blob: 4cc73a9988d57f10d152f9a7ce0caa6b87b8e450 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200709-03">
<title>Streamripper: Buffer overflow</title>
A buffer overflow vulnerability has been discovered in Streamripper,
allowing for user-assisted execution of arbitrary code.
<product type="ebuild">streamripper</product>
<announced>September 13, 2007</announced>
<revised>September 13, 2007: 01</revised>
<package name="media-sound/streamripper" auto="yes" arch="*">
<unaffected range="ge">1.62.2</unaffected>
<vulnerable range="lt">1.62.2</vulnerable>
Streamripper is a tool for extracting and recording mp3 files from a
Shoutcast stream.
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers.
<impact type="normal">
A remote attacker could entice a user to connect to a malicious
streaming server, resulting in the execution of arbitrary code with the
privileges of the user running Streamripper.
There is no known workaround at this time.
All Streamripper users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-sound/streamripper-1.62.2&quot;</code>
<uri link="">CVE-2007-4337</uri>
<metadata tag="requester" timestamp="Fri, 24 Aug 2007 09:30:52 +0000">
<metadata tag="bugReady" timestamp="Fri, 24 Aug 2007 09:31:49 +0000">
<metadata tag="submitter" timestamp="Sat, 08 Sep 2007 15:35:27 +0000">