Gentoo Logo

Cheese Tracker: Buffer Overflow

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200610-13 / cheesetracker
Release Date October 26, 2006
Latest Revision October 26, 2006: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-sound/cheesetracker < 0.9.9-r1 >= 0.9.9-r1 All supported architectures

Related bugreports: #142391

Synopsis

Cheese Tracker contains a buffer overflow allowing the remote execution of arbitrary code.

2.  Impact Information

Background

Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats.

Description

Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp.

Impact

An attacker could execute arbitrary code with the rights of the user running Cheese Tracker by enticing a user to load a crafted file with large amount of extra data.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Cheese Tracker users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/cheesetracker-0.9.9-r1"

4.  References

Print

Page updated October 26, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.