Mandriva Update For Libmodplug MDKSA-2007:001 (libmodplug) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. Updated packages are patched to address this issue.

Affected

libmodplug on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64

Severity

Classification

CVE CVE-2006-4192

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:043 (gnumeric)
Mandrake Security Advisory MDVSA-2009:172 (dhcp)
Mandrake Security Advisory MDVSA-2009:125 (wireshark)
Mandrake Security Advisory MDVSA-2009:094 (mysql)
Mandrake Security Advisory MDVSA-2009:082 (krb5)

Mandriva Update for libmodplug MDKSA-2007:001 (libmodplug)

Take action and discover your vulnerabilities