Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : audiofile vulnerability (USN-912-1)

Ubuntu Security Notice (C) 2010-2013 Canonical, Inc. / NASL script (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

It was discovered that Audio File Library contained a heap-based
buffer overflow. If a user or automated system processed a crafted WAV
file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program. The default compiler options for Ubuntu
should reduce this vulnerability to a denial of service.

Solution :

Update the affected libaudiofile-dev, libaudiofile0 and / or
libaudiofile0-dbg packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 45079 ()

Bugtraq ID: 33066

CVE ID: CVE-2008-5824