GLSA-200609-01 : Streamripper: Multiple remote buffer overflows
High Nessus Plugin ID 22323
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200609-01 (Streamripper: Multiple remote buffer overflows)
Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing malformed HTTP headers.
By enticing a user to connect to a malicious server, an attacker could execute arbitrary code with the permissions of the user running Streamripper Workaround :
There is no known workaround at this time.
SolutionAll Streamripper users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/streamripper-1.61.26'