ID CVE-2005-0706
Summary Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
References
Vulnerable Configurations
  • cpe:2.3:a:grip:grip:2.9.6
    cpe:2.3:a:grip:grip:2.9.6
  • cpe:2.3:a:grip:grip:3.1.2
    cpe:2.3:a:grip:grip:3.1.2
  • cpe:2.3:a:grip:grip:3.1.4
    cpe:2.3:a:grip:grip:3.1.4
  • cpe:2.3:a:grip:grip:3.2.0
    cpe:2.3:a:grip:grip:3.2.0
CVSS
Base: 7.5 (as of 09-06-2005 - 22:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-066.NASL
    description A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 17678
    published 2005-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17678
    title Mandrake Linux Security Advisory : grip (MDKSA-2005:066)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BD730827DFE011DDA7650030843D3802.NASL
    description securityfocus reports : The 'libcdaudio' library is prone to a remote heap code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions. A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches. To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35343
    published 2009-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35343
    title FreeBSD : libcdaudio -- remote buffer overflow and code execution (bd730827-dfe0-11dd-a765-0030843d3802)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200504-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200504-07 (GnomeVFS, libcdaudio: CDDB response overflow) Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results (see GLSA 200503-21). The same overflow is present in GnomeVFS and libcdaudio code. Impact : A malicious CDDB server could cause applications making use of GnomeVFS or libcdaudio libraries to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 18001
    published 2005-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18001
    title GLSA-200504-07 : GnomeVFS, libcdaudio: CDDB response overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_10010.NASL
    description This update fixes the following security problems : - The VFS scripts contained in GNOME are vulnerable to attacks on temporary files as well as command execution via shell meta-characters. These bugs can be exploited by accessing a malformated archive file. (CVE-2004-0494) - Insufficient checks when processing CDDB queries could lead to buffer and integer overflows. (CVE-2005-0706)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41069
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41069
    title SuSE9 Security Update : gnome-vfs2,gnome-vfs2-doc (YOU Patch Number 10010)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BCF2700294C311D9A9E00001020EED82.NASL
    description Joseph VanAndel reports that grip is vulnerability to a buffer overflow vulnerability when receiving more than 16 CDDB responses. This could lead to a crash in grip and potentially execution arbitrary code. A workaround is to disable CDDB lookups.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 19101
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19101
    title FreeBSD : grip -- CDDB response multiple matches buffer overflow vulnerability (bcf27002-94c3-11d9-a9e0-0001020eed82)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0005.NASL
    description Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706) Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running GNOME sessions must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 35301
    published 2009-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35301
    title RHEL 2.1 / 3 / 4 : gnome-vfs, gnome-vfs2 (RHSA-2009:0005)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-233.NASL
    description A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36292
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36292
    title Mandriva Linux Security Advisory : libcdaudio (MDVSA-2008:233-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_10009.NASL
    description This update fixes the following security problems : - The VFS scripts contained in GNOME are vulnerable to attacks on temporary files as well as command execution via shell meta-characters. These bugs can be exploited by accessing a malformated archive file. (CVE-2004-0494) - Insufficient checks when processing CDDB queries could lead to buffer and integer overflows. (CVE-2005-0706)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41068
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41068
    title SuSE9 Security Update : gnome-vfs (YOU Patch Number 10009)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-9521.NASL
    description - Sun Nov 9 2008 Adrian Reber - 1:3.2.0-24 - fixed 'buffer overflow caused by large amount of CDDB replies' (#470552) (CVE-2005-0706) - Thu Oct 2 2008 Adrian Reber - 1:3.2.0-23 - fixed 'German Umlauts are shown incorrectly' (#459394) (not converting de.po and fr.po to UTF-8 anymore) - Sat Aug 23 2008 Adrian Reber - 1:3.2.0-22 - updated to better 'execute command after encode' patch from Stefan Becker - Sun Aug 10 2008 Adrian Reber - 1:3.2.0-21 - added 'execute command after encode' patch (#457186) - Sat Jul 26 2008 Adrian Reber - 1:3.2.0-20 - fixed 'Grip silently crahses on F8' (#456721) (converted non UTF-8 .po files to UTF-8) - Tue Jun 10 2008 Adrian Reber - 1:3.2.0-19 - removed now unnecessary cell-renderer patch - fixed 'default config creates ogg files with .mp3 extension' (#427017) - Mon Feb 18 2008 Fedora Release Engineering - 1:3.2.0-18 - Autorebuild for GCC 4.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 34824
    published 2008-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34824
    title Fedora 8 : grip-3.2.0-24.fc8 (2008-9521)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200503-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200503-21 (Grip: CDDB response overflow) Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results. Impact : A malicious CDDB server could cause Grip to crash by returning more then 16 matches, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround : Disable automatic CDDB queries, but we highly encourage users to upgrade to 3.3.0.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 17353
    published 2005-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17353
    title GLSA-200503-21 : Grip: CDDB response overflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-075.NASL
    description A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the libcdaudio1 code. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18105
    published 2005-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18105
    title Mandrake Linux Security Advisory : libcdaudio1 (MDKSA-2005:075)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-10126.NASL
    description - Sun Nov 9 2008 Adrian Reber - 1:3.2.0-24 - fixed 'buffer overflow caused by large amount of CDDB replies' (#470552) (CVE-2005-0706) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 36704
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36704
    title Fedora 10 : grip-3.2.0-24.fc10 (2008-10126)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-11848.NASL
    description This update fixes a potential buffer overflow caused by large amount of CDDB replies (CVE-2005-0706). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 37013
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37013
    title Fedora 10 : libcdaudio-0.99.12p2-11.fc10 (2008-11848)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-9604.NASL
    description - Sun Nov 9 2008 Adrian Reber - 1:3.2.0-24 - fixed 'buffer overflow caused by large amount of CDDB replies' (#470552) (CVE-2005-0706) - Thu Oct 2 2008 Adrian Reber - 1:3.2.0-23 - fixed 'German Umlauts are shown incorrectly' (#459394) (not converting de.po and fr.po to UTF-8 anymore) - Sat Aug 23 2008 Adrian Reber - 1:3.2.0-22 - updated to better 'execute command after encode' patch from Stefan Becker - Sun Aug 10 2008 Adrian Reber - 1:3.2.0-21 - added 'execute command after encode' patch (#457186) - Sat Jul 26 2008 Adrian Reber - 1:3.2.0-20 - fixed 'Grip silently crahses on F8' (#456721) (converted non UTF-8 .po files to UTF-8) - Tue Jun 10 2008 Adrian Reber - 1:3.2.0-19 - removed now unnecessary cell-renderer patch - fixed 'default config creates ogg files with .mp3 extension' (#427017) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 34825
    published 2008-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34825
    title Fedora 9 : grip-3.2.0-24.fc9 (2008-9604)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090107_GNOME_VFS2_ON_SL3_X.NASL
    description A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706) All running GNOME sessions must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60511
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60511
    title Scientific Linux Security Update : gnome-vfs2 on SL3.x, SL4.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-11956.NASL
    description This update fixes a potential buffer overflow caused by large amount of CDDB replies (CVE-2005-0706). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 35592
    published 2009-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35592
    title Fedora 9 : libcdaudio-0.99.12p2-11.fc9 (2008-11956)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-304.NASL
    description A new grip package is available that fixes a remote buffer overflow. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and cdda2wav) and Ogg Vorbis encoders. Dean Brettle discovered a buffer overflow bug in the way grip handles data returned by CDDB servers. It is possible that if a user connects to a malicious CDDB server, an attacker could execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0706 to this issue. Users of grip should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17644
    published 2005-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17644
    title RHEL 2.1 : grip (RHSA-2005:304)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0005.NASL
    description Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706) Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running GNOME sessions must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35311
    published 2009-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35311
    title CentOS 3 / 4 : gnome-vfs2 (CESA-2009:0005)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0005.NASL
    description From Red Hat Security Advisory 2009:0005 : Updated GNOME VFS packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706) Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running GNOME sessions must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67784
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67784
    title Oracle Linux 3 / 4 : gnome-vfs / gnome-vfs2 (ELSA-2009-0005)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-074.NASL
    description A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the gnome-vfs2 code. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18104
    published 2005-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18104
    title Mandrake Linux Security Advisory : gnome-vfs2 (MDKSA-2005:074)
oval via4
accepted 2013-04-29T04:08:32.561-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
family unix
id oval:org.mitre.oval:def:10768
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
version 24
redhat via4
advisories
  • bugzilla
    id 470552
    title CVE-2005-0706 grip,libcdaudio: buffer overflow caused by large amount of CDDB replies
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment gnome-vfs2 is earlier than 0:2.2.5-2E.3.3
            oval oval:com.redhat.rhsa:tst:20090005002
          • comment gnome-vfs2 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20090005003
        • AND
          • comment gnome-vfs2-devel is earlier than 0:2.2.5-2E.3.3
            oval oval:com.redhat.rhsa:tst:20090005004
          • comment gnome-vfs2-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20090005005
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment gnome-vfs2 is earlier than 0:2.8.2-8.7.el4_7.2
            oval oval:com.redhat.rhsa:tst:20090005007
          • comment gnome-vfs2 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20090005003
        • AND
          • comment gnome-vfs2-devel is earlier than 0:2.8.2-8.7.el4_7.2
            oval oval:com.redhat.rhsa:tst:20090005010
          • comment gnome-vfs2-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20090005005
        • AND
          • comment gnome-vfs2-smb is earlier than 0:2.8.2-8.7.el4_7.2
            oval oval:com.redhat.rhsa:tst:20090005008
          • comment gnome-vfs2-smb is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20090005009
    rhsa
    id RHSA-2009:0005
    released 2009-01-07
    severity Moderate
    title RHSA-2009:0005: gnome-vfs, gnome-vfs2 security update (Moderate)
  • rhsa
    id RHSA-2005:304
rpms
  • gnome-vfs2-0:2.2.5-2E.3.3
  • gnome-vfs2-devel-0:2.2.5-2E.3.3
  • gnome-vfs2-0:2.8.2-8.7.el4_7.2
  • gnome-vfs2-devel-0:2.8.2-8.7.el4_7.2
  • gnome-vfs2-smb-0:2.8.2-8.7.el4_7.2
refmap via4
bid 12770
confirm
fedora
  • FEDORA-2008-11956
  • FEDORA-2008-9521
  • FEDORA-2008-9604
  • FLSA:152919
gentoo GLSA-200503-21
misc http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714
secunia
  • 32803
  • 33389
  • 33824
xf grip-cddb-bo(19648)
Last major update 21-08-2010 - 00:26
Published 02-05-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top