J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: 'libcdio' GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities

Severity: HIGH

Description:

GNU Compact Disc Input and Control Library ('libcdio') provides CD-ROM and CD image access.

The library is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data in the 'cd-info' and 'iso-info' programs. Specifically, the errors occur in the 'print_iso9660_recurse' function in the 'cd-info.c' and 'iso-info.c' files. Attackers may exploit these issues by enticing an unsuspecting user to open a specially crafted ISO file containing overly long filenames.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

The issues affect libcdio 0.79; other versions may also be affected.

Affected Products:

  • GNU libcdio 0.75
  • GNU libcdio 0.77
  • GNU libcdio 0.78.2
  • GNU libcdio 0.79
  • Gentoo Linux
  • Linux kernel 2.4.19
  • Linux kernel 2.4.21
  • Linux kernel 2.6.5
  • MandrakeSoft Corporate Server 4.0
  • MandrakeSoft Corporate Server 4.0.0 x86_64
  • MandrakeSoft Linux Mandrake 2007.0
  • MandrakeSoft Linux Mandrake 2007.0 x86_64
  • MandrakeSoft Linux Mandrake 2007.1
  • MandrakeSoft Linux Mandrake 2007.1 x86_64
  • MandrakeSoft Linux Mandrake 2008.0
  • MandrakeSoft Linux Mandrake 2008.0 x86_64
  • S.u.S.E. Linux 10.0 ppc
  • S.u.S.E. Linux 10.0 x86
  • S.u.S.E. Linux 10.0 x86-64
  • S.u.S.E. Linux 10.1 ppc
  • S.u.S.E. Linux 10.1 x86
  • S.u.S.E. Linux 10.1 x86-64
  • S.u.S.E. Linux Desktop 1.0.0
  • S.u.S.E. Linux Desktop 10
  • S.u.S.E. Linux Enterprise SDK 10
  • S.u.S.E. Linux Enterprise SDK 10 SP1
  • S.u.S.E. Linux Enterprise Server 10
  • S.u.S.E. Linux Enterprise Server 10.SP1
  • S.u.S.E. Linux Enterprise Server 8
  • S.u.S.E. Linux Enterprise Server 9
  • S.u.S.E. Linux Openexchange Server
  • S.u.S.E. Linux Personal 10.0.0 OSS
  • S.u.S.E. Linux Personal 10.1
  • S.u.S.E. Linux Personal 10.2
  • S.u.S.E. Linux Personal 10.2 x86_64
  • S.u.S.E. Linux Professional 10.0.0
  • S.u.S.E. Linux Professional 10.0.0 OSS
  • S.u.S.E. Linux Professional 10.1
  • S.u.S.E. Linux Professional 10.2
  • S.u.S.E. Linux Professional 10.2 x86_64
  • S.u.S.E. Novell Linux Desktop 1.0.0
  • S.u.S.E. Novell Linux Desktop 9
  • S.u.S.E. Novell Linux Desktop 9.0.0
  • S.u.S.E. Novell Linux Desktop SDK 9.0.0
  • S.u.S.E. Novell Linux POS 9
  • S.u.S.E. Open-Enterprise-Server
  • S.u.S.E. SLE SDK 10
  • S.u.S.E. SLE SDK 10.SP1
  • S.u.S.E. SUSE LINUX Retail Solution 8.0.0
  • S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO
  • S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO
  • S.u.S.E. SUSE Linux Enterprise Desktop 10
  • S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
  • S.u.S.E. SUSE Linux Enterprise Server 10
  • S.u.S.E. SUSE Linux Enterprise Server 10 SP1
  • S.u.S.E. SuSE Linux Open-Xchange 4.1.0
  • S.u.S.E. SuSE Linux Openexchange Server 4.0.0
  • S.u.S.E. SuSE Linux School Server for i386
  • S.u.S.E. SuSE Linux Standard Server 8.0.0
  • S.u.S.E. UnitedLinux 1.0.0
  • S.u.S.E. openSUSE 10.1
  • S.u.S.E. openSUSE 10.2
  • S.u.S.E. openSUSE 10.3
  • Ubuntu Ubuntu Linux 6.06 LTS amd64
  • Ubuntu Ubuntu Linux 6.06 LTS i386
  • Ubuntu Ubuntu Linux 6.06 LTS powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS sparc
  • Ubuntu Ubuntu Linux 6.10 amd64
  • Ubuntu Ubuntu Linux 6.10 i386
  • Ubuntu Ubuntu Linux 6.10 powerpc
  • Ubuntu Ubuntu Linux 6.10 sparc
  • Ubuntu Ubuntu Linux 7.04 amd64
  • Ubuntu Ubuntu Linux 7.04 i386
  • Ubuntu Ubuntu Linux 7.04 powerpc
  • Ubuntu Ubuntu Linux 7.04 sparc
  • Ubuntu Ubuntu Linux 7.10 amd64
  • Ubuntu Ubuntu Linux 7.10 i386
  • Ubuntu Ubuntu Linux 7.10 powerpc
  • Ubuntu Ubuntu Linux 7.10 sparc

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.