• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SoX WAV File Buffer Overflow Vulnerability

Solution:
RedHat has released a Fedora Legacy advisory FLSA:1945 along with fixes for RedHat Linux. Please see the referenced advisory for more information.

Conectiva has released advisory CLA-2004:855 and updates to address this issue for Conectiva 8, 9 and 10. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.

RedHat Linux has released advisories FEDORA-2004-235, and FEDORA-2004-244. These advisories provide fixes and further information about the vulnerabilities for Fedora Core 1 and Fedora Core 2. Please see the referenced advisories.

Mandrake has released advisory MDKSA-2004:076 along with fixes dealing with this issue. Please see the referenced advisory for more information.

RedHat Linux has released advisory RHSA-2004:409-05 for RedHat Enterprise Linux products. Please see the referenced advisory for further information on obtaining fixes.

Gentoo Linux has released advisory GLSA 200407-23 to address this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
emerge sync
emerge -pv ">=media-sound/sox-12.17.4-r2"
emerge ">=media-sound/sox-12.17.4-r2"

Slackware has released an advisory (SSA:2004-223-03) to address this issue. Please see the referenced advisory for more information.

SGI has made available Patch 10095, correcting this vulnerability for systems running SGI Advanced Linux Environment 3:

Patch 10095 is available from http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/

The individual RPMs from Patch 10095 are available from:
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Debian Linux has released an advisory (DSA 565-1) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


SoX SoX 12.17.3

• Conectiva sox-12.17.3-10818U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/8/RPMS/sox-12.17.3-10818U80_1cl. i386.rpm


• Conectiva sox-12.17.3-21828U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/9/RPMS/sox-12.17.3-21828U90_1cl. i386.rpm


• Conectiva sox-12.17.3-29251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/10/RPMS/sox-12.17.3-29251U10_1c l.i386.rpm


• Conectiva sox-devel-12.17.3-10818U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/8/RPMS/sox-devel-12.17.3-10818U8 0_1cl.i386.rpm


• Conectiva sox-devel-12.17.3-21828U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/9/RPMS/sox-devel-12.17.3-21828U9 0_1cl.i386.rpm


• Conectiva sox-devel-12.17.3-29251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/10/RPMS/sox-devel-12.17.3-29251 U10_1cl.i386.rpm


• Debian sox-dev_12.17.3-4woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_alpha.deb


• Debian sox-dev_12.17.3-4woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_arm.deb


• Debian sox-dev_12.17.3-4woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_hppa.deb


• Debian sox-dev_12.17.3-4woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_i386.deb


• Debian sox-dev_12.17.3-4woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_ia64.deb


• Debian sox-dev_12.17.3-4woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_m68k.deb


• Debian sox-dev_12.17.3-4woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_mips.deb


• Debian sox-dev_12.17.3-4woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_mipsel.deb


• Debian sox-dev_12.17.3-4woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_powerpc.deb


• Debian sox-dev_12.17.3-4woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_s390.deb


• Debian sox-dev_12.17.3-4woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4wo ody2_sparc.deb


• Debian sox_12.17.3-4woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _alpha.deb


• Debian sox_12.17.3-4woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _arm.deb


• Debian sox_12.17.3-4woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _hppa.deb


• Debian sox_12.17.3-4woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _i386.deb


• Debian sox_12.17.3-4woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _ia64.deb


• Debian sox_12.17.3-4woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _m68k.deb


• Debian sox_12.17.3-4woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _mips.deb


• Debian sox_12.17.3-4woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _mipsel.deb


• Debian sox_12.17.3-4woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _powerpc.deb


• Debian sox_12.17.3-4woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _s390.deb


• Debian sox_12.17.3-4woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2 _sparc.deb


• Mandrake sox-12.17.3-4.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-12.17.3-4.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-12.17.3-4.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-12.17.3-4.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-devel-12.17.3-4.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-devel-12.17.3-4.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-devel-12.17.3-4.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-devel-12.17.3-4.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• RedHat sox-12.17.3-11.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/sox-12.17.3-11. 1.legacy.i386.rpm


• RedHat sox-12.17.3-4.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/sox-12.17.3-4 .1.legacy.i386.rpm


• RedHat sox-devel-12.17.3-11.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/sox-devel-12.17 .3-11.1.legacy.i386.rpm


• RedHat sox-devel-12.17.3-4.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/sox-devel-12. 17.3-4.1.legacy.i386.rpm


• Slackware sox-12.17.4-i386-3.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/s ox-12.17.4-i386-3.tgz


• Slackware sox-12.17.4-i386-3.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/s ox-12.17.4-i386-3.tgz

SoX SoX 12.17.4

• Mandrake sox-12.17.4-2.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-12.17.4-2.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-12.17.4-2.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-12.17.4-2.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-devel-12.17.4-2.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-devel-12.17.4-2.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-devel-12.17.4-2.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sox-devel-12.17.4-2.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• RedHat sox-12.17.4-4.fc1.i386.rpm
  Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• RedHat sox-12.17.4-4.fc1.x86_64.rpm
  Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• RedHat sox-12.17.4-4.fc2.i386.rpm
  Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• RedHat sox-12.17.4-4.fc2.x86_64.rpm
  Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• RedHat sox-debuginfo-12.17.4-4.fc1.i386.rpm
  Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• RedHat sox-debuginfo-12.17.4-4.fc1.x86_64.rpm
  Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• RedHat sox-debuginfo-12.17.4-4.fc2.i386.rpm
  Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• RedHat sox-debuginfo-12.17.4-4.fc2.x86_64.rpm
  Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• RedHat sox-devel-12.17.4-4.fc1.i386.rpm
  Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• RedHat sox-devel-12.17.4-4.fc1.x86_64.rpm
  Fedora Core 1
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/


• RedHat sox-devel-12.17.4-4.fc2.i386.rpm
  Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• RedHat sox-devel-12.17.4-4.fc2.x86_64.rpm
  Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Slackware sox-12.17.4-i486-3.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ sox-12.17.4-i486-3.tgz


• Slackware sox-12.17.4-i486-3.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/s ox-12.17.4-i486-3.tgz