安全研究

安全漏洞
libsndfile flac_buffer_copy()函数远程堆溢出漏洞

发布日期:2007-09-21
更新日期:2007-09-24

受影响系统:
Erik de Castro Lopo libsndfile 1.0.17
描述:
BUGTRAQ  ID: 25758
CVE(CAN) ID: CVE-2007-4974

libsndfile是用于通过标准接口读写AIFF、AU和WAV之类声音文件的C库。

libsndfile库实现上存在堆溢出漏洞,攻击者可能利用此漏洞通过诱使用户处理畸形的FLAC文件控制用户系统。

libsndfile的src/flac.c文件中的flac_buffer_copy()函数没有正确地处理FLAC文件,如果用户受骗使用libsndfile库打开的FLAC文件中的特制PCM数据包含有的块大小大于之前块大小的话,就可能触发堆溢出,导致执行任意指令。

<*来源:Robert Buchholz (rbu@gentoo.org
  
  链接:http://secunia.com/advisories/26921/
        https://bugs.gentoo.org/show_bug.cgi?format=multiple&id=192834
        http://www.debian.org/security/2007/dsa-1442
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1442-2)以及相应补丁:
DSA-1442-2:New libsndfile packages fix arbitrary code execution
链接:http://www.debian.org/security/2007/dsa-1442

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16.orig.tar.gz
Size/MD5 checksum:   857117 773b6639672d39b6342030c7fd1e9719
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2.diff.gz
Size/MD5 checksum:     5465 3143afa4d8b69fe1ba9d0428d3b5b472
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2.dsc
Size/MD5 checksum:      639 778f77063bf0aee761b5d9f7af793ced

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_alpha.deb
Size/MD5 checksum:   400468 f555adb582857c57e2efc4c957661a10
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_alpha.deb
Size/MD5 checksum:   222432 5a776e9755235dfbc33881b54a69df87
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_alpha.deb
Size/MD5 checksum:    72062 0ad263c448319e10f147d4ca3a2e49cd

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_amd64.deb
Size/MD5 checksum:    70518 6ece20244584e3e33c680cba32f5bd01
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_amd64.deb
Size/MD5 checksum:   186978 15d1c0d80b1df110594b0e25dc444ca3
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_amd64.deb
Size/MD5 checksum:   322346 f8d850304a105b5b8d2beadb3e81304d

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_arm.deb
Size/MD5 checksum:    72042 6efb81b71098e378b5f702c06cb8b2d9
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_arm.deb
Size/MD5 checksum:   343534 03aef95ebfe92522c5d36a4e5590859d
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_arm.deb
Size/MD5 checksum:   220952 d01c16d518630402f6714691b829d793

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_hppa.deb
Size/MD5 checksum:    74542 cf4e50401c65e94b5ec93b488c0180c7
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_hppa.deb
Size/MD5 checksum:   236320 7c0274e6b33b5e301dcd7a474d502107
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_hppa.deb
Size/MD5 checksum:   373514 af037103e816ba426298a634057decb2

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_i386.deb
Size/MD5 checksum:    74262 834537ca8b562a4350d5a9c422f436ca
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_i386.deb
Size/MD5 checksum:   319560 9fe5127322c613449eb0dde18a27cfb8
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_i386.deb
Size/MD5 checksum:   197498 e9bc609646a45373a0d365b071950c6a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_ia64.deb
Size/MD5 checksum:   270526 4e79bb42b5e92d68fa00bff980686eb3
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_ia64.deb
Size/MD5 checksum:   416098 3d6c672fd2480a3a5783142085445bdd
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_ia64.deb
Size/MD5 checksum:    75756 d29c6c9fe859001936087e53afdff185

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_mips.deb
Size/MD5 checksum:   217138 c59d9ffccb7d577d06f4eb8f8a875e98
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_mips.deb
Size/MD5 checksum:   374184 e0a8ce0c236b772bc58eaad8aad2006a
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_mips.deb
Size/MD5 checksum:    72760 2468de6305a9c60fdfd0fe73bad8999a

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_mipsel.deb
Size/MD5 checksum:    72800 da3ce8b83dc1ad383c23812df43cf31d
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_mipsel.deb
Size/MD5 checksum:   373316 d2e45aaad4073e64b6e3e443e6702cac
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_mipsel.deb
Size/MD5 checksum:   216758 0a66a28c249850999b90b6f90d0c027b

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_powerpc.deb
Size/MD5 checksum:   207748 7c999002bfce68181a2818eaf3e829ed
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_powerpc.deb
Size/MD5 checksum:   346286 2b9d3e4cef955ff76a963a3e40aebecd
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_powerpc.deb
Size/MD5 checksum:    75812 b8549289577e9a8bfe279592ebb68c69

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_s390.deb
Size/MD5 checksum:   346370 dca74b112ab72b4893b272aa983f6e07
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_s390.deb
Size/MD5 checksum:    72800 6fd80164e263294833c6b6a4f98faf7f
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_s390.deb
Size/MD5 checksum:   220876 8f28f995c96e3366cc98a1578aba5a46

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_sparc.deb
Size/MD5 checksum:    70652 7560d39c5a222317decb5586c17d1d55
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_sparc.deb
Size/MD5 checksum:   207790 e758c2a6e11a78f25df2ad1b2205206e
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_sparc.deb
Size/MD5 checksum:   334854 f97aba9749b0dd78f6da521399fa9937

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

Erik de Castro Lopo
-------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://bugs.gentoo.org/attachment.cgi?id=131171

浏览次数:3433
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客