Search...

CVE-2009-1253

2009-04-09T00:30:00

ID CVE-2009-1253
Type cve
Reporter cve@mitre.org
Modified 2009-04-16T05:38:00

Description

James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.

JSON Vulners Source

Initial Source

{"id": "CVE-2009-1253", "bulletinFamily": "NVD", "title": "CVE-2009-1253", "description": "James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.", "published": "2009-04-09T00:30:00", "modified": "2009-04-16T05:38:00", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1253", "reporter": "cve@mitre.org", "references": ["http://www.debian.org/security/2009/dsa-1764", "https://launchpad.net/bugs/314591", "http://secunia.com/advisories/34643", "http://www.vupen.com/english/advisories/2009/0972", "http://osvdb.org/53426", "http://www.securityfocus.com/bid/34417", "https://launchpad.net/bugs/cve/2009-1253"], "cvelist": ["CVE-2009-1253"], "type": "cve", "lastseen": "2019-05-29T18:09:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "4e56ca9947640ae5818185d292498536"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "49aaced221bd907bc9b0ddc9ce92f0a3"}, {"key": "cpe23", "hash": "d93b197d24892c9cdbf0f25105ea2a71"}, {"key": "cvelist", "hash": "e2e79652199fec53f35c025aac3d925d"}, {"key": "cvss", "hash": "6e73efcf92f1a3886b408b405fd39a25"}, {"key": "cvss2", "hash": "34bb1e80f5f3e7df99e85aaf2376988a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "365185155a0267891644f46641d9e3cc"}, {"key": "href", "hash": "5a12e6f4bcaa3228c6fe97ad8f921d68"}, {"key": "modified", "hash": "391c9a9265dbe1922daf2f7d98e5c218"}, {"key": "published", "hash": "66164fb301e2042362e45fb68f8bc891"}, {"key": "references", "hash": "be0d29bebb07255891d09d8e5c021b64"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "3be92969037ffadd99126f6dde4a439a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e26ab22e1c9ee3677809e7e2c1157cdf418a27541f5f5e84ba9fc9a9c59be3ec", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2019-05-29T18:09:58"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21619", "SECURITYVULNS:VULN:9817"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063791", "OPENVAS:63791"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1764-1:A8990"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1764.NASL"]}], "modified": "2019-05-29T18:09:58"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:james_stone:tunapie:2.1"], "affectedSoftware": [{"name": "james_stone tunapie", "operator": "eq", "version": "2.1"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:james_stone:tunapie:2.1:*:*:*:*:*:*:*"], "cwe": ["CWE-59"]}

{"openvas": [{"lastseen": "2018-04-06T11:40:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update to tunapie\nannounced via advisory DSA 1764-1.", "modified": "2018-04-06T00:00:00", "published": "2009-04-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063791", "id": "OPENVAS:136141256231063791", "type": "openvas", "title": "Debian Security Advisory DSA 1764-1 (tunapie)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1764_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1764-1 (tunapie)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Tunapie, a GUI frontend\nto video and radio streams. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-1253\n\nKees Cook discovered that insecure handling of temporary files may\nlead to local denial of service through symlink attacks.\n\nCVE-2009-1254\n\nMike Coleman discovered that insufficient escaping of stream\nURLs may lead to the execution of arbitrary commands if a user\nis tricked into opening a malformed stream URL.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.3.1-1+etch2. Due to a technical problem, this update cannot\nbe released synchronously with the stable (lenny) version, but will\nappear soon.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.1.8-2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tunapie package.\";\ntag_summary = \"The remote host is missing an update to tunapie\nannounced via advisory DSA 1764-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201764-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63791\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2009-1253\", \"CVE-2009-1254\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1764-1 (tunapie)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tunapie\", ver:\"2.1.8-2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:08", "bulletinFamily": "scanner", "description": "The remote host is missing an update to tunapie\nannounced via advisory DSA 1764-1.", "modified": "2017-07-07T00:00:00", "published": "2009-04-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63791", "id": "OPENVAS:63791", "title": "Debian Security Advisory DSA 1764-1 (tunapie)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1764_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1764-1 (tunapie)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Tunapie, a GUI frontend\nto video and radio streams. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-1253\n\nKees Cook discovered that insecure handling of temporary files may\nlead to local denial of service through symlink attacks.\n\nCVE-2009-1254\n\nMike Coleman discovered that insufficient escaping of stream\nURLs may lead to the execution of arbitrary commands if a user\nis tricked into opening a malformed stream URL.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.3.1-1+etch2. Due to a technical problem, this update cannot\nbe released synchronously with the stable (lenny) version, but will\nappear soon.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.1.8-2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tunapie package.\";\ntag_summary = \"The remote host is missing an update to tunapie\nannounced via advisory DSA 1764-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201764-1\";\n\n\nif(description)\n{\n script_id(63791);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2009-1253\", \"CVE-2009-1254\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1764-1 (tunapie)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tunapie\", ver:\"2.1.8-2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1764-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nApril 07, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : tunapie\r\nVulnerability : several\r\nProblem type : local(remote)\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2009-1253 CVE-2009-1254\r\n\r\nSeveral vulnerabilities have been discovered in Tunapie, a GUI frontend\r\nto video and radio streams. The Common Vulnerabilities and Exposures\r\nproject identifies the following problems:\r\n\r\nCVE-2009-1253\r\n\r\n Kees Cook discovered that insecure handling of temporary files may\r\n lead to local denial of service through symlink attacks.\r\n\r\nCVE-2009-1254\r\n\r\n Mike Coleman discovered that insufficient escaping of stream\r\n URLs may lead to the execution of arbitrary commands if a user\r\n is tricked into opening a malformed stream URL.\r\n\r\nFor the old stable distribution (etch), these problems have been fixed\r\nin version 1.3.1-1+etch2. Due to a technical problem, this update cannot\r\nbe released synchronously with the stable (lenny) version, but will\r\nappear soon.\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 2.1.8-2.\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your tunapie package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2.dsc\r\n Size/MD5 checksum: 986 65d527cb9fc306fa3fb84f9e46533e40\r\n http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8.orig.tar.gz\r\n Size/MD5 checksum: 49859 74228ac48e1633749fe3774d225917d9\r\n http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2.diff.gz\r\n Size/MD5 checksum: 5878 cb5766c089606fb839b327483a2a27ca\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2_all.deb\r\n Size/MD5 checksum: 46692 d3e0539b43b439f944ca68294937ed9c\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAknbyK0ACgkQXm3vHE4uylqOlQCeOflBc9u8f5Pp+G0mxbSdjxC2\r\nra8AnR/ZRP84Xau+Iet+x8U0WRjRiqem\r\n=uwdh\r\n-----END PGP SIGNATURE-----", "modified": "2009-04-10T00:00:00", "published": "2009-04-10T00:00:00", "id": "SECURITYVULNS:DOC:21619", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21619", "title": "[SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "description": "Unfiltered shell characters vulnerability, symlink vulnerability.", "modified": "2009-04-10T00:00:00", "published": "2009-04-10T00:00:00", "id": "SECURITYVULNS:VULN:9817", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9817", "title": "tunapie multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:21", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1764-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 07, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : tunapie\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-1253 CVE-2009-1254\n\nSeveral vulnerabilities have been discovered in Tunapie, a GUI frontend\nto video and radio streams. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-1253\n\n Kees Cook discovered that insecure handling of temporary files may\n lead to local denial of service through symlink attacks.\n\nCVE-2009-1254\n\n Mike Coleman discovered that insufficient escaping of stream\n URLs may lead to the execution of arbitrary commands if a user\n is tricked into opening a malformed stream URL.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.3.1-1+etch2. Due to a technical problem, this update cannot\nbe released synchronously with the stable (lenny) version, but will\nappear soon.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.1.8-2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tunapie package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2.dsc\n Size/MD5 checksum: 986 65d527cb9fc306fa3fb84f9e46533e40\n http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8.orig.tar.gz\n Size/MD5 checksum: 49859 74228ac48e1633749fe3774d225917d9\n http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2.diff.gz\n Size/MD5 checksum: 5878 cb5766c089606fb839b327483a2a27ca\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2_all.deb\n Size/MD5 checksum: 46692 d3e0539b43b439f944ca68294937ed9c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-04-07T21:44:59", "published": "2009-04-07T21:44:59", "id": "DEBIAN:DSA-1764-1:A8990", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00074.html", "title": "[SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:21:03", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in Tunapie, a GUI\nfrontend to video and radio streams. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2009-1253\n Kees Cook discovered that insecure handling of temporary\n files may lead to local denial of service through\n symlink attacks.\n\n - CVE-2009-1254\n Mike Coleman discovered that insufficient escaping of\n stream URLs may lead to the execution of arbitrary\n commands if a user is tricked into opening a malformed\n stream URL.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-1764.NASL", "href": "https://www.tenable.com/plugins/nessus/36118", "published": "2009-04-09T00:00:00", "title": "Debian DSA-1764-1 : tunapie - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1764. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36118);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2009-1253\", \"CVE-2009-1254\");\n script_xref(name:\"DSA\", value:\"1764\");\n\n script_name(english:\"Debian DSA-1764-1 : tunapie - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Tunapie, a GUI\nfrontend to video and radio streams. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2009-1253\n Kees Cook discovered that insecure handling of temporary\n files may lead to local denial of service through\n symlink attacks.\n\n - CVE-2009-1254\n Mike Coleman discovered that insufficient escaping of\n stream URLs may lead to the execution of arbitrary\n commands if a user is tricked into opening a malformed\n stream URL.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1764\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tunapie package.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.3.1-1+etch2. Due to a technical problem, this update\ncannot be released synchronously with the stable (lenny) version, but\nwill appear soon.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.1.8-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tunapie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"tunapie\", reference:\"1.3.1-1+etch2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"tunapie\", reference:\"2.1.8-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}