LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libmodplug vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.
=========================================================== 
Ubuntu Security Notice USN-521-1         September 27, 2007
libmodplug vulnerability
CVE-2006-4192
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libmodplug0c2                   1:0.7-5ubuntu0.6.06.1

Ubuntu 6.10:
  libmodplug0c2                   1:0.7-5ubuntu0.6.10.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Luigi Auriemma discovered that libmodplug did not properly sanitize
its input. A specially crafted AMF file could be used to exploit this
situation to cause buffer overflows and possibly execute arbitrary code
as the user.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.06.1.diff.gz
      Size/MD5:     7132 5ea7bde5b33470ae5adfcc8f977d051a
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.06.1.dsc
      Size/MD5:      640 0c363a061dd31dd1e3ab86f6306a8124
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz
      Size/MD5:   329398 b6e7412f90cdd4a27a2dd3de94909905

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug-dev_0.7-5ubuntu0.6.06.1_all.deb
      Size/MD5:    22350 43bf0cad64c5b99dc298fa0ce3f3db44

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.1_amd64.deb
      Size/MD5:   117402 feeebd679f9355fdf259c1014313dc4a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.1_i386.deb
      Size/MD5:   115238 ef9c9fdd542ca9b1573cc383d3b0ddfd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   125616 eeb2f3baef12ae5883e3e3aff0082d16

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.1_sparc.deb
      Size/MD5:   123276 3242bdcb39748d212d127d21e2aac864

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.10.1.diff.gz
      Size/MD5:     7129 a5eb16cd1823bd7bf9fe12f93583d363
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.10.1.dsc
      Size/MD5:      640 4673f3d2ab6676f7c14686d9fe34294f
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz
      Size/MD5:   329398 b6e7412f90cdd4a27a2dd3de94909905

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug-dev_0.7-5ubuntu0.6.10.1_all.deb
      Size/MD5:    22384 bc58f46270dfc27b538a87279a76eac7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.10.1_amd64.deb
      Size/MD5:   116602 a328b8a1d89690e1ecd3fc51029a136d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.10.1_i386.deb
      Size/MD5:   118066 c88fcf05eaf8df6c5cb9c2decf77eefe

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.10.1_powerpc.deb
      Size/MD5:   125326 9606b0cda577aa03f7425f4fa6a98e48

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.10.1_sparc.deb
      Size/MD5:   124146 42842bc6847b1900c8c1964b42ae8454


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.