FreeBSD : libcdaudio -- remote buffer overflow and code execution (bd730827-dfe0-11dd-a765-0030843d3802)
Critical Nessus Plugin ID 35343
SynopsisThe remote FreeBSD host is missing a security-related update.
Descriptionsecurityfocus reports :
The 'libcdaudio' library is prone to a remote heap code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions.
A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches.
To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.
SolutionUpdate the affected package.