Mandriva Linux Security Advisory : libcdaudio (MDVSA-2008:233-1)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A heap overflow was found in the CDDB retrieval code of libcdaudio,
which could result in the execution of arbitrary code (CVE-2008-5030).

In addition, the fixes for CVE-2005-0706 were not applied to newer
libcdaudio packages as shipped with Mandriva Linux, so the patch to
fix that issue has been applied to 2008.1 and 2009.0 (this was
originally fixed in MDKSA-2005:075). This issue is a buffer overflow
flaw found by Joseph VanAndel. Corporate 3.0 has this fix already
applied.

The updated packages have been patched to prevent these issues.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36292 (mandriva_MDVSA-2008-233.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0706
CVE-2008-5030

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now