ID 85D76F02-5380-11D9-A9E7-0001020EED82 Type freebsd Reporter FreeBSD Modified 2005-01-12T00:00:00
Description
iDEFENSE and the MPlayer Team have found multiple
vulnerabilities in MPlayer:
Potential heap overflow in Real RTSP streaming code
Potential stack overflow in MMST streaming code
Multiple buffer overflows in BMP demuxer
Potential heap overflow in pnm streaming code
Potential buffer overflow in mp3lib
These vulnerabilities could allow a remote attacker to
execute arbitrary code as the user running MPlayer. The
problem in the pnm streaming code also affects xine.
{"cve": [{"lastseen": "2017-07-11T11:14:32", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/18638", "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff", "http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011", "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21"], "description": "The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.", "edition": 2, "reporter": "NVD", "published": "2005-01-10T00:00:00", "title": "CVE-2004-1188", "type": "cve", "enchantments": {"score": {"modified": "2017-07-11T11:14:32", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-1188"], "scanner": [], "modified": "2017-07-10T21:30:48", "cpe": ["cpe:/a:xine:xine:1_rc6a", "cpe:/a:xine:xine:1_beta1", "cpe:/a:xine:xine-lib:1_beta11", "cpe:/a:mplayer:mplayer:1.0_pre4", "cpe:/a:xine:xine-lib:1_beta9", "cpe:/a:xine:xine:0.9.18", "cpe:/a:mplayer:mplayer:0.92.1", "cpe:/a:xine:xine-lib:1_beta12", "cpe:/a:xine:xine:1_rc4", "cpe:/a:xine:xine-lib:1_rc6", "cpe:/a:xine:xine-lib:1_beta3", "cpe:/a:xine:xine-lib:1_beta2", "cpe:/a:xine:xine-lib:1_rc3", "cpe:/a:xine:xine:1_beta2", "cpe:/a:xine:xine-lib:0.9.13", "cpe:/a:xine:xine-lib:1_beta6", "cpe:/a:mplayer:mplayer:1.0_pre5", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/a:mplayer:mplayer:0.92", "cpe:/a:xine:xine-lib:1_beta1", "cpe:/a:xine:xine-lib:1_rc5", "cpe:/a:xine:xine:1_beta9", "cpe:/a:xine:xine-lib:1_alpha", "cpe:/a:xine:xine:1_rc8", "cpe:/a:mplayer:mplayer:0.90", "cpe:/a:mplayer:mplayer:1.0_pre1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/a:xine:xine:1_rc3b", "cpe:/a:xine:xine-lib:1_rc1", "cpe:/a:xine:xine-lib:1_rc6a", "cpe:/a:xine:xine:1_rc2", "cpe:/a:xine:xine:1_alpha", "cpe:/a:xine:xine:0.9.13", "cpe:/a:mplayer:mplayer:head_cvs", "cpe:/a:xine:xine-lib:1_rc3a", "cpe:/a:xine:xine:1_beta4", "cpe:/a:xine:xine-lib:1_beta8", "cpe:/a:xine:xine:1_beta11", "cpe:/a:xine:xine-lib:1_rc0", "cpe:/a:mplayer:mplayer:1.0_pre3try2", "cpe:/a:mplayer:mplayer:1.0_pre5try1", "cpe:/a:xine:xine-lib:0.9.8", "cpe:/a:xine:xine:1_beta5", "cpe:/a:xine:xine:1_rc3a", "cpe:/a:xine:xine-lib:1_rc3b", "cpe:/a:xine:xine-lib:1_rc7", "cpe:/a:xine:xine:1_rc5", "cpe:/o:mandrakesoft:mandrake_linux:10.1::x86_64", "cpe:/a:mplayer:mplayer:0.90_pre", "cpe:/a:xine:xine:1_rc7", "cpe:/a:xine:xine:1_rc1", "cpe:/a:xine:xine:1_beta8", "cpe:/a:xine:xine:1_rc3", "cpe:/a:mplayer:mplayer:0.90_rc", "cpe:/a:mplayer:mplayer:1.0_pre5try2", "cpe:/a:xine:xine:1_rc0a", "cpe:/a:xine:xine:1_rc0", "cpe:/a:xine:xine-lib:0.99", "cpe:/a:xine:xine:1_beta7", "cpe:/a:xine:xine:1_beta6", "cpe:/a:xine:xine-lib:1_rc2", "cpe:/a:xine:xine:1_beta10", "cpe:/a:mplayer:mplayer:1.0_pre3", "cpe:/a:xine:xine:0.9.8", "cpe:/a:xine:xine-lib:1_rc3c", "cpe:/a:xine:xine-lib:1_beta5", "cpe:/a:xine:xine-lib:1_beta7", "cpe:/a:xine:xine-lib:1_rc4", "cpe:/a:xine:xine:1_beta3", "cpe:/a:xine:xine-lib:1_beta4", "cpe:/a:xine:xine:1_rc6", "cpe:/a:mplayer:mplayer:0.92_cvs", "cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64", "cpe:/a:xine:xine-lib:1_beta10", "cpe:/a:xine:xine:1_beta12", "cpe:/a:mplayer:mplayer:0.90_rc4", "cpe:/a:mplayer:mplayer:0.91", "cpe:/a:mplayer:mplayer:1.0_pre2"], "id": "CVE-2004-1188", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1188", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-11T11:14:32", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/18640", "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011", "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21", "http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities"], "description": "Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.", "edition": 2, "reporter": "NVD", "published": "2005-01-10T00:00:00", "title": "CVE-2004-1187", "type": "cve", "enchantments": {"score": {"modified": "2017-07-11T11:14:32", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-1187"], "scanner": [], "modified": "2017-07-10T21:30:48", "cpe": ["cpe:/a:xine:xine:1_rc6a", "cpe:/a:xine:xine:1_beta1", "cpe:/a:xine:xine-lib:1_beta11", "cpe:/a:mplayer:mplayer:1.0_pre4", "cpe:/a:xine:xine-lib:1_beta9", "cpe:/a:xine:xine:0.9.18", "cpe:/a:mplayer:mplayer:0.92.1", "cpe:/a:xine:xine-lib:1_beta12", "cpe:/a:xine:xine:1_rc4", "cpe:/a:xine:xine-lib:1_rc6", "cpe:/a:xine:xine-lib:1_beta3", "cpe:/a:xine:xine-lib:1_beta2", "cpe:/a:xine:xine-lib:1_rc3", "cpe:/a:xine:xine:1_beta2", "cpe:/a:xine:xine-lib:0.9.13", "cpe:/a:xine:xine-lib:1_beta6", "cpe:/a:mplayer:mplayer:1.0_pre5", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/a:mplayer:mplayer:0.92", "cpe:/a:xine:xine-lib:1_beta1", "cpe:/a:xine:xine-lib:1_rc5", "cpe:/a:xine:xine:1_beta9", "cpe:/a:xine:xine-lib:1_alpha", "cpe:/a:xine:xine:1_rc8", "cpe:/a:mplayer:mplayer:0.90", "cpe:/a:mplayer:mplayer:1.0_pre1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/a:xine:xine:1_rc3b", "cpe:/a:xine:xine-lib:1_rc1", "cpe:/a:xine:xine-lib:1_rc6a", "cpe:/a:xine:xine:1_rc2", "cpe:/a:xine:xine:1_alpha", "cpe:/a:xine:xine:0.9.13", "cpe:/a:mplayer:mplayer:head_cvs", "cpe:/a:xine:xine-lib:1_rc3a", "cpe:/a:xine:xine:1_beta4", "cpe:/a:xine:xine-lib:1_beta8", "cpe:/a:xine:xine:1_beta11", "cpe:/a:xine:xine-lib:1_rc0", "cpe:/a:mplayer:mplayer:1.0_pre3try2", "cpe:/a:mplayer:mplayer:1.0_pre5try1", "cpe:/a:xine:xine-lib:0.9.8", "cpe:/a:xine:xine:1_beta5", "cpe:/a:xine:xine:1_rc3a", "cpe:/a:xine:xine-lib:1_rc3b", "cpe:/a:xine:xine-lib:1_rc7", "cpe:/a:xine:xine:1_rc5", "cpe:/o:mandrakesoft:mandrake_linux:10.1::x86_64", "cpe:/a:mplayer:mplayer:0.90_pre", "cpe:/a:xine:xine:1_rc7", "cpe:/a:xine:xine:1_rc1", "cpe:/a:xine:xine:1_beta8", "cpe:/a:xine:xine:1_rc3", "cpe:/a:mplayer:mplayer:0.90_rc", "cpe:/a:mplayer:mplayer:1.0_pre5try2", "cpe:/a:xine:xine:1_rc0a", "cpe:/a:xine:xine:1_rc0", "cpe:/a:xine:xine-lib:0.99", "cpe:/a:xine:xine:1_beta7", "cpe:/a:xine:xine:1_beta6", "cpe:/a:xine:xine-lib:1_rc2", "cpe:/a:xine:xine:1_beta10", "cpe:/a:mplayer:mplayer:1.0_pre3", "cpe:/a:xine:xine:0.9.8", "cpe:/a:xine:xine-lib:1_rc3c", "cpe:/a:xine:xine-lib:1_beta5", "cpe:/a:xine:xine-lib:1_beta7", "cpe:/a:xine:xine-lib:1_rc4", "cpe:/a:xine:xine:1_beta3", "cpe:/a:xine:xine-lib:1_beta4", "cpe:/a:xine:xine:1_rc6", "cpe:/a:mplayer:mplayer:0.92_cvs", "cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64", "cpe:/a:xine:xine-lib:1_beta10", "cpe:/a:xine:xine:1_beta12", "cpe:/a:mplayer:mplayer:0.90_rc4", "cpe:/a:mplayer:mplayer:0.91", "cpe:/a:mplayer:mplayer:1.0_pre2"], "id": "CVE-2004-1187", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1187", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:09", "references": [], "pluginID": "52266", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "mplayer -- multiple vulnerabilities", "type": "openvas", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1187", "CVE-2004-1188"], "modified": "2016-09-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52266", "id": "OPENVAS:52266", "sourceData": "#\n#VID 85d76f02-5380-11d9-a9e7-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n mplayer\n mplayer-gtk\n mplayer-gtk2\n mplayer-esound\n mplayer-gtk-esound\n mplayer-gtk2-esound\n libxine\n\nCVE-2004-1187\nHeap-based buffer overflow in the pnm_get_chunk function for xine\n0.99.2, and other packages such as MPlayer that use the same code,\nallows remote attackers to execute arbitrary code via long PNA_TAG\nvalues, a different vulnerability than CVE-2004-1188.\n\nCVE-2004-1188\nThe pnm_get_chunk function in xine 0.99.2 and earlier, and other\npackages such as MPlayer that use the same code, does not properly\nverify that the chunk size is less than the PREAMBLE_SIZE, which\ncauses a read operation with a negative length that leads to a buffer\noverflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG,\nand (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://mplayerhq.hu/homepage/design7/news.html#mplayer10pre5try2\nhttp://www.idefense.com/application/poi/display?id=166\nhttp://www.idefense.com/application/poi/display?id=167\nhttp://www.idefense.com/application/poi/display?id=168\nhttp://xinehq.de/index.php/security/XSA-2004-6\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110322526210300\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110322829807443\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110323022605345\nhttp://www.vuxml.org/freebsd/85d76f02-5380-11d9-a9e7-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52266);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-1187\", \"CVE-2004-1188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"mplayer -- multiple vulnerabilities\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.5_5\")<0) {\n txt += 'Package mplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.5_5\")<0) {\n txt += 'Package mplayer-gtk version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.5_5\")<0) {\n txt += 'Package mplayer-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.5_5\")<0) {\n txt += 'Package mplayer-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.5_5\")<0) {\n txt += 'Package mplayer-gtk-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk2-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.5_5\")<0) {\n txt += 'Package mplayer-gtk2-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"libxine\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.r5_3\")<=0) {\n txt += 'Package libxine version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:24", "references": [], "pluginID": "54793", "description": "The remote host is missing updates announced in\nadvisory GLSA 200501-07.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "title": "Gentoo Security Advisory GLSA 200501-07 (xine-lib)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1187", "CVE-2004-1300", "CVE-2004-1188"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54793", "id": "OPENVAS:54793", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"xine-lib contains multiple overflows potentially allowing execution of\narbitrary code.\";\ntag_solution = \"All xine-lib users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose media-libs/xine-lib\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=74475\nhttp://www.idefense.com/application/poi/display?id=176&type=vulnerabilities\nhttp://www.idefense.com/application/poi/display?id=177&type=vulnerabilities\nhttp://tigger.uic.edu/~jlongs2/holes/xine-lib.txt\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200501-07.\";\n\n \n\nif(description)\n{\n script_id(54793);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-1187\", \"CVE-2004-1188\", \"CVE-2004-1300\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200501-07 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1_rc8-r1\", \"rge 1_rc6-r1\"), vulnerable: make_list(\"lt 1_rc8-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-13T17:10:27", "references": ["http://marc.info/?l=bugtraq&m=110323022605345", "http://www.nessus.org/u?4c7dac8f", "http://www.nessus.org/u?f0dfa981", "http://www.nessus.org/u?6e76705f", "http://www.nessus.org/u?cdbcba84", "http://www.nessus.org/u?93d1630b", "http://marc.info/?l=bugtraq&m=110322829807443", "http://marc.info/?l=bugtraq&m=110322526210300", "http://www.nessus.org/u?12ef3169"], "pluginID": "19013", "description": "iDEFENSE and the MPlayer Team have found multiple vulnerabilities in MPlayer :\n\n- Potential heap overflow in Real RTSP streaming code\n\n- Potential stack overflow in MMST streaming code\n\n- Multiple buffer overflows in BMP demuxer\n\n- Potential heap overflow in pnm streaming code\n\n- Potential buffer overflow in mp3lib\n\nThese vulnerabilities could allow a remote attacker to execute arbitrary code as the user running MPlayer. The problem in the pnm streaming code also affects xine.", "edition": 5, "reporter": "Tenable", "published": "2005-07-13T00:00:00", "title": "FreeBSD : mplayer -- multiple vulnerabilities (85d76f02-5380-11d9-a9e7-0001020eed82)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1187", "CVE-2004-1188"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxine", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound"], "id": "FREEBSD_PKG_85D76F02538011D9A9E70001020EED82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19013", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19013);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/10 11:49:39\");\n\n script_cve_id(\"CVE-2004-1187\", \"CVE-2004-1188\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (85d76f02-5380-11d9-a9e7-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"iDEFENSE and the MPlayer Team have found multiple vulnerabilities in\nMPlayer :\n\n- Potential heap overflow in Real RTSP streaming code\n\n- Potential stack overflow in MMST streaming code\n\n- Multiple buffer overflows in BMP demuxer\n\n- Potential heap overflow in pnm streaming code\n\n- Potential buffer overflow in mp3lib\n\nThese vulnerabilities could allow a remote attacker to execute\narbitrary code as the user running MPlayer. The problem in the pnm\nstreaming code also affects xine.\"\n );\n # http://mplayerhq.hu/homepage/design7/news.html#mplayer10pre5try2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0dfa981\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110322526210300\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=bugtraq&m=110322526210300\"\n );\n # http://www.idefense.com/application/poi/display?id=166\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c7dac8f\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110322829807443\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=bugtraq&m=110322829807443\"\n );\n # http://www.idefense.com/application/poi/display?id=167\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12ef3169\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110323022605345\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=bugtraq&m=110323022605345\"\n );\n # http://www.idefense.com/application/poi/display?id=168\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdbcba84\"\n );\n # http://xinehq.de/index.php/security/XSA-2004-6\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93d1630b\"\n );\n # https://vuxml.freebsd.org/freebsd/85d76f02-5380-11d9-a9e7-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e76705f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.5_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.5_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.5_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.5_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.5_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.5_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxine<=1.0.r5_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:37", "references": ["https://security.gentoo.org/glsa/200501-07", "http://www.nessus.org/u?f8cbc267", "http://www.nessus.org/u?b8a7e424", "http://www.nessus.org/u?1ec1b810"], "pluginID": "16398", "description": "The remote host is affected by the vulnerability described in GLSA-200501-07 (xine-lib: Multiple overflows)\n\n Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demux_aiff.c, making it vulnerable to a buffer overflow (CAN-2004-1300) . iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CAN-2004-1187).\n iDefense also discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CAN-2004-1188).\n Impact :\n\n A remote attacker could craft a malicious movie or convince a targeted user to connect to a malicious PNM server, which could result in the execution of arbitrary code with the rights of the user running any xine-lib frontend.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2005-02-14T00:00:00", "title": "GLSA-200501-07 : xine-lib: Multiple overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1187", "CVE-2004-1300", "CVE-2004-1188"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xine-lib"], "id": "GENTOO_GLSA-200501-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16398", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200501-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16398);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2004-1187\", \"CVE-2004-1188\", \"CVE-2004-1300\");\n script_xref(name:\"GLSA\", value:\"200501-07\");\n\n script_name(english:\"GLSA-200501-07 : xine-lib: Multiple overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200501-07\n(xine-lib: Multiple overflows)\n\n Ariel Berkman discovered that xine-lib reads specific input data\n into an array without checking the input size in demux_aiff.c, making\n it vulnerable to a buffer overflow (CAN-2004-1300) . iDefense\n discovered that the PNA_TAG handling code in pnm_get_chunk() does not\n check if the input size is larger than the buffer size (CAN-2004-1187).\n iDefense also discovered that in this same function, a negative value\n could be given to an unsigned variable that specifies the read length\n of input data (CAN-2004-1188).\n \nImpact :\n\n A remote attacker could craft a malicious movie or convince a\n targeted user to connect to a malicious PNM server, which could result\n in the execution of arbitrary code with the rights of the user running\n any xine-lib frontend.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8cbc267\"\n );\n # http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ec1b810\"\n );\n # http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8a7e424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200501-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose media-libs/xine-lib\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1_rc8-r1\", \"rge 1_rc6-r1\"), vulnerable:make_list(\"lt 1_rc8-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:45", "references": ["http://www.nessus.org/u?93d1630b", "http://www.nessus.org/u?53a5919c"], "pluginID": "16220", "description": "iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CVE-2004-1187). As well, they discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CVE-2004-1188).\n\nAriel Berkman discovered that xine-lib reads specific input data into an array without checking the input size making it vulnerable to a buffer overflow problem (CVE-2004-1300).\n\nThe updated packages have been patched to prevent these problems.", "edition": 5, "reporter": "Tenable", "published": "2005-01-19T00:00:00", "title": "Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:011)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1187", "CVE-2004-1300", "CVE-2004-1188"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:libxine1", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-esd", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:xine-arts", "p-cpe:/a:mandriva:linux:xine-dxr3", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:xine-aa"], "id": "MANDRAKE_MDKSA-2005-011.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16220", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:011. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16220);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-1187\", \"CVE-2004-1188\", \"CVE-2004-1300\");\n script_xref(name:\"MDKSA\", value:\"2005:011\");\n\n script_name(english:\"Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:011)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"iDefense discovered that the PNA_TAG handling code in pnm_get_chunk()\ndoes not check if the input size is larger than the buffer size\n(CVE-2004-1187). As well, they discovered that in this same function,\na negative value could be given to an unsigned variable that specifies\nthe read length of input data (CVE-2004-1188).\n\nAriel Berkman discovered that xine-lib reads specific input data into\nan array without checking the input size making it vulnerable to a\nbuffer overflow problem (CVE-2004-1300).\n\nThe updated packages have been patched to prevent these problems.\"\n );\n # http://xinehq.de/index.php/security/XSA-2004-6\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93d1630b\"\n );\n # http://xinehq.de/index.php/security/XSA-2004-7\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53a5919c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64xine1-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64xine1-devel-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libxine1-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libxine1-devel-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-aa-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-arts-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"xine-dxr3-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-esd-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-flac-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-gnomevfs-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-plugins-1-0.rc3.6.3.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64xine1-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libxine1-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libxine1-devel-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"xine-aa-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"xine-arts-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"xine-dxr3-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"xine-esd-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"xine-flac-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"xine-gnomevfs-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"xine-plugins-1-0.rc5.9.1.101mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:03", "references": ["http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities", "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1300", "http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188", "https://bugs.gentoo.org/show_bug.cgi?id=74475"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1_rc8-r1", "packageName": "media-libs/xine-lib", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nxine-lib is a multimedia library which can be utilized to create multimedia frontends. \n\n### Description\n\nAriel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demux_aiff.c, making it vulnerable to a buffer overflow (CAN-2004-1300) . iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CAN-2004-1187). iDefense also discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CAN-2004-1188). \n\n### Impact\n\nA remote attacker could craft a malicious movie or convince a targeted user to connect to a malicious PNM server, which could result in the execution of arbitrary code with the rights of the user running any xine-lib frontend. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-lib users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose media-libs/xine-lib", "edition": 1, "reporter": "Gentoo Foundation", "published": "2005-01-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "xine-lib: Multiple overflows", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1187", "CVE-2004-1300", "CVE-2004-1188"], "modified": "2005-01-06T00:00:00", "id": "GLSA-200501-07", "href": "https://security.gentoo.org/glsa/200501-07", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:11", "references": [], "description": "Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow\r\nVulnerability\r\n\r\niDEFENSE Security Advisory 12.21.04\r\nwww.idefense.com/application/poi/display?id=176&type=vulnerabilities\r\nDecember 21, 2004\r\n\r\nI. BACKGROUND\r\n\r\nXine is a multimedia player which runs on multiple platforms.\r\nMore information is available at:\r\n\r\n http://xinehq.de/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a buffer overflow in version 0.99.2 of xine could\r\n\r\nallow execution of arbitrary code.\r\n\r\nThe vulnerability specifically exists in the PNA_TAG handling code of \r\nthe pnm_get_chunk() function. The function does not check the if the \r\nlength of an input to be stored in a fixed size buffer is larger than \r\nthe buffer size.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows execution of arbitrary code \r\nwith the privileges of the targeted user.\r\n\r\nIn order to exploit this vulnerability, an attacker would have to \r\nconvince the targeted user to open a connection to a malicious PNM \r\nserver with xine, using a pnm://address/ URL. Depending on configuration\r\n\r\noptions, this may be exploitable simply by clicking on a link, or it may\r\n\r\nrequire the user to launch the application, specifically requesting the \r\nmalicious content.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE Labs has confirmed the existence of this vulnerability in xine \r\nversion 0.99.2. It is suspected that earlier versions of xine also \r\ncontain this vulnerability.\r\n\r\nThis vulnerability also affects MPlayer prior to MPlayer 1.0pre5try2.\r\n\r\nV. WORKAROUND\r\niDEFENSE is currently unaware of any effective workarounds for this \r\nissue.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nxine-lib 1-rc8 was released to address this vulnerability and is\r\navailable for download at:\r\n\r\n http://xinehq.de/index.php/releases\r\n \r\nAn xine patch for this vulnerability is available at:\r\n\r\n \r\nhttp://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1\r\n.20&r2=1.21\r\n\r\nAn MPlayer patch for this vulnerability is available at:\r\n\r\n http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nnames CAN-2004-1187 to these issues. This is a candidate for inclusion\r\nin the CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n12/10/2004 Initial vendor notification\r\n12/11/2004 Initial vendor response\r\n12/21/2004 Public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThe discoverer of this vulnerability wishes to remain anonymous.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2004 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.", "edition": 1, "reporter": "Securityvulns", "published": "2004-12-22T00:00:00", "title": "iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:11", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-1187"], "modified": "2004-12-22T00:00:00", "id": "SECURITYVULNS:DOC:7404", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7404", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:11", "references": [], "description": "Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length \r\nHeap Overflow Vulnerability\r\n\r\niDEFENSE Security Advisory 12.21.04\r\nwww.idefense.com/application/poi/display?id=177&type=vulnerabilities\r\nDecember 21, 2004\r\n\r\nI. BACKGROUND\r\n\r\nXine is a multimedia player which runs on multiple platforms.\r\nMore information is available at:\r\n \r\n http://xinehq.de/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a buffer overflow in version 0.99.2 of xine could\r\nallow execution of arbitrary code.\r\n\r\nThe vulnerability specifically exists in the RMF_TAG, DATA_TAG, \r\nPROP_TAG, MDPR_TAG and CONT_TAG handling code of the pnm_get_chunk() \r\nfunction. These tags are all handled by the same code. The code does not\r\n\r\nperform correct checking on the chunk size before reading data in. If \r\nthe size given is less than the PREAMBLE_SIZE, a negative length read is\r\n\r\nmade into a fixed length buffer. Because the read length parameter is an\r\n\r\nunsigned value, the negative length is interpreted as a very large \r\nlength, allowing a buffer overflow to occur.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows execution of arbitrary code \r\nwith the privileges of the targeted user.\r\n\r\nIn order to exploit this vulnerability, an attacker would have to \r\nconvince the targeted user to open a connection to a malicious PNM \r\nserver with xine, using a pnm://address/ URL. Depending on configuration\r\n\r\noptions, this may be exploitable simply by clicking on a link, or it may\r\n\r\nrequire the user to launch the application, specifically requesting the \r\nmalicious content.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE Labs has confirmed the existence of this vulnerability in xine \r\nversion 0.99.2. It is suspected that earlier versions of xine also \r\ncontain this vulnerability.\r\n\r\nThis vulnerability also affects MPlayer prior to MPlayer 1.0pre5try2.\r\n\r\nV. WORKAROUND\r\n\r\niDEFENSE is currently unaware of any effective workarounds for this \r\nissue.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nxine-lib 1-rc8 was released to address this vulnerability and is\r\navailable for download at:\r\n\r\n http://xinehq.de/index.php/releases\r\n \r\nAn xine patch for this vulnerability is available at:\r\n\r\n \r\nhttp://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1\r\n.20&r2=1.21\r\n \r\nAn MPlayer patch for this vulnerability is available at:\r\n\r\n http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nnames CAN-2004-1188 to these issues. This is a candidate for inclusion\r\nin the CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n12/10/2004 Initial vendor notification\r\n12/11/2004 Initial vendor response\r\n12/21/2004 Public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThe discoverer of this vulnerability wishes to remain anonymous.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2004 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.", "edition": 1, "reporter": "Securityvulns", "published": "2004-12-22T00:00:00", "title": "iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:11", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-1188"], "modified": "2004-12-22T00:00:00", "id": "SECURITYVULNS:DOC:7402", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7402", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:08", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.xinehq.de/\nVendor Specific Solution URL: http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21\nSecurity Tracker: 1012648\n[Secunia Advisory ID:13883](https://secuniaresearch.flexerasoftware.com/advisories/13883/)\n[Secunia Advisory ID:13926](https://secuniaresearch.flexerasoftware.com/advisories/13926/)\n[Secunia Advisory ID:13739](https://secuniaresearch.flexerasoftware.com/advisories/13739/)\n[Related OSVDB ID: 12662](https://vulners.com/osvdb/OSVDB:12662)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200501-07.xml\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:011\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000919\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities&flashstatus=true\n[CVE-2004-1187](https://vulners.com/cve/CVE-2004-1187)\n", "reporter": "OSVDB", "published": "2004-12-21T17:53:26", "type": "osvdb", "title": "xine PNM Handler PNA_TAG Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-1187"], "modified": "2004-12-21T17:53:26", "href": "https://vulners.com/osvdb/OSVDB:12661", "id": "OSVDB:12661", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:08", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.xinehq.de/\nVendor Specific Solution URL: http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21\nSecurity Tracker: 1012648\n[Secunia Advisory ID:13883](https://secuniaresearch.flexerasoftware.com/advisories/13883/)\n[Secunia Advisory ID:13926](https://secuniaresearch.flexerasoftware.com/advisories/13926/)\n[Secunia Advisory ID:13739](https://secuniaresearch.flexerasoftware.com/advisories/13739/)\n[Related OSVDB ID: 12661](https://vulners.com/osvdb/OSVDB:12661)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200501-07.xml\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:011\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000919\n[CVE-2004-1188](https://vulners.com/cve/CVE-2004-1188)\n", "reporter": "OSVDB", "published": "2004-12-21T17:53:26", "type": "osvdb", "title": "xine pnm_get_chunk() Function Multiple Tag Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-1188"], "modified": "2004-12-21T17:53:26", "href": "https://vulners.com/osvdb/OSVDB:12662", "id": "OSVDB:12662", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
