RHEL 3 : sox (RHSA-2004:409)

critical Nessus Plugin ID 13853

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated sox packages that fix buffer overflows in the WAV file handling code are now available.

SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.

Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0557 to these issues.

All users of sox should upgrade to these updated packages, which resolve these issues as well as fix a number of minor bugs.

Solution

Update the affected sox and / or sox-devel packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0557

https://access.redhat.com/errata/RHSA-2004:409

Plugin Details

Severity: Critical

ID: 13853

File Name: redhat-RHSA-2004-409.nasl

Version: 1.27

Type: local

Agent: unix

Published: 7/30/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:sox, p-cpe:/a:redhat:enterprise_linux:sox-devel, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 7/29/2004

Vulnerability Publication Date: 8/6/2004

Reference Information

CVE: CVE-2004-0557

RHSA: 2004:409