1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Zinf Audio Player CVE-2004-0964

Attack: Zinf Audio Player CVE-2004-0964

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in Zinf Audio Player which could result in remote code execution.

Additional Information

Zinf is an audio player for Linux and Microsoft Windows.

Zinf is prone to a remote buffer-overflow vulnerability when processing malformed playlist files. This issue occurs because the application fails to perform sufficient boundary checks. An attacker may exploit this issue to gain unauthorized access to a vulnerable computer.

The buffer-overflow condition presents itself when the application processes playlist files ('.pls') with an overly long name. The application copies the large string value in a finite-sized buffer, overflowing the buffer. This issue could lead to a denial-of-service condition in the application.

An attacker may be able to leverage this vulnerability to execute arbitrary code. This can ultimately allow the attacker to gain unauthorized access to the computer in the context of the user running Zinf.

Affected

  • Debian Linux 3.0 alpha, 3.0 arm, 3.0 hppa, 3.0 ia-32, 3.0 ia-64, 3.0 m68k, 3.0 mips, 3.0 mipsel, 3.0 ppc, 3.0 s/390, 3.0 sparc
  • Zinf Zinf 2.2.1

Response

Fixes are available. Please see the references for details.
Debian Linux 3.0 alpha
freeamp_2.1.1.0-4woody2_alpha.deb
freeamp-extras_2.1.1.0-4woody2_alpha.deb
libfreeamp-alsa_2.1.1.0-4woody2_alpha.deb
libfreeamp-esound_2.1.1.0-4woody2_alpha.deb
Debian Linux 3.0 arm
freeamp_2.1.1.0-4woody2_arm.deb
freeamp-extras_2.1.1.0-4woody2_arm.deb
libfreeamp-alsa_2.1.1.0-4woody2_arm.deb
libfreeamp-esound_2.1.1.0-4woody2_arm.deb
Debian Linux 3.0 hppa
freeamp_2.1.1.0-4woody2_hppa.deb
freeamp-extras_2.1.1.0-4woody2_hppa.deb
libfreeamp-esound_2.1.1.0-4woody2_hppa.deb
Debian Linux 3.0 ia-32
freeamp_2.1.1.0-4woody2_i386.deb
freeamp-extras_2.1.1.0-4woody2_i386.deb
libfreeamp-alsa_2.1.1.0-4woody2_i386.deb
libfreeamp-esound_2.1.1.0-4woody2_i386.deb
Debian Linux 3.0 ia-64
freeamp_2.1.1.0-4woody2_ia64.deb
freeamp-extras_2.1.1.0-4woody2_ia64.deb
libfreeamp-esound_2.1.1.0-4woody2_ia64.deb
Debian Linux 3.0 m68k
freeamp_2.1.1.0-4woody2_m68k.deb
freeamp-extras_2.1.1.0-4woody2_m68k.deb
libfreeamp-esound_2.1.1.0-4woody2_m68k.deb
Debian Linux 3.0 mips
freeamp_2.1.1.0-4woody2_mips.deb
freeamp-extras_2.1.1.0-4woody2_mips.deb
libfreeamp-alsa_2.1.1.0-4woody2_mips.deb
libfreeamp-esound_2.1.1.0-4woody2_mips.deb
Debian Linux 3.0 mipsel
freeamp_2.1.1.0-4woody2_mipsel.deb
freeamp-extras_2.1.1.0-4woody2_mipsel.deb
libfreeamp-esound_2.1.1.0-4woody2_mipsel.deb
Debian Linux 3.0 ppc
freeamp_2.1.1.0-4woody2_powerpc.deb
freeamp-extras_2.1.1.0-4woody2_powerpc.deb
libfreeamp-alsa_2.1.1.0-4woody2_powerpc.deb
libfreeamp-esound_2.1.1.0-4woody2_powerpc.deb
Debian Linux 3.0 s/390
freeamp_2.1.1.0-4woody2_s390.deb
freeamp-extras_2.1.1.0-4woody2_s390.deb
libfreeamp-esound_2.1.1.0-4woody2_s390.deb
Debian Linux 3.0 sparc
freeamp_2.1.1.0-4woody2_sparc.deb
freeamp-extras_2.1.1.0-4woody2_sparc.deb
libfreeamp-alsa_2.1.1.0-4woody2_sparc.deb
libfreeamp-esound_2.1.1.0-4woody2_sparc.deb
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube