GLSA-200503-21 : Grip: CDDB response overflow

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200503-21
(Grip: CDDB response overflow)

Joseph VanAndel has discovered a buffer overflow in Grip when
processing large CDDB results.

Impact :

A malicious CDDB server could cause Grip to crash by returning
more then 16 matches, potentially allowing the execution of arbitrary
code with the privileges of the user running the application.

Workaround :

Disable automatic CDDB queries, but we highly encourage users to
upgrade to 3.3.0.

See also :

Solution :

All Grip users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-sound/grip-3.3.0'

Risk factor :

High / CVSS Base Score : 7.5

Family: Gentoo Local Security Checks

Nessus Plugin ID: 17353 (gentoo_GLSA-200503-21.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0706

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now