|Streamripper HTTP头字段解析缓冲区溢出漏洞

Streamripper HTTP头字段解析缓冲区溢出漏洞

- AV AC AU C I A

发布： 2025-03-27

修订： 2025-03-27

StreamRipper能够将网上的MP3流媒体保存到硬盘中，特别适合录制网络MP3广播。 StreamRipper在处理服务器返回的某些HTTP头字段时存在缓冲区溢出，远程攻击者可能利用此漏洞在用户机器上执行任意指令。如果用户受骗访问了攻击设置的恶意服务器的话就可能触发这个漏洞，导致执行任意指令。 Streamripper Streamripper 1.61.25 Streamripper Streamripper 1.61.24 Debian ------ Debian已经为此发布了一个安全公告（DSA-1158-1）以及相应补丁: DSA-1158-1：New streamripper packages fix arbitrary code execution 链接：<a href="http://www.debian.org/security/2005/dsa-1158" target="_blank">http://www.debian.org/security/2005/dsa-1158</a> 补丁下载： Source archives: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1.dsc" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1.dsc</a> Size/MD5 checksum: 684 81c2011992a47019464e689e62a0e2fc <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1.diff.gz" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1.diff.gz</a> Size/MD5 checksum: 2748 a55c6752bf1f5cd184516e018f7b1d5b <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7.orig.tar.gz" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7.orig.tar.gz</a> Size/MD5 checksum: 245448 87e16d42fb7625525eafe769edd2e9b3 Alpha architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_alpha.deb</a> Size/MD5 checksum: 62730 a11cd910042103cd75a229468e786a25 AMD64 architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_amd64.deb</a> Size/MD5 checksum: 55886 93a8ab72c2a969b8eee99c9e105d8ad1 ARM architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_arm.deb</a> Size/MD5 checksum: 51734 3d19a4711f9373be5630e1024f515ddc Intel IA-32 architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_i386.deb</a> Size/MD5 checksum: 51694 cb59ef062ca1ca0c74a5b7359d2b5acd Intel IA-64 architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_ia64.deb</a> Size/MD5 checksum: 68218 ff13f983398a4694350916f4d44a817c HP Precision architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_hppa.deb</a> Size/MD5 checksum: 57016 aad39a310b38f131840929345cf50d6b Motorola 680x0 architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_m68k.deb</a> Size/MD5 checksum: 47922 a19ab1dd7fb150ae73fce92e519ab94e Big endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_mips.deb</a> Size/MD5 checksum: 57088 b90697a7aecf7c2d838bdfae4af1ccc5 Little endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_mipsel.deb</a> Size/MD5 checksum: 57490 0f1fbaeeec94a7f4c4d1340e68d611bb PowerPC architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_powerpc.deb</a> Size/MD5 checksum: 55912 b2590326f71ddb6f9bf44fc933b28c50 IBM S/390 architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_s390.deb</a> Size/MD5 checksum: 55456 60afcd68f13f131040c68cde36f4464a Sun Sparc architecture: <a href="http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_sparc.deb</a> Size/MD5 checksum: 51266 73736226d97be58202e1619518e3ae25 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade Streamripper ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="http://sourceforge.net/project/showfiles.php?group_id=6172" target="_blank">http://sourceforge.net/project/showfiles.php?group_id=6172</a>

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™