Debian Bug report logs - #379064
dumb: CVE-2006-3668: arbitrary code execution

version graph

Package: libdumb; Maintainer for libdumb is Debian Games Team <pkg-games-devel@lists.alioth.debian.org>;

Reported by: Alec Berryman <alec@thened.net>

Date: Thu, 20 Jul 2006 22:48:06 UTC

Severity: serious

Tags: security

Fixed in versions libdumb/1:0.9.3-5, libdumb/1:0.9.2-6

Done: Sam Hocevar (Debian packages) <sam+deb@zoy.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian allegro packages maintainers <pkg-allegro-maintainers@lists.alioth.debian.org>:
Bug#379064; Package libdumb. Full text and rfc822 format available.

Acknowledgement sent to Alec Berryman <alec@thened.net>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian allegro packages maintainers <pkg-allegro-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Alec Berryman <alec@thened.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dumb: CVE-2006-3668: arbitrary code execution
Date: Thu, 20 Jul 2006 18:26:59 -0400
Package: libdumb
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2006-3668: "Heap-based buffer overflow in the it_read_envelope
function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
earlier, and current CVS as of 20060716, allows user-complicit attackers
to execute arbitrary code via a ".it" (Impulse Tracker) file with an
enveloper with a large number of nodes."

There is a proof-of-concept expoit [1] in the original advisory [2].  I
have not verified the issue.  Sarge is probably vulnerable.  I do not
see an upstream patch, but the original advisory suggests that the issue
will be fixed in the next version.

Please mention the CVE in your changelog.

Thanks,

Alec

[1] http://aluigi.org/poc/dumbit.zip
[2] http://aluigi.altervista.org/adv/dumbit-adv.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwAMzAud/2YgchcQRAnROAKCAbMTcW5DcUY9cNysbNEC1cgKznQCgxeZU
bHCS1r8WWutRKUbCIaRRHw8=
=26dP
-----END PGP SIGNATURE-----



Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Alec Berryman <alec@thened.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 379064-close@bugs.debian.org (full text, mbox):

From: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
To: 379064-close@bugs.debian.org
Subject: Bug#379064: fixed in libdumb 1:0.9.3-5
Date: Fri, 21 Jul 2006 02:32:15 -0700
Source: libdumb
Source-Version: 1:0.9.3-5

We believe that the bug you reported is fixed in the latest version of
libdumb, which is due to be installed in the Debian FTP archive:

libaldmb1-dev_0.9.3-5_i386.deb
  to pool/main/libd/libdumb/libaldmb1-dev_0.9.3-5_i386.deb
libaldmb1_0.9.3-5_i386.deb
  to pool/main/libd/libdumb/libaldmb1_0.9.3-5_i386.deb
libdumb1-dev_0.9.3-5_i386.deb
  to pool/main/libd/libdumb/libdumb1-dev_0.9.3-5_i386.deb
libdumb1_0.9.3-5_i386.deb
  to pool/main/libd/libdumb/libdumb1_0.9.3-5_i386.deb
libdumb_0.9.3-5.diff.gz
  to pool/main/libd/libdumb/libdumb_0.9.3-5.diff.gz
libdumb_0.9.3-5.dsc
  to pool/main/libd/libdumb/libdumb_0.9.3-5.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 379064@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated libdumb package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 21 Jul 2006 11:07:45 +0200
Source: libdumb
Binary: libdumb1 libaldmb1-dev libaldmb1 libdumb1-dev
Architecture: source i386
Version: 1:0.9.3-5
Distribution: unstable
Urgency: critical
Maintainer: Debian allegro packages maintainers <pkg-allegro-maintainers@lists.alioth.debian.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description: 
 libaldmb1  - dynamic universal music bibliotheque, Allegro version
 libaldmb1-dev - development files for libaldmb1
 libdumb1   - dynamic universal music bibliotheque
 libdumb1-dev - development files for libdumb1
Closes: 379064
Changes: 
 libdumb (1:0.9.3-5) unstable; urgency=critical
 .
   * Set urgency=critical because of security fix.
 .
   * debian/patches/100_CVE-2006-3668.diff:
     + Fix for CVE-2006-3668 "Heap-based buffer overflow in the it_read_envelope
       function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
       earlier, and current CVS as of 20060716, allows user-complicit attackers
       to execute arbitrary code via a ".it" (Impulse Tracker) file with an
       enveloper with a large number of nodes." (Closes: #379064).
 .
   * debian/control:
     + Set policy to 3.7.2.
Files: 
 b91cf1acdf25110b2fbd49f169c81e63 754 libs optional libdumb_0.9.3-5.dsc
 6be3173f27c100781014fa249fc0cf08 4379 libs optional libdumb_0.9.3-5.diff.gz
 bb9c024fc6cdd245466504f0badcdf0d 203864 libs optional libdumb1_0.9.3-5_i386.deb
 e9ca3705673588d00f090370cef275a8 122542 libdevel optional libdumb1-dev_0.9.3-5_i386.deb
 383209af6c5cc6228e825fc087ee6e26 94544 libs optional libaldmb1_0.9.3-5_i386.deb
 4a7cea7289d8092aa6e32097c0398c11 4956 libdevel optional libaldmb1-dev_0.9.3-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwJuKfPP1rylJn2ERAm6kAJ0V2q34Kn4AMws5TIzFcsAB9WI34gCdHZoN
F4m6LkVNZ7ZpnHy1uKfc3WM=
=M0YY
-----END PGP SIGNATURE-----




Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Alec Berryman <alec@thened.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 379064-close@bugs.debian.org (full text, mbox):

From: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
To: 379064-close@bugs.debian.org
Subject: Bug#379064: fixed in libdumb 1:0.9.2-6
Date: Wed, 30 Aug 2006 23:02:27 -0700
Source: libdumb
Source-Version: 1:0.9.2-6

We believe that the bug you reported is fixed in the latest version of
libdumb, which is due to be installed in the Debian FTP archive:

libaldmb0-dev_0.9.2-6_i386.deb
  to pool/main/libd/libdumb/libaldmb0-dev_0.9.2-6_i386.deb
libaldmb0_0.9.2-6_i386.deb
  to pool/main/libd/libdumb/libaldmb0_0.9.2-6_i386.deb
libdumb0-dev_0.9.2-6_i386.deb
  to pool/main/libd/libdumb/libdumb0-dev_0.9.2-6_i386.deb
libdumb0_0.9.2-6_i386.deb
  to pool/main/libd/libdumb/libdumb0_0.9.2-6_i386.deb
libdumb_0.9.2-6.diff.gz
  to pool/main/libd/libdumb/libdumb_0.9.2-6.diff.gz
libdumb_0.9.2-6.dsc
  to pool/main/libd/libdumb/libdumb_0.9.2-6.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 379064@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated libdumb package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 21 Jul 2006 11:07:45 +0200
Source: libdumb
Binary: libaldmb0-dev libaldmb0 libdumb0-dev libdumb0
Architecture: source i386
Version: 1:0.9.2-6
Distribution: stable-security
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description: 
 libaldmb0  - dynamic universal music bibliotheque, allegro version
 libaldmb0-dev - development files for libaldmb0
 libdumb0   - dynamic universal music bibliotheque
 libdumb0-dev - development files for libdumb0
Closes: 379064
Changes: 
 libdumb (1:0.9.2-6) stable-security; urgency=high
 .
   * src/it/itread.c:
     + Fix for CVE-2006-3668 "Heap-based buffer overflow in the it_read_envelope
       function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
       earlier, and current CVS as of 20060716, allows user-complicit attackers
       to execute arbitrary code via a ".it" (Impulse Tracker) file with an
       enveloper with a large number of nodes." (Closes: #379064).
Files: 
 32242f365a1433e66ca9e46a004523df 634 libs optional libdumb_0.9.2-6.dsc
 0ce45f64934e6d5d7b82a55108596680 145722 libs optional libdumb_0.9.2.orig.tar.gz
 65aa4b7596e81c622e830bbe1d32ff22 3914 libs optional libdumb_0.9.2-6.diff.gz
 ead6a0b39172a059491c864b9985101f 108496 libs optional libdumb0_0.9.2-6_i386.deb
 a0d02ff38ef6791845756ca2394a4bc5 47478 libdevel optional libdumb0-dev_0.9.2-6_i386.deb
 1c721ae454752d3a252f1cfc9a773d41 74484 libs optional libaldmb0_0.9.2-6_i386.deb
 e4b77e2545480a205f675e39017efc58 4738 libdevel optional libaldmb0-dev_0.9.2-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwQSOXm3vHE4uyloRAr8cAKDlhjg3bz8EvGrDjilhuKe0gjFNFQCguT1Q
5tiomedTMa9ysqsr29fgVvo=
=+I7H
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 05:59:28 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 07:46:49 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.