CVE-2006-3600
CVSS5.1
发布时间 :2006-07-18 11:37:00
修订时间 :2011-09-06 00:00:00
NMCOPS    

[原文]Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp (TunePimp) 0.4.2 allow remote user-assisted attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release date (MBE_ReleaseGetDate), (2) data, or (3) error strings.


[CNNVD]Libtunepimp多个远程缓冲区溢出漏洞(CNNVD-200607-281)

         TunePimp库是一个频应用开发库,允许开发人员打开音乐标签文件进行识别/查询。
        libtunepimp客户端程序存在3个缓冲区溢出漏洞,由于程序中的3个栈变量分配分配了255、255和100字节,但最多却可以向其写入256个字节,攻击者可能利用此漏洞执行任意指令。
        Backtrace: Thread 5 (Thread -1247491168 (LWP 13178)):
        #0 0x00a4a402 in __kernel_vsyscall ()
        #1 0x01b2d069 in raise () from /lib/libc.so.6
        #2 0x01b2e671 in abort () from /lib/libc.so.6
        #3 0x01b61a4b in __libc_message () from /lib/libc.so.6
        #4 0x01be2785 in __stack_chk_fail () from /lib/libc.so.6
        #5 0x03360d99 in __stack_chk_fail_local () from /usr/lib/libtunepimp.so.3
        #6 0x03343135 in LookupTRM::lookup (this=0xb5a4c1e4) at lookuptools.cpp:205
        #7 0x00000000 in ?? ()
        

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3600
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-281
(官方数据源) CNNVD

- 其它链接及资源

http://www.ubuntu.com/usn/usn-318-1
(PATCH)  UBUNTU  USN-318-1
http://secunia.com/advisories/21027
(VENDOR_ADVISORY)  SECUNIA  21027
http://secunia.com/advisories/21026
(VENDOR_ADVISORY)  SECUNIA  21026
http://xforce.iss.net/xforce/xfdb/27728
(UNKNOWN)  XF  libtunepimp-lookuptrmlookup-bo(27728)
http://www.vupen.com/english/advisories/2006/2785
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2785
http://www.securityfocus.com/bid/18961
(UNKNOWN)  BID  18961
http://www.osvdb.org/27094
(UNKNOWN)  OSVDB  27094
http://www.mandriva.com/security/advisories?name=MDKSA-2006:126
(UNKNOWN)  MANDRIVA  MDKSA-2006:126
http://www.debian.org/security/2006/dsa-1135
(UNKNOWN)  DEBIAN  DSA-1135
http://securitytracker.com/id?1016539
(UNKNOWN)  SECTRACK  1016539
http://security.gentoo.org/glsa/glsa-200607-11.xml
(UNKNOWN)  GENTOO  GLSA-200607-11
http://secunia.com/advisories/21323
(VENDOR_ADVISORY)  SECUNIA  21323
http://secunia.com/advisories/21277
(VENDOR_ADVISORY)  SECUNIA  21277
http://secunia.com/advisories/21106
(UNKNOWN)  SECUNIA  21106
http://bugs.musicbrainz.org/ticket/1764
(UNKNOWN)  MISC  http://bugs.musicbrainz.org/ticket/1764

- 漏洞信息

Libtunepimp多个远程缓冲区溢出漏洞
中危 缓冲区溢出
2006-07-18 00:00:00 2006-08-28 00:00:00
远程  
         TunePimp库是一个频应用开发库,允许开发人员打开音乐标签文件进行识别/查询。
        libtunepimp客户端程序存在3个缓冲区溢出漏洞,由于程序中的3个栈变量分配分配了255、255和100字节,但最多却可以向其写入256个字节,攻击者可能利用此漏洞执行任意指令。
        Backtrace: Thread 5 (Thread -1247491168 (LWP 13178)):
        #0 0x00a4a402 in __kernel_vsyscall ()
        #1 0x01b2d069 in raise () from /lib/libc.so.6
        #2 0x01b2e671 in abort () from /lib/libc.so.6
        #3 0x01b61a4b in __libc_message () from /lib/libc.so.6
        #4 0x01be2785 in __stack_chk_fail () from /lib/libc.so.6
        #5 0x03360d99 in __stack_chk_fail_local () from /usr/lib/libtunepimp.so.3
        #6 0x03343135 in LookupTRM::lookup (this=0xb5a4c1e4) at lookuptools.cpp:205
        #7 0x00000000 in ?? ()
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://musicbrainz.org/products/tunepimp/index.html

- 漏洞信息 (F49001)

Debian Linux Security Advisory 1135-1 (PacketStormID:F49001)
2006-08-17 00:00:00
Debian  debian.org
advisory,remote,denial of service,overflow,arbitrary
linux,debian
CVE-2006-3600
[点击下载]

Debian Security Advisory 1135-1 - Kevin Kofler discovered several stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging library, which allows remote attackers to cause a denial of service or execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1135-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 2nd, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libtunepimp
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3600
BugTraq ID     : 18961
Debian Bug     : 378091

Kevin Kofler discovered several stack-based buffer overflows in the
LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging
library, which allows remote attacers to cause a denial of service or
execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 0.3.0-3sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 0.4.2-4.

We recommend that you upgrade your libtunepimp packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.dsc
      Size/MD5 checksum:     1030 9a4920fa648987c785ca7a90389e26d2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.diff.gz
      Size/MD5 checksum:     6370 7398c09a7d071ae47a47d8cf439f98f4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
      Size/MD5 checksum:   524889 f1f506914150c4917ec730f847ad4709

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    24890 2978735432d84c89ae7298388469f45b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    69628 caebe7ed98abb9434b8271a6a60bbcf3
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:   183756 59e0e4beba76a472ab2871ff560e43db
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:   400968 14a5497f7e5a29c7428051f9ac1197db
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:     7514 ed92833051c36f1834d4c2e8431a995b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    36986 3f20bf702c8afd5c515caedb3577d7c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    37012 b397a318bf98a9b8a66e92d813ec1417

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    22574 ab767e6a192e3435808cdc3c0f2eba10
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    64662 2b13c0f10121799469f5918b9457816c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:   167846 c8a9826ed526df5f0b3db91671e86ff8
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:   309342 989a04b1b26449ccef4534d3b573da3f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:     7062 3f59546ad6171eb57027961425008dda
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    35350 85910d25472fd6cd765c5ec70eaec73a
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    35350 ac75587d5816b4b7f4a8c297960c58de

  ARM architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    21328 f0edf637f04bc0569f7d817f7ac4c15f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    60078 11945b07935b831ebc12850951da1814
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:   252294 1dc8ce3cacbafd0e7724c25534e8c2ac
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:   429780 d4025de16da2eeba4daf3b8c373a1972
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:     7494 4bbe28e891a9bbcc4e45f7b0fcaf3a18
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    30692 deec987c46ef0036daf8da7950250beb
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    30704 e80752d9804d728e54cc21f213ebbc85

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    21680 0a120ab21f78a77bb59cb99ca1eb1b8f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    64192 65733e6e2b007c958edddbaa2297ed8c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:   172848 aae66182b0509ed6e9b9ef8fc1efe8e9
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:   295464 bfab73e38dd99e38b6ed3ebc7872521c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:     7384 6b0279cb428e28f0c25936f90c171e7e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    32342 815c12dc0d0bda96bcc3e9e667acdfb1
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    32346 ead31d0b6cd458c681bee2d4fc894df0

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    27032 4b4867843c38aec3e7d7cab211c50180
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    70892 51a6fc495685aa15bca597ba5d49481d
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:   229114 30d7dd79ef08c59c3dccc707ed4c4149
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:   404248 4417640aa53c74f2316f117788382668
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:     7540 86e56a9b5ba5ebac8e1ce08415c81e5c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    41274 5d65583580941d6267755c95bacd6041
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    41290 af3f7132986f4f4eea952b6bf48ab86b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    23038 70f7ff16fa268b83ec8112ea0943eef7
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    71002 d4b412a8e7367cbddde555e8bc12b5c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:   202392 b45edc22062afbc716299c70bbde5e62
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:   372742 113319297131816655e0b4e9884c0512
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:     7388 90e1630a60eebc1316185ad3f17ecfc2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    37312 9a1702305b151cc90c33fd037d211c40
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    37322 e664954cc2797cb6b982234f36a947fc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    21260 ad6086a9b25ca8d5fde4dbc23ce9c692
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    65180 ecaf5f32f118c3bea03ee72feb3a706a
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:   173120 94856cac57d86e7a03e3809965f0e788
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:   294810 7f8a76aabf519488b7e6f566a80cbac4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:     7362 b4328d4446b3ac504452637a6fe6bd08
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    33760 6fad71c1af6746f309fbe8ba2a6eebbe
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    33790 10d2cbfb58b42889a2c163851e99751b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    23990 dcda0902f1c1124f03e9120ebfde0bfd
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    41350 f7f8f4a0b7c25c235c6b9d8dad1d9d9c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:   161176 b7d6241896195d7f314a439b372b127e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:   327600 eafb77ad18b8856fe45476197067b8e2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:     7488 b93b17c16646f9d2c43d3b713f0e414e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    30832 51f3c2b19ec9e12feca6094bfc1c234c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    30830 075f88566e8bd20c7035ccb6bd5c75c1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    24010 948df50ac97f84a3e87915cf8e2e1227
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    41174 58740675d89c0d3790ec8911e465e101
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:   159904 17004743326aa4116d39a51f71205d10
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:   327466 227c0388ec56c7d150d0155ae37c4e70
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:     7506 bee85b2381fb78193452dd0b59a6ecae
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    30530 061f243e1eca9e6f26ef812964907a74
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    30550 d3e03c3944ecc11589d63c9f9cfed9f2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    24732 c9c38d154af36ad28637c763f8dcd117
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    65578 99ab71a5594f3f69c3e375da379dc530
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:   163704 8f7a6aa6a353144c23a8eed9d364251e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:   313058 e4b4d41dcea114933b79a2f0acf1e933
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:     7540 0a87f9037368c2326618c4fca8420823
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    34964 2a29738183724ddf8088457795a57044
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    34974 195aaf1a53f0419a6333e49e91b0b2cc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    22526 1193ac69323d7c312cd75793087c91b9
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    47592 e072c4b460e330972eecc8056ffdf62e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:   164408 bacc4965dccb7825f71a52bf61216168
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:   293254 68deddeeff41080b0e13a8cab173dad0
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:     7492 1d23ac5ea74763a38833f933141dd0fa
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    37268 2cf940107c56c3864fa97013bd21598b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    37252 ac915f3997f66e4c6a94ecee7c6cca37

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    21478 93b66545509e935ce3a8be05e71a93c5
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    64890 2bfba94ca4422855510dfd2cbdc6ce02
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:   163392 a65569a7c43e112ab422e0624a1e4bcb
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:   299368 c2075aa76dac67ab7c82196ae30a63c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:     7518 9d9f6ecf4323f7416adb06ccc22c5533
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    33272 a604ebd85536a7de80d1015114047451
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    33280 3d50a7091fb5ed0038956a81c0bfd828


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE0EpNW5ql+IAeqTIRAnPJAJ4oPLsqagIOfSbMv7E3Nkc853YBjQCgqj6T
TfThd625vxEiVERXLAZK+K8=
=esVD
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48409)

Mandriva Linux Security Advisory 2006.126 (PacketStormID:F48409)
2006-07-20 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service,overflow
linux,mandriva
CVE-2006-3600
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-126 - Kevin Kofler discovered multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote user-complicit attackers to cause a denial of service (application crash) and possibly execute code via a long Album release date (MBE_ReleaseGetDate), data, or error strings.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:126
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libtunepimp
 Date    : July 18, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Kevin Kofler discovered multiple stack-based buffer overflows in the 
 LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote 
 user-complicit attackers to cause a denial of service (application crash) 
 and possibly execute code via a long (1) Album release date 
 (MBE_ReleaseGetDate), (2) data, or (3) error strings.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 fdb516cf3dea20bf1d88fdbfd14c6d5c  2006.0/RPMS/libtunepimp2-0.3.0-3.2.20060mdk.i586.rpm
 5e10b7d6d6455c3b7be8a8cc21957f04  2006.0/RPMS/libtunepimp2-devel-0.3.0-3.2.20060mdk.i586.rpm
 3eb6321a88393a9614346a7104eba2b5  2006.0/RPMS/libtunepimp2-static-devel-0.3.0-3.2.20060mdk.i586.rpm
 5dbdeb4ee582712d8fc368d37b6a0174  2006.0/RPMS/libtunepimp2-utils-0.3.0-3.2.20060mdk.i586.rpm
 05b7eb248b94c2782ae877304bdc09d2  2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bce87a055a585ea8591cfefe5da6c6cb  x86_64/2006.0/RPMS/lib64tunepimp2-0.3.0-3.2.20060mdk.x86_64.rpm
 20a641a6086e7a752b4f52be49dc743a  x86_64/2006.0/RPMS/lib64tunepimp2-devel-0.3.0-3.2.20060mdk.x86_64.rpm
 14cb96ff49c1607c6ddc58c097bce42f  x86_64/2006.0/RPMS/lib64tunepimp2-static-devel-0.3.0-3.2.20060mdk.x86_64.rpm
 b8910c32850f889d310cc66d7c03f99e  x86_64/2006.0/RPMS/lib64tunepimp2-utils-0.3.0-3.2.20060mdk.x86_64.rpm
 05b7eb248b94c2782ae877304bdc09d2  x86_64/2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEvVOqmqjQ0CJFipgRAmT/AJwN6lZ2N9vVrCTCfeu+P4GCqYrvWACfbQWw
ymaorFMK/yxskvkYtm/e7XI=
=AIkB
-----END PGP SIGNATURE-----

    

- 漏洞信息

27094
libtunepimp Tag Parser Multiple Overflows
Local Access Required Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Vendor Verified

- 漏洞描述

libtunepimp contains several flaws that may allow a malicious user to realize a stack based buffer overflow and to issue arbitrary commands on the compromised system. The issue is triggered when handling specially crafted tagged media files (.ogg, .mp3) with software using libtunepimp library.

- 时间线

2006-07-13 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.4.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Libtunepimp Multiple Remote Buffer Overflow Vulnerabilities
Boundary Condition Error 18961
Yes No
2006-07-13 12:00:00 2006-08-02 09:31:00
Discovery is credited to kevin.kofler@chello.at.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
libtunepimp libtunepimp 0.4.2
libtunepimp libtunepimp 0.3
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

The libtunepimp library is affected by multiple remote buffer-overflow vulnerabilities.
These issues arise when the library handles malicious audio files.

A remote attacker may execute arbitrary code to gain unauthorized access.

Versions 0.4.2 and prior are vulnerable to these issues.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Please see the references for more information and vendor advisories.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站