmidi 20050101及早期版本中的abcmidi-yaps翻译者存在多个缓冲区溢出漏洞。这使得远程攻击者可以借助于精心设计的ABC音乐文件执行任意代码,音乐文件在向PostScript翻译期间触发了溢出。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  OSVDB  24974
(UNKNOWN)  VUPEN  ADV-2006-1531
(UNKNOWN)  BID  17704

- 漏洞信息

abcmidi abcmidi-yaps 多个缓冲区溢出漏洞
高危 缓冲区溢出
2006-04-27 00:00:00 2006-04-27 00:00:00
        abcmidi 20050101及早期版本中的abcmidi-yaps翻译者存在多个缓冲区溢出漏洞。这使得远程攻击者可以借助于精心设计的ABC音乐文件执行任意代码,音乐文件在向PostScript翻译期间触发了溢出。

- 公告与补丁

        abcMIDI abcMIDI 17
        Debian abcmidi-yaps_17-1woody1_alpha.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_alpha.deb
        Debian abcmidi-yaps_17-1woody1_arm.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_arm.deb
        Debian abcmidi-yaps_17-1woody1_hppa.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_hppa.deb
        Debian abcmidi-yaps_17-1woody1_i386.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_i386.deb
        Debian abcmidi-yaps_17-1woody1_ia64.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_ia64.deb
        Debian abcmidi-yaps_17-1woody1_m68k.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_m68k.deb
        Debian abcmidi-yaps_17-1woody1_mips.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_mips.deb
        Debian abcmidi-yaps_17-1woody1_mipsel.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_mipsel.deb
        Debian abcmidi-yaps_17-1woody1_powerpc.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_powerpc.deb
        Debian abcmidi-yaps_17-1woody1_s390.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_s390.deb
        Debian abcmidi-yaps_17-1woody1_sparc.deb
        Debian GNU/Linux 3.0 alias woody -1woody1_sparc.deb
        Debian abcmidi_17-1woody1_alpha.deb
        Debian GNU/Linux 3.0 alias woody dy1_alpha.deb
        Debian abcmidi_17-1woody1_arm.deb
        Debian GNU/Linux 3.0 alias woody dy1_arm.deb
        Debian abcmidi_17-1woody1_hppa.deb
        Debian GNU/Linux 3.0 alias woody dy1_hppa.deb
        Debian abcmidi_17-1woody1_i386.deb
        Debian GNU/Linux 3.0 alias woody dy1_i386.deb
        Debian abcmidi_17-1woody1_ia64.deb
        Debian GNU/Linux 3.0 alias woody dy1_ia64.deb
        Debian abcmidi_17-1woody1_m68k.deb
        Debian GNU/Linux 3.0 alias woody dy1_m68k.deb
        Debian abcmidi_17-1woody1_mips.deb
        Debian GNU/Linux 3.0 alias woody dy1_mips.deb
        Debian abcmidi_17-1woody1_mipsel.deb
        Debian GNU/Linux 3.0 alias woody dy1_mipsel.deb
        Debian abcmidi_17-1woody1_powerpc.deb
        Debian GNU/Linux 3.0 alias woody dy1_powerpc.deb
        Debian abcmidi_17-1woody1_s390.deb
        Debian GNU/Linux 3.0 alias woody dy1_s390.deb
        Debian abcmidi_17-1woody1_sparc.deb
        Debian GNU/Linux 3.0 alias woody dy1_sparc.deb

- 漏洞信息

abcMIDI ABC Music File Handling Overflow
Local Access Required Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

A local overflow exists in abcMIDI. The product fails to limit the bytes read by sscanf in drawtune.c and yapstree.c resulting in a buffer overflow. With a specially crafted .ABC file, an attacker can cause the program to crash or possibly execute arbitrary code resulting in a loss of integrity or availability for the program.

- 时间线

2006-04-26 Unknow
Unknow Unknow

- 解决方案

Debian users should upgrade to version 17-1woody1 or 20050101-1sarge1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. For other users, currently there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

ABCMIDI ABC Music Files Remote Buffer Overflow Vulnerability
Boundary Condition Error 17704
Yes No
2006-04-26 12:00:00 2006-12-05 08:14:00
Erik Sjlund is credited with the discovery of this vulnerability.

- 受影响的程序版本

Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
abcMIDI abcMIDI 2005-01-01
abcMIDI abcMIDI 2004-12-04
abcMIDI abcMIDI 17

- 漏洞讨论

abcMIDI is prone to a remote buffer-overflow vulnerability.

A remote attacker can exploit this issue to execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

Please see the referenced advisories for information on obtaining and applying the appropriate updates.

Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

abcMIDI abcMIDI 17

abcMIDI abcMIDI 2005-01-01

- 相关参考