blob: a1f391be0e7b02aa6a35975a736fb0214a595f85 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200609-01">
<title>Streamripper: Multiple remote buffer overflows</title>
Streamripper is vulnerable to multiple remote buffer overflows, leading to
the execution of arbitrary code.
<product type="ebuild">streamripper</product>
<announced>September 06, 2006</announced>
<revised>September 06, 2006: 01</revised>
<package name="media-sound/streamripper" auto="yes" arch="*">
<unaffected range="ge">1.61.26</unaffected>
<vulnerable range="lt">1.61.26</vulnerable>
Streamripper extracts and records individual MP3 file tracks from
SHOUTcast streams.
Ulf Harnhammar, from the Debian Security Audit Project, has found that
Streamripper is vulnerable to multiple stack based buffer overflows
caused by improper bounds checking when processing malformed HTTP
<impact type="normal">
By enticing a user to connect to a malicious server, an attacker could
execute arbitrary code with the permissions of the user running
There is no known workaround at this time.
All Streamripper users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-sound/streamripper-1.61.26&quot;</code>
<uri link="">CVE-2006-3124</uri>
<metadata tag="requester" timestamp="Mon, 04 Sep 2006 14:37:38 +0000">
<metadata tag="submitter" timestamp="Mon, 04 Sep 2006 18:11:08 +0000">
<metadata tag="bugReady" timestamp="Tue, 05 Sep 2006 19:33:58 +0000">