Streamripper Multiple Buffer Overflow Vulnerabilities (Linux) Network Vulnerability

Summary

The host is installed with Streamripper, which is prone to Multiple Buffer Overflow Vulnerabilities.

Impact

Successful attack could lead to execution of arbitrary code by tricking a user into connecting to a malicious server or can even cause denial of service condition. Impact Level: Application

Solution

Upgrade to Version 1.64.0, http://streamripper.sourceforge.net/

Insight

The flaws are due to boundary error within, - http_parse_sc_header() function in lib/http.c, when parsing an overly long HTTP header starting with Zwitterion v. - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a specially crafted pls playlist containing an overly long entry or m3u playlist containing an overly long File entry.

Affected

Streamripper Version 1.63.5 and earlier on Linux.

References

http://secunia.com/advisories/32562
http://www.frsirt.com/english/advisories/2008/3207

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4829

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)
ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities
Bopup Communication Server Remote Buffer Overflow Vulnerability
BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)

Take action and discover your vulnerabilities