Signature Detail
Short Name |
HTTP:STC:DL:MAL-FILE-BOF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Malformed File Format Header Buffer Overflow |
Release Date |
2012/12/11 |
Update Number |
2209 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Malformed File Format Header Buffer Overflow
This signature detects download of various file formats that don't adhere to their specifications. In this scenario, continuous random bytes are injected in header section of a given file format. While this can cause the application to terminate abruptly, it may not indicate an actual exploit attempt. This kind of behaviour is mostly observed in exploits constructed from penetration testing tools like Metasploit, IXIA and various others.
Extended Description
The libmodplug library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions prior to libmodplug 0.8.6. Since the library is used in multiple other projects (such as TTPlayer and gst-plugins-bad), other applications and versions may also be vulnerable.
Affected Products
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Armel
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Gentoo Linux
- GStreamer gst-plugins-bad 0.10.8
- libmodplug 0.8
- libmodplug 0.8.4
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2008.1
- Mandriva Linux Mandrake 2008.1 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2009.1
- Mandriva Linux Mandrake 2009.1 X86 64
- Pardus Linux 2008
- Red Hat Fedora 10
- Red Hat Fedora 9
- SuSE Novell Linux Desktop 9.0.0
- SuSE openSUSE 11.0
- SuSE openSUSE 11.1
- TTPlayer 5.2
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
- Ubuntu Ubuntu Linux 8.10 Amd64
- Ubuntu Ubuntu Linux 8.10 I386
- Ubuntu Ubuntu Linux 8.10 Lpia
- Ubuntu Ubuntu Linux 8.10 Powerpc
- Ubuntu Ubuntu Linux 8.10 Sparc
- Ubuntu Ubuntu Linux 9.04 Amd64
- Ubuntu Ubuntu Linux 9.04 I386
- Ubuntu Ubuntu Linux 9.04 Lpia
- Ubuntu Ubuntu Linux 9.04 Powerpc
- Ubuntu Ubuntu Linux 9.04 Sparc
References
- BugTraq: 49095
- BugTraq: 41136
- BugTraq: 42525
- BugTraq: 42117
- BugTraq: 34396
- BugTraq: 46863
- BugTraq: 30801
- BugTraq: 30801
- BugTraq: 34398
- BugTraq: 35956
- CVE: CVE-2009-1438
- CVE: CVE-2009-4863
- CVE: CVE-2010-1280