Info

Disclosure

Aug 09, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in AlsaPlayer. AlsaPlayer fails to handle long values (over 1024 bytes) in HTTP Response Header 'Location' when redirected by a web server resulting in a stack based overflow. With a specially crafted HTTP response, an attacker can cause deny of service or even execute arbitrary code resulting in a loss of integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 0.99.77 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

alsa-project.org

AlsaPlayer

0.99.76

References

Bugtraq ID: 19450
CVE ID: 2006-4089 (see also: NVD)
Secunia Advisory ID: 21422 21639 21749 22018
Related OSVDB ID: 27884 27885
ISS X-Force ID: 28306
Other Advisory URL: http://aluigi.altervista.org/adv/alsapbof-adv.txt
http://lists.suse.com/archive/suse-security-announce/2006-Sep/0001.html
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html
Vendor URL: http://www.alsaplayer.org/
Vendor Specific News/Changelog Entry: http://www.alsaplayer.org/changelog.php3
Vendor Specific Advisory URL: http://www.debian.org/security/2006/dsa-1179
http://www.gentoo.org/security/en/glsa/glsa-200608-24.xml

Credit

Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/27883