FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
9855ac8e-2aec-11db-a6e2-000e0c2e438a | alsaplayer -- multiple vulnerabilities
Luigi Auriemma reports three vulnerabilities within
alsaplayer:
- The function which handles the HTTP connections is
vulnerable to a buffer-overflow that happens when it uses
sscanf for copying the URL in the Location's field
received from the server into the redirect buffer of only
1024 bytes declared in http_open.
- A buffer-overflow exists in the functions which add items
to the playlist when the GTK interface is used (so the other
interfaces are not affected by this problem): new_list_item
and CbUpdated in interface/gtk/PlaylistWindow.cpp.
- AlsaPlayer automatically queries the CDDB server
specified in its configuration (by default
freedb.freedb.org) when the user choices the CDDA function
for playing audio CDs. The function which queries the
server uses a buffer of 20 bytes and one of 9 for storing
the category and ID strings received from the server while
the buffer which contains this server's response is 32768
bytes long. Naturally for exploiting this bug the attacker
must have control of the freedb server specified in the
AlsaPlayer's configuration.
These vulnerabilities could allow a remote attacker to
execute arbitrary code, possibly gaining access to the
system.
Discovery 2006-08-09 Entry 2006-08-13 Modified 2010-05-12 alsaplayer
gt 0
CVE-2006-4089
19450
http://aluigi.altervista.org/adv/alsapbof-adv.txt
|