drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libmms
Name: |
Ausführen beliebiger Kommandos in libmms |
|
ID: |
201612-29 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 12. Dezember 2016, 07:29 |
|
Referenzen: |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2892 |
|
Applikationen: |
libmms |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ff5Qmp4uWkxI2bJij49JF8gNJSijwmtpP Content-Type: multipart/mixed; boundary="oMeQtBhHBcnbwALa1xxF5I2wK2VJ2A7ft" From: Kristian Fiskerstrand <k_f@gentoo.org> Reply-To: k_f@gentoo.org To: gentoo-announce@lists.gentoo.org Message-ID: <a6d01cd8-a656-59d4-38ae-810abcf6b90c@gentoo.org> Subject: [ GLSA 201612-29 ] libmms: Remote execution of arbitrary code
--oMeQtBhHBcnbwALa1xxF5I2wK2VJ2A7ft Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: libmms: Remote execution of arbitrary code Date: December 11, 2016 Bugs: #507822 ID: 201612-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
A heap-based buffer overflow vulnerability in libmms might allow remote attackers to execute arbitrary code.
Background ==========
libmms is a library for downloading (streaming) media files using the mmst and mmsh protocols.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libmms < 0.6.4 >= 0.6.4
Description ===========
A heap-based buffer overflow was discovered in the get_answer function within mmsh.c of libmms.
Impact ======
A remote attacker might send a specially crafted MMS over HTTP (MMSH) response, possibly resulting in the remote execution of arbitrary code with the privileges of the process.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All libmms users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libmms-0.6.4"
References ==========
[ 1 ] CVE-2014-2892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2892
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-29
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--oMeQtBhHBcnbwALa1xxF5I2wK2VJ2A7ft--
--ff5Qmp4uWkxI2bJij49JF8gNJSijwmtpP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEtOrRIMf4mkrqRycHJQt6/tY3nYUFAlhN5bIACgkQJQt6/tY3 nYXy5ggAm2x+iGg+3wEOgXL+bQCZlSJ8FKbVu6rhdgNBVp0jC9OGwoch9W83WBvG q3JxwJLny0Nf0JSG3+B1U1p5Tsfhrmk1VGKfUmm5kmr2NcMBSWKWmb7XXene/xgD 17Rp8n/pl2tAGhNBVqVgDFVDn28u3lDTFLoe3ND2Yvt7IaEY/RDbbJp3xmWRLx2X JTuz3v/vxYw+0lgxNkFr99bChBDBGLuFesq3/rythggREN9SbqxovaF+jCigdyYv kM5Nt3ze8pqpdJkJgWxe2SLSY+oqvwDz9PyYJ4Tnf2p6RDJ9n3ZyWb2/cQQ3yAai MICCcFcOkHpqEaboQld4lcpiKZs+lA== =I3/6 -----END PGP SIGNATURE-----
--ff5Qmp4uWkxI2bJij49JF8gNJSijwmtpP--
|
|
|
|