GLSA-200503-21 : Grip: CDDB response overflow

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200503-21
(Grip: CDDB response overflow)

Joseph VanAndel has discovered a buffer overflow in Grip when
processing large CDDB results.

Impact :

A malicious CDDB server could cause Grip to crash by returning
more then 16 matches, potentially allowing the execution of arbitrary
code with the privileges of the user running the application.

Workaround :

Disable automatic CDDB queries, but we highly encourage users to
upgrade to 3.3.0.

See also :

http://www.nessus.org/u?d837aaf3
http://www.gentoo.org/security/en/glsa/glsa-200503-21.xml

Solution :

All Grip users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-sound/grip-3.3.0'

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 17353 (gentoo_GLSA-200503-21.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0706