GLSA-200608-24 : AlsaPlayer: Multiple buffer overflows

medium Nessus Plugin ID 22286

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200608-24 (AlsaPlayer: Multiple buffer overflows)

AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB querying mechanism.
Impact :

An attacker could exploit the first vulnerability by enticing a user to load a malicious URL resulting in the execution of arbitrary code with the permissions of the user running AlsaPlayer.
Workaround :

There is no known workaround at this time.

Solution

AlsaPlayer has been masked in Portage pending the resolution of these issues. AlsaPlayer users are advised to uninstall the package until further notice:
# emerge --ask --unmerge 'media-sound/alsaplayer'

See Also

https://security.gentoo.org/glsa/200608-24

Plugin Details

Severity: Medium

ID: 22286

File Name: gentoo_GLSA-200608-24.nasl

Version: 1.15

Type: local

Published: 8/30/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:alsaplayer, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 8/26/2006

Vulnerability Publication Date: 8/9/2006

Reference Information

CVE: CVE-2006-4089

GLSA: 200608-24