From baa89371986af474eddc5dbb3dbfee4e5032dbd5 Mon Sep 17 00:00:00 2001 From: nectar Date: Fri, 3 Jun 2005 16:26:13 +0000 Subject: Correct recently added yamt entry: * This is not CAN-2004-1302, which was documented much earlier * Try to explain the issue * Add the only public reference to the issue I can find --- security/vuxml/vuln.xml | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1b2b05f4e359..cd7be105d5a2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,7 +57,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - yamt -- Possible buffer overflow and directory transferal issue + yamt -- buffer overflow and directory traversal + issues yamt @@ -66,14 +67,26 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -

In addition to the vulnerabilities listed in - CVE CAN-2004-1302, several other issues have been - found in audio/yamt, including buffer overflows - and directory tranversals.

Stanislav Brabec discovered errors in yamt's path name + handling that lead to buffer overflows and directory traversal + issues. When processing a file with a maliciously crafted ID3 + tag, yamt might overwrite arbitrary files or possibly execute + arbitrary code.

The SuSE package ChangeLog contains:

+
+
Several security fixes (#49337):
+
directory traversal in rename
+
directory traversal in sort
+
buffer overflow in sort
+
buffer overflow in rename
+
+

- CAN-2004-1302 + http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html + ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm 2005-01-20 -- cgit