From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Nov 19 21:30:14 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB8FA1065678; Wed, 19 Nov 2008 21:30:14 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8873D8FC16; Wed, 19 Nov 2008 21:30:14 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAJLUE1d085433; Wed, 19 Nov 2008 21:30:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAJLUEvP085426; Wed, 19 Nov 2008 21:30:14 GMT (envelope-from gnats) Resent-Date: Wed, 19 Nov 2008 21:30:14 GMT Resent-Message-Id: <200811192130.mAJLUEvP085426@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@freebsd.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Cc: ports@freebsd.org, freebsd-security@freebsd.org Resent-Reply-To: FreeBSD-gnats-submit@freebsd.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64F11106567B for ; Wed, 19 Nov 2008 21:29:43 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 1AD0C8FC0A for ; Wed, 19 Nov 2008 21:29:42 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from phoenix.codelabs.ru (ppp85-141-163-250.pppoe.mtu-net.ru [85.141.163.250]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1L2ucH-0007Ym-6S for FreeBSD-gnats-submit@freebsd.org; Thu, 20 Nov 2008 00:29:41 +0300 Message-Id: <20081119212940.A0D98F181F@phoenix.codelabs.ru> Date: Thu, 20 Nov 2008 00:29:40 +0300 (MSK) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: ports@freebsd.org, freebsd-security@freebsd.org Cc: Subject: ports/128999: [vuxml] [patch] update audio/streamripper to 1.64.0, fix CVE-2008-4829 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2008 21:30:14 -0000 >Number: 128999 >Category: ports >Synopsis: [vuxml] [patch] update audio/streamripper to 1.64.0, fix CVE-2008-4829 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Nov 19 21:30:14 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-PRERELEASE i386 >Organization: Code Labs >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: Streamripper 1.64.0 is out and this release fixes security vulnerability discovered by Secunia. >How-To-Repeat: http://streamripper.cvs.sourceforge.net/viewvc/streamripper/sripper_1x/CHANGES?revision=1.196 http://secunia.com/secunia_research/2008-50/ >Fix: The following patch updates the port to 1.64.0. It works for me: MP3 streams are ripped perfectly. --- 1.63.5-to-1.64.0-fix-cve-2008-4829.diff begins here --- diff -urN ./Makefile ../streamripper/Makefile --- ./Makefile 2008-11-19 23:50:33.000000000 +0300 +++ ../streamripper/Makefile 2008-11-19 23:57:00.000000000 +0300 @@ -6,7 +6,7 @@ # PORTNAME= streamripper -PORTVERSION= 1.63.5 +PORTVERSION= 1.64.0 CATEGORIES= audio MASTER_SITES= SF \ http://gd.tuwien.ac.at/hci/cdk/:cdk diff -urN ./distinfo ../streamripper/distinfo --- ./distinfo 2008-11-19 23:50:33.000000000 +0300 +++ ../streamripper/distinfo 2008-11-19 23:57:19.000000000 +0300 @@ -1,6 +1,6 @@ -MD5 (streamripper-1.63.5.tar.gz) = 73a63383dca00615c3328cf51bf2fa56 -SHA256 (streamripper-1.63.5.tar.gz) = 877aed28880b904383c4e761c0ecb1e046dbe45126e648110c0292991d1e5b93 -SIZE (streamripper-1.63.5.tar.gz) = 1302177 +MD5 (streamripper-1.64.0.tar.gz) = f8754813ddc2bc96c4c3440e25aca8b6 +SHA256 (streamripper-1.64.0.tar.gz) = a53f50d26de3610e59a07eaf81cc9da348aaf7b35bc4a302f2e5f6defb1297ae +SIZE (streamripper-1.64.0.tar.gz) = 839535 MD5 (cdk-5.0-20060507.tgz) = 0ec2460a4484d5f5595d8faca61bc9c5 SHA256 (cdk-5.0-20060507.tgz) = e823bfcce52916727cb23d6d549a64347c45c364b3c628d6a352c407fce8f4b4 SIZE (cdk-5.0-20060507.tgz) = 396514 --- 1.63.5-to-1.64.0-fix-cve-2008-4829.diff ends here --- The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- streamripper -- user-assisted arbitrary code execution streamripper 1.64.0

Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system:

  1. A boundary error exists within http_parse_sc_header() in lib/http.c when parsing an overly long HTTP header starting with “Zwitterion v”.
  2. A boundary error exists within http_get_pls() in lib/http.c when parsing a specially crafted pls playlist containing an overly long entry.
  3. A boundary error exists within http_get_m3u() in lib/http.c when parsing a specially crafted m3u playlist containing an overly long “File” entry.

Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into connecting to a malicious server.

 CVE-2008-4829 http://secunia.com/secunia_research/2008-50/ http://streamripper.cvs.sourceforge.net/viewvc/streamripper/sripper_1x/CHANGES?revision=1.196 2008-11-19 --- vuln.xml ends here --- >Release-Note: >Audit-Trail: >Unformatted: