{"id": "E8A6A16D-E498-11DC-BB89-000BCDC1757A", "bulletinFamily": "unix", "title": "libxine -- buffer overflow vulnerability", "description": "\nxine Team reports:\n\nA new xine-lib version is now available. This release\n\t contains a security fix (array index vulnerability which\n\t may lead to a stack buffer overflow.\n\n", "published": "2007-02-08T00:00:00", "modified": "2007-02-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html", "reporter": "FreeBSD", "references": ["http://www.xinehq.de/index.php/news"], "cvelist": ["CVE-2008-0486"], "type": "freebsd", "lastseen": "2021-07-28T14:52:38", "edition": 5, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:60519", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:1361412562310830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:860920"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-28T14:52:38", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-07-28T14:52:38", "rev": 2}, "vulnersScore": 6.9}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libxine", "packageVersion": "1.1.10.1"}], "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}}

{"cve": [{"id": "CVE-2008-0486", "bulletinFamily": "NVD", "title": "CVE-2008-0486", "description": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.", "published": "2008-02-05T12:00:00", "modified": "2018-10-15T22:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0486", "reporter": "cve@mitre.org", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html", "http://secunia.com/advisories/28801", "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html", "http://secunia.com/advisories/28956", "http://bugs.gentoo.org/show_bug.cgi?id=209106", "http://secunia.com/advisories/28989", "http://security.gentoo.org/glsa/glsa-200802-12.xml", "http://www.vupen.com/english/advisories/2008/0406/references", "http://secunia.com/advisories/29601", "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html", "http://secunia.com/advisories/29141", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://secunia.com/advisories/29323", "http://security.gentoo.org/glsa/glsa-200803-16.xml", "http://www.ubuntu.com/usn/usn-635-1", "http://www.mplayerhq.hu/design7/news.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046", "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735", "http://secunia.com/advisories/29307", "http://secunia.com/advisories/28918", "http://www.coresecurity.com/?action=item&id=2103", "http://secunia.com/advisories/31393", "http://www.debian.org/security/2008/dsa-1536", "http://securityreason.com/securityalert/3608", "http://www.securityfocus.com/archive/1/487501/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045", "http://secunia.com/advisories/28955", "http://www.securityfocus.com/bid/27441", "http://secunia.com/advisories/28779", "http://www.vupen.com/english/advisories/2008/0421", "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html", "http://bugs.xine-project.org/show_bug.cgi?id=38", "http://www.debian.org/security/2008/dsa-1496"], "cvelist": ["CVE-2008-0486"], "type": "cve", "lastseen": "2021-04-21T20:41:31", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "mplayer:mplayer", "name": "mplayer", "operator": "eq", "version": "1.02rc2"}, {"cpeName": "xine:xine-lib", "name": "xine xine-lib", "operator": "eq", "version": "1.1.10"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:mplayer:mplayer:1.02rc2", "cpe:/a:xine:xine-lib:1.1.10"], "cpe23": ["cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-0486"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:11", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-02-02T05:35:11", "rev": 2, "value": 8.8, "vector": "NONE"}}, "extraReferences": [{"name": "28956", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28956"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541"}, {"name": "GLSA-200802-12", "refsource": "GENTOO", "tags": [], "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"}, {"name": "27441", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/27441"}, {"name": "29323", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29323"}, {"name": "29141", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29141"}, {"name": "http://www.coresecurity.com/?action=item&id=2103", "refsource": "MISC", "tags": ["Exploit"], "url": "http://www.coresecurity.com/?action=item&id=2103"}, {"name": "USN-635-1", "refsource": "UBUNTU", "tags": [], "url": "http://www.ubuntu.com/usn/usn-635-1"}, {"name": "ADV-2008-0406", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/0406/references"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735", "refsource": "CONFIRM", "tags": [], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735"}, {"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "refsource": "FULLDISC", "tags": [], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html"}, {"name": "28918", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28918"}, {"name": "ADV-2008-0421", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/0421"}, {"name": "29307", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29307"}, {"name": "DSA-1536", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2008/dsa-1536"}, {"name": "3608", "refsource": "SREASON", "tags": [], "url": "http://securityreason.com/securityalert/3608"}, {"name": "http://www.mplayerhq.hu/design7/news.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.mplayerhq.hu/design7/news.html"}, {"name": "28989", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28989"}, {"name": "MDVSA-2008:045", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"}, {"name": "28779", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28779"}, {"name": "FEDORA-2008-1581", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html"}, {"name": "31393", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/31393"}, {"name": "28801", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28801"}, {"name": "GLSA-200803-16", "refsource": "GENTOO", "tags": [], "url": "http://security.gentoo.org/glsa/glsa-200803-16.xml"}, {"name": "28955", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28955"}, {"name": "MDVSA-2008:046", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046"}, {"name": "FEDORA-2008-1543", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html"}, {"name": "SUSE-SR:2008:006", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"name": "DSA-1496", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2008/dsa-1496"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=209106", "refsource": "CONFIRM", "tags": [], "url": "http://bugs.gentoo.org/show_bug.cgi?id=209106"}, {"name": "http://bugs.xine-project.org/show_bug.cgi?id=38", "refsource": "CONFIRM", "tags": [], "url": "http://bugs.xine-project.org/show_bug.cgi?id=38"}, {"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded"}, {"name": "29601", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29601"}], "hash": "c15271a356a92fb049d70aadc8a519046fcde3a5f09b5449db08119ac20347c5", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "ce4ccae21010a19b51d1ea4376620248", "key": "cpeConfiguration"}, {"hash": "1078b2d1468b92f125fd99de14cc3628", "key": "title"}, {"hash": "e8bf1af848f30c3dc61aa9fa24157153", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7f7c77d2dde7216a66d00321bd5828f8", "key": "cvss2"}, {"hash": "62227a31deddce46eb4d9ab1f1d0253a", "key": "modified"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "28dc06737d8b4a500126a9628e644cc3", "key": "affectedSoftware"}, {"hash": "61cdd416da1a1321a109cd3fcaf83d1c", "key": "references"}, {"hash": "1a30f9ac4a3b435fa4d0de0ff8191578", "key": "cpe23"}, {"hash": "2b90dbc42782cc8a9be1aee14e182ac1", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "a519e66f0ce51143659c9b075765d82d", "key": "description"}, {"hash": "071d78a063d17655108a2c08b16cf843", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "ad5396b94b83ba586f8f6cea3f931388", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f4140fd8dd8605581bbc13541dab7ce8", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0486", "id": "CVE-2008-0486", "immutableFields": [], "lastseen": "2021-02-02T05:35:11", "modified": "2018-10-15T22:00:00", "objectVersion": "1.5", "published": "2008-02-05T12:00:00", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html", "http://secunia.com/advisories/28801", "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html", "http://secunia.com/advisories/28956", "http://bugs.gentoo.org/show_bug.cgi?id=209106", "http://secunia.com/advisories/28989", "http://security.gentoo.org/glsa/glsa-200802-12.xml", "http://www.vupen.com/english/advisories/2008/0406/references", "http://secunia.com/advisories/29601", "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html", "http://secunia.com/advisories/29141", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://secunia.com/advisories/29323", "http://security.gentoo.org/glsa/glsa-200803-16.xml", "http://www.ubuntu.com/usn/usn-635-1", "http://www.mplayerhq.hu/design7/news.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046", "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735", "http://secunia.com/advisories/29307", "http://secunia.com/advisories/28918", "http://www.coresecurity.com/?action=item&id=2103", "http://secunia.com/advisories/31393", "http://www.debian.org/security/2008/dsa-1536", "http://securityreason.com/securityalert/3608", "http://www.securityfocus.com/archive/1/487501/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045", "http://secunia.com/advisories/28955", "http://www.securityfocus.com/bid/27441", "http://secunia.com/advisories/28779", "http://www.vupen.com/english/advisories/2008/0421", "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html", "http://bugs.xine-project.org/show_bug.cgi?id=38", "http://www.debian.org/security/2008/dsa-1496"], "reporter": "cve@mitre.org", "title": "CVE-2008-0486", "type": "cve", "viewCount": 3}, "different_elements": ["cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T05:35:11"}, {"bulletin": {"affectedSoftware": [{"name": "xine xine-lib", "operator": "eq", "version": "1.1.10"}, {"name": "mplayer mplayer", "operator": "eq", "version": "1.02rc2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:mplayer:mplayer:1.02rc2", "cpe:/a:xine:xine-lib:1.1.10"], "cpe23": ["cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*"], "cvelist": ["CVE-2008-0486"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:09:25", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2019-05-29T18:09:25", "rev": 2, "value": 8.8, "vector": "NONE"}}, "hash": "ba47a14ebc1c4f3b276e2fe4216ad958d16999dc7a10cc06b942ff74b8a75ed2", "hashmap": [{"hash": "1078b2d1468b92f125fd99de14cc3628", "key": "title"}, {"hash": "7f7c77d2dde7216a66d00321bd5828f8", "key": "cvss2"}, {"hash": "62227a31deddce46eb4d9ab1f1d0253a", "key": "modified"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "61cdd416da1a1321a109cd3fcaf83d1c", "key": "references"}, {"hash": "1a30f9ac4a3b435fa4d0de0ff8191578", "key": "cpe23"}, {"hash": "2b90dbc42782cc8a9be1aee14e182ac1", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "a519e66f0ce51143659c9b075765d82d", "key": "description"}, {"hash": "071d78a063d17655108a2c08b16cf843", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "80f0b6c7f2587478295823cddb33c727", "key": "affectedSoftware"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "ad5396b94b83ba586f8f6cea3f931388", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f4140fd8dd8605581bbc13541dab7ce8", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0486", "id": "CVE-2008-0486", "lastseen": "2019-05-29T18:09:25", "modified": "2018-10-15T22:00:00", "objectVersion": "1.3", "published": "2008-02-05T12:00:00", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html", "http://secunia.com/advisories/28801", "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html", "http://secunia.com/advisories/28956", "http://bugs.gentoo.org/show_bug.cgi?id=209106", "http://secunia.com/advisories/28989", "http://security.gentoo.org/glsa/glsa-200802-12.xml", "http://www.vupen.com/english/advisories/2008/0406/references", "http://secunia.com/advisories/29601", "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html", "http://secunia.com/advisories/29141", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://secunia.com/advisories/29323", "http://security.gentoo.org/glsa/glsa-200803-16.xml", "http://www.ubuntu.com/usn/usn-635-1", "http://www.mplayerhq.hu/design7/news.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046", "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735", "http://secunia.com/advisories/29307", "http://secunia.com/advisories/28918", "http://www.coresecurity.com/?action=item&id=2103", "http://secunia.com/advisories/31393", "http://www.debian.org/security/2008/dsa-1536", "http://securityreason.com/securityalert/3608", "http://www.securityfocus.com/archive/1/487501/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045", "http://secunia.com/advisories/28955", "http://www.securityfocus.com/bid/27441", "http://secunia.com/advisories/28779", "http://www.vupen.com/english/advisories/2008/0421", "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html", "http://bugs.xine-project.org/show_bug.cgi?id=38", "http://www.debian.org/security/2008/dsa-1496"], "reporter": "cve@mitre.org", "title": "CVE-2008-0486", "type": "cve", "viewCount": 1}, "differentElements": ["affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:09:25"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "mplayer:mplayer", "name": "mplayer", "operator": "eq", "version": "1.02rc2"}, {"cpeName": "xine:xine-lib", "name": "xine xine-lib", "operator": "eq", "version": "1.1.10"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:mplayer:mplayer:1.02rc2", "cpe:/a:xine:xine-lib:1.1.10"], "cpe23": ["cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2008-0486"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:15", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-09-21T13:59:15", "rev": 2, "value": 8.8, "vector": "NONE"}}, "hash": "f7454f0da8f4f73071a2418806142b1777f336024e538bb86da28a4a7923ec25", "hashmap": [{"hash": "1078b2d1468b92f125fd99de14cc3628", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7f7c77d2dde7216a66d00321bd5828f8", "key": "cvss2"}, {"hash": "62227a31deddce46eb4d9ab1f1d0253a", "key": "modified"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "28dc06737d8b4a500126a9628e644cc3", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "61cdd416da1a1321a109cd3fcaf83d1c", "key": "references"}, {"hash": "1a30f9ac4a3b435fa4d0de0ff8191578", "key": "cpe23"}, {"hash": "2b90dbc42782cc8a9be1aee14e182ac1", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "a519e66f0ce51143659c9b075765d82d", "key": "description"}, {"hash": "071d78a063d17655108a2c08b16cf843", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "ad5396b94b83ba586f8f6cea3f931388", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f4140fd8dd8605581bbc13541dab7ce8", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0486", "id": "CVE-2008-0486", "lastseen": "2020-09-21T13:59:15", "modified": "2018-10-15T22:00:00", "objectVersion": "1.3", "published": "2008-02-05T12:00:00", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html", "http://secunia.com/advisories/28801", "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html", "http://secunia.com/advisories/28956", "http://bugs.gentoo.org/show_bug.cgi?id=209106", "http://secunia.com/advisories/28989", "http://security.gentoo.org/glsa/glsa-200802-12.xml", "http://www.vupen.com/english/advisories/2008/0406/references", "http://secunia.com/advisories/29601", "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html", "http://secunia.com/advisories/29141", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://secunia.com/advisories/29323", "http://security.gentoo.org/glsa/glsa-200803-16.xml", "http://www.ubuntu.com/usn/usn-635-1", "http://www.mplayerhq.hu/design7/news.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046", "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735", "http://secunia.com/advisories/29307", "http://secunia.com/advisories/28918", "http://www.coresecurity.com/?action=item&id=2103", "http://secunia.com/advisories/31393", "http://www.debian.org/security/2008/dsa-1536", "http://securityreason.com/securityalert/3608", "http://www.securityfocus.com/archive/1/487501/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045", "http://secunia.com/advisories/28955", "http://www.securityfocus.com/bid/27441", "http://secunia.com/advisories/28779", "http://www.vupen.com/english/advisories/2008/0421", "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html", "http://bugs.xine-project.org/show_bug.cgi?id=38", "http://www.debian.org/security/2008/dsa-1496"], "reporter": "cve@mitre.org", "title": "CVE-2008-0486", "type": "cve", "viewCount": 1}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T13:59:15"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "mplayer:mplayer", "name": "mplayer", "operator": "eq", "version": "1.02rc2"}, {"cpeName": "xine:xine-lib", "name": "xine xine-lib", "operator": "eq", "version": "1.1.10"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:mplayer:mplayer:1.02rc2", "cpe:/a:xine:xine-lib:1.1.10"], "cpe23": ["cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-0486"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T11:50:57", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-10-03T11:50:57", "rev": 2, "value": 8.8, "vector": "NONE"}}, "extraReferences": [], "hash": "d1211f796586460a755c91bbc08166d2fd56bf74074fd20f303ec7893b8b69b0", "hashmap": [{"hash": "ce4ccae21010a19b51d1ea4376620248", "key": "cpeConfiguration"}, {"hash": "1078b2d1468b92f125fd99de14cc3628", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7f7c77d2dde7216a66d00321bd5828f8", "key": "cvss2"}, {"hash": "62227a31deddce46eb4d9ab1f1d0253a", "key": "modified"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "28dc06737d8b4a500126a9628e644cc3", "key": "affectedSoftware"}, {"hash": "61cdd416da1a1321a109cd3fcaf83d1c", "key": "references"}, {"hash": "1a30f9ac4a3b435fa4d0de0ff8191578", "key": "cpe23"}, {"hash": "2b90dbc42782cc8a9be1aee14e182ac1", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "a519e66f0ce51143659c9b075765d82d", "key": "description"}, {"hash": "071d78a063d17655108a2c08b16cf843", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "ad5396b94b83ba586f8f6cea3f931388", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f4140fd8dd8605581bbc13541dab7ce8", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0486", "id": "CVE-2008-0486", "lastseen": "2020-10-03T11:50:57", "modified": "2018-10-15T22:00:00", "objectVersion": "1.3", "published": "2008-02-05T12:00:00", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html", "http://secunia.com/advisories/28801", "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html", "http://secunia.com/advisories/28956", "http://bugs.gentoo.org/show_bug.cgi?id=209106", "http://secunia.com/advisories/28989", "http://security.gentoo.org/glsa/glsa-200802-12.xml", "http://www.vupen.com/english/advisories/2008/0406/references", "http://secunia.com/advisories/29601", "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html", "http://secunia.com/advisories/29141", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://secunia.com/advisories/29323", "http://security.gentoo.org/glsa/glsa-200803-16.xml", "http://www.ubuntu.com/usn/usn-635-1", "http://www.mplayerhq.hu/design7/news.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046", "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735", "http://secunia.com/advisories/29307", "http://secunia.com/advisories/28918", "http://www.coresecurity.com/?action=item&id=2103", "http://secunia.com/advisories/31393", "http://www.debian.org/security/2008/dsa-1536", "http://securityreason.com/securityalert/3608", "http://www.securityfocus.com/archive/1/487501/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045", "http://secunia.com/advisories/28955", "http://www.securityfocus.com/bid/27441", "http://secunia.com/advisories/28779", "http://www.vupen.com/english/advisories/2008/0421", "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html", "http://bugs.xine-project.org/show_bug.cgi?id=38", "http://www.debian.org/security/2008/dsa-1496"], "reporter": "cve@mitre.org", "title": "CVE-2008-0486", "type": "cve", "viewCount": 2}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-03T11:50:57"}], "edition": 5, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "28dc06737d8b4a500126a9628e644cc3"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f4140fd8dd8605581bbc13541dab7ce8"}, {"key": "cpe23", "hash": "1a30f9ac4a3b435fa4d0de0ff8191578"}, {"key": "cpeConfiguration", "hash": "d47544b052018f277d8c440330bda8e5"}, {"key": "cvelist", "hash": "2b90dbc42782cc8a9be1aee14e182ac1"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "7d7c5f35269532e6785117964a2cc28a"}, {"key": "description", "hash": "a519e66f0ce51143659c9b075765d82d"}, {"key": "extraReferences", "hash": "e8bf1af848f30c3dc61aa9fa24157153"}, {"key": "href", "hash": "071d78a063d17655108a2c08b16cf843"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "62227a31deddce46eb4d9ab1f1d0253a"}, {"key": "published", "hash": "ad5396b94b83ba586f8f6cea3f931388"}, {"key": "references", "hash": "61cdd416da1a1321a109cd3fcaf83d1c"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "1078b2d1468b92f125fd99de14cc3628"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "19a0f3707288d8aa4c97471e85647e50fede9797198b94be94a6fddb23d49875", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60519", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:1361412562310830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60529", "OPENVAS:860920"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-04-21T20:41:31", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-04-21T20:41:31", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:mplayer:mplayer:1.02rc2", "cpe:/a:xine:xine-lib:1.1.10"], "affectedSoftware": [{"cpeName": "mplayer:mplayer", "name": "mplayer", "operator": "eq", "version": "1.02rc2"}, {"cpeName": "xine:xine-lib", "name": "xine xine-lib", "operator": "eq", "version": "1.1.10"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*"], "cwe": ["CWE-189"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "28956", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28956"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541"}, {"name": "GLSA-200802-12", "refsource": "GENTOO", "tags": [], "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"}, {"name": "27441", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/27441"}, {"name": "29323", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29323"}, {"name": "29141", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29141"}, {"name": "http://www.coresecurity.com/?action=item&id=2103", "refsource": "MISC", "tags": ["Exploit"], "url": "http://www.coresecurity.com/?action=item&id=2103"}, {"name": "USN-635-1", "refsource": "UBUNTU", "tags": [], "url": "http://www.ubuntu.com/usn/usn-635-1"}, {"name": "ADV-2008-0406", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/0406/references"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735", "refsource": "CONFIRM", "tags": [], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735"}, {"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "refsource": "FULLDISC", "tags": [], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html"}, {"name": "28918", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28918"}, {"name": "ADV-2008-0421", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/0421"}, {"name": "29307", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29307"}, {"name": "DSA-1536", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2008/dsa-1536"}, {"name": "3608", "refsource": "SREASON", "tags": [], "url": "http://securityreason.com/securityalert/3608"}, {"name": "http://www.mplayerhq.hu/design7/news.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.mplayerhq.hu/design7/news.html"}, {"name": "28989", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28989"}, {"name": "MDVSA-2008:045", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"}, {"name": "28779", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28779"}, {"name": "FEDORA-2008-1581", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html"}, {"name": "31393", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/31393"}, {"name": "28801", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28801"}, {"name": "GLSA-200803-16", "refsource": "GENTOO", "tags": [], "url": "http://security.gentoo.org/glsa/glsa-200803-16.xml"}, {"name": "28955", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28955"}, {"name": "MDVSA-2008:046", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046"}, {"name": "FEDORA-2008-1543", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html"}, {"name": "SUSE-SR:2008:006", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"name": "DSA-1496", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2008/dsa-1496"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=209106", "refsource": "CONFIRM", "tags": [], "url": "http://bugs.gentoo.org/show_bug.cgi?id=209106"}, {"name": "http://bugs.xine-project.org/show_bug.cgi?id=38", "refsource": "CONFIRM", "tags": [], "url": "http://bugs.xine-project.org/show_bug.cgi?id=38"}, {"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded"}, {"name": "29601", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29601"}], "immutableFields": []}], "ubuntucve": [{"id": "UB:CVE-2008-0486", "hash": "d2d40651b63f5171a6d5976543691019", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2008-0486", "description": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and\nSVN before r25917, and possibly earlier versions, as used in Xine-lib\n1.1.10, might allow remote attackers to execute arbitrary code via a\ncrafted FLAC tag, which triggers a buffer overflow.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/mplayer/+bug/191488>\n * <https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/195700>\n * <https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/210163>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | according to http://xinehq.de/index.php/security, 1.1.1 and older are not affected\n", "published": "2008-02-05T00:00:00", "modified": "2008-02-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2008-0486", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "https://ubuntu.com/security/notices/USN-635-1", "https://nvd.nist.gov/vuln/detail/CVE-2008-0486", "https://launchpad.net/bugs/cve/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0486"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-07-31T02:15:30", "history": [{"bulletin": {"id": "UB:CVE-2008-0486", "hash": "0bef97ef35fbdf4251c2896c4f085a78", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2008-0486", "description": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and\nSVN before r25917, and possibly earlier versions, as used in Xine-lib\n1.1.10, might allow remote attackers to execute arbitrary code via a\ncrafted FLAC tag, which triggers a buffer overflow.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/mplayer/+bug/191488>\n * <https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/195700>\n * <https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/210163>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | according to http://xinehq.de/index.php/security, 1.1.1 and older are not affected\n", "published": "2008-02-05T00:00:00", "modified": "2008-02-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2008-0486", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "https://ubuntu.com/security/notices/USN-635-1", "https://nvd.nist.gov/vuln/detail/CVE-2008-0486", "https://launchpad.net/bugs/cve/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0486"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-07-01T01:08:37", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60529", "OPENVAS:860920", "OPENVAS:60533", "OPENVAS:830468", "OPENVAS:1361412562310830474", "OPENVAS:830474", "OPENVAS:60449", "OPENVAS:60519"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200802-12.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200803-16.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FEDORA_2008-1543.NASL"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-01T01:08:37", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-07-01T01:08:37", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "mplayer"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.1.10.1-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "xine-lib"}], "bugs": ["https://bugs.launchpad.net/ubuntu/+source/mplayer/+bug/191488", "https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/195700", "https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/210163"]}, "lastseen": "2021-07-01T01:08:37", "differentElements": ["cvss2"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "openvas", "idList": ["OPENVAS:860920", "OPENVAS:60519", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:1361412562310830474", "OPENVAS:60529", "OPENVAS:860441", "OPENVAS:830474", "OPENVAS:60533", "OPENVAS:60449"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8631"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200802-12.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1543.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-31T02:15:30", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-07-31T02:15:30", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "mplayer"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.1.10.1-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "xine-lib"}], "bugs": ["https://bugs.launchpad.net/ubuntu/+source/mplayer/+bug/191488", "https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/195700", "https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/210163"], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "fedora": [{"id": "FEDORA:M1D55W2W005532", "hash": "af3cb4c27820319dce18327ccec4eb556c93acff29de7baf6cb62e6c8a3a2e3b", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 8 Update: xine-lib-1.1.10.1-1.fc8", "description": "This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of the most uncommon formats, too. --with/--without rpmbuild options (some default values depend on target distribution): aalib, caca, directfb, imagemagick, freetype, antialiasing (with freetype), jack, pulseaudio, wavpack, xcb. ", "published": "2008-02-13T05:06:27", "modified": "2008-02-13T05:06:27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2008-0486"], "lastseen": "2020-12-21T08:17:49", "history": [{"lastseen": "2020-12-21T08:17:49", "different_elements": ["cvss2"], "edition": 1, "bulletin": {"lastseen": "2020-12-21T08:17:49", "references": [], "description": "This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of the most uncommon formats, too. --with/--without rpmbuild options (some default values depend on target distribution): aalib, caca, directfb, imagemagick, freetype, antialiasing (with freetype), jack, pulseaudio, wavpack, xcb. ", "edition": 1, "cvss3": {}, "reporter": "Fedora", "history": [], "published": "2008-02-13T05:06:27", "enchantments": {"score": {"rev": 2, "modified": "2020-12-21T08:17:49", "vector": "NONE", "value": 5.7}, "dependencies": {"rev": 2, "references": [{"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "modified": "2020-12-21T08:17:49"}}, "title": "[SECURITY] Fedora 8 Update: xine-lib-1.1.10.1-1.fc8", "type": "fedora", "objectVersion": "1.5", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-0486"], "immutableFields": [], "modified": "2008-02-13T05:06:27", "href": "", "id": "FEDORA:M1D55W2W005532", "viewCount": 1, "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "2b90dbc42782cc8a9be1aee14e182ac1", "key": "cvelist"}, {"hash": "d48fbb4594be2bb42f2c9e801eede875", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "577b227e18eec843dcc2ada531291529", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "d48fbb4594be2bb42f2c9e801eede875", "key": "published"}, {"hash": "f12528995e5edd96b95dd904444dea04", "key": "reporter"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "2e7c2f310b90cec5ffae0d8f7c8690c6", "key": "description"}, {"hash": "e11c718b99e26b1ca8b45f2df455c70b", "key": "type"}], "hash": "697c8ffdd3ee0b32db4f32a5e2a84459359205697af9fc97b3f9962b31b44a3e"}}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "Fedora", "OSVersion": "8", "arch": "any", "packageName": "xine-lib", "packageVersion": "1.1.10.1", "packageFilename": "UNKNOWN", "operator": "lt"}], "_object_type": "robots.models.fedora.FedoraBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.fedora.FedoraBulletin"], "immutableFields": [], "scheme": null, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "2b90dbc42782cc8a9be1aee14e182ac1"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "2e7c2f310b90cec5ffae0d8f7c8690c6"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d48fbb4594be2bb42f2c9e801eede875"}, {"key": "published", "hash": "d48fbb4594be2bb42f2c9e801eede875"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f12528995e5edd96b95dd904444dea04"}, {"key": "title", "hash": "577b227e18eec843dcc2ada531291529"}, {"key": "type", "hash": "e11c718b99e26b1ca8b45f2df455c70b"}]}, {"id": "FEDORA:M1D5BNSN006178", "hash": "c7ca25e39627f7b71fcbbea0e3bf58e65ebaf547f9f5fb47b0dc81420ea278b8", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 7 Update: xine-lib-1.1.10.1-1.fc7", "description": "This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of the most uncommon formats, too. --with/--without rpmbuild options (some default values depend on target distribution): aalib, caca, directfb, imagemagick, freetype, antialiasing (with freetype), jack, pulseaudio, wavpack, xcb. ", "published": "2008-02-13T05:12:05", "modified": "2008-02-13T05:12:05", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2008-0486"], "lastseen": "2020-12-21T08:17:49", "history": [{"lastseen": "2020-12-21T08:17:49", "different_elements": ["cvss2"], "edition": 1, "bulletin": {"lastseen": "2020-12-21T08:17:49", "references": [], "description": "This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of the most uncommon formats, too. --with/--without rpmbuild options (some default values depend on target distribution): aalib, caca, directfb, imagemagick, freetype, antialiasing (with freetype), jack, pulseaudio, wavpack, xcb. ", "edition": 1, "cvss3": {}, "reporter": "Fedora", "history": [], "published": "2008-02-13T05:12:05", "enchantments": {"score": {"rev": 2, "modified": "2020-12-21T08:17:49", "vector": "NONE", "value": 5.7}, "dependencies": {"rev": 2, "references": [{"idList": ["FEDORA:M1D55W2W005532"], "type": "fedora"}, {"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "modified": "2020-12-21T08:17:49"}}, "title": "[SECURITY] Fedora 7 Update: xine-lib-1.1.10.1-1.fc7", "type": "fedora", "objectVersion": "1.5", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-0486"], "immutableFields": [], "modified": "2008-02-13T05:12:05", "href": "", "id": "FEDORA:M1D5BNSN006178", "viewCount": 0, "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "2fa553781ef1aa30f36283526929eb23", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "2b90dbc42782cc8a9be1aee14e182ac1", "key": "cvelist"}, {"hash": "3681f90594e0a254e5feafdacf137a15", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "f12528995e5edd96b95dd904444dea04", "key": "reporter"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "2e7c2f310b90cec5ffae0d8f7c8690c6", "key": "description"}, {"hash": "3681f90594e0a254e5feafdacf137a15", "key": "modified"}, {"hash": "e11c718b99e26b1ca8b45f2df455c70b", "key": "type"}], "hash": "0e0f964e879257df37ee056f40d651962d8a6ee91e89e1aff23b606c6198eeb2"}}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"idList": ["FEDORA:M1D55W2W005532"], "type": "fedora"}, {"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "Fedora", "OSVersion": "7", "arch": "any", "packageName": "xine-lib", "packageVersion": "1.1.10.1", "packageFilename": "UNKNOWN", "operator": "lt"}], "_object_type": "robots.models.fedora.FedoraBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.fedora.FedoraBulletin"], "immutableFields": [], "scheme": null, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "2b90dbc42782cc8a9be1aee14e182ac1"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "2e7c2f310b90cec5ffae0d8f7c8690c6"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3681f90594e0a254e5feafdacf137a15"}, {"key": "published", "hash": "3681f90594e0a254e5feafdacf137a15"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f12528995e5edd96b95dd904444dea04"}, {"key": "title", "hash": "2fa553781ef1aa30f36283526929eb23"}, {"key": "type", "hash": "e11c718b99e26b1ca8b45f2df455c70b"}]}], "seebug": [{"href": "https://www.seebug.org/vuldb/ssvid-2889", "status": "details", "history": [], "bulletinFamily": "exploit", "modified": "2008-02-14T00:00:00", "title": "MPlayer demux_audio.c\u8fdc\u7a0b\u6808\u6ea2\u51fa\u6f0f\u6d1e", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "sourceHref": "", "cvelist": ["CVE-2008-0486"], "description": "BUGTRAQ ID: 27441\r\nCVE(CAN) ID: CVE-2008-0486\r\n\r\nMPlayer\u662f\u4e00\u6b3e\u57fa\u4e8eLinux\u7684\u5a92\u4f53\u64ad\u653e\u7a0b\u5e8f\uff0c\u652f\u6301\u591a\u79cd\u5a92\u4f53\u683c\u5f0f\u3002\r\n\r\nMPlayer\u7684libmpdemux/demux_audio.c\u6587\u4ef6\u5728\u89e3\u6790FLAC\u6807\u6ce8\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff1a\r\n\r\n/-----------\r\n\r\nlibmpdemux/demux_audio.c\r\n \r\n206 case FLAC_VORBIS_COMMENT:\r\n207 {\r\n208 /* For a description of the format please have a look at */\r\n209 /* http://www.xiph.org/vorbis/doc/v-comment.html */\r\n210\r\n211 uint32_t length, comment_list_len;\r\n212 (1) char comments[blk_len];\r\n213 uint8_t *ptr = comments;\r\n214 char *comment;\r\n215 int cn;\r\n216 char c;\r\n217\r\n218 if (stream_read (s, comments, blk_len) == blk_len)\r\n219 {\r\n220 (2) length = AV_RL32(ptr);\r\n221 ptr += 4 + length;\r\n222\r\n223 comment_list_len = AV_RL32(ptr);\r\n224 ptr += 4;\r\n225\r\n226 cn = 0;\r\n227 for (; cn &lt; comment_list_len; cn++)\r\n228 {\r\n229 length = AV_RL32(ptr);\r\n230 ptr += 4;\r\n231\r\n232 comment = ptr;\r\n233 (3) c = comment[length];\r\n234 comment[length] = 0; ...\r\n\r\n- -----------/\r\n\r\n\u53ef\u89c1\u5728(2)\u5904length\u53c2\u6570\u662f\u4ece\u6587\u4ef6\u6d41\u4e2d\u7684\u4f4d\u7f6e\u52a0\u8f7d\u7684\uff0c\u7136\u540e\u672a\u7ecf\u4efb\u4f55\u9a8c\u8bc1\u4fbf\u5728comment\u7f13\u51b2\u533a\u7d22\u5f15\u4e2d\u4f7f\u7528\uff0c\u8fd9\u53ef\u80fd\u89e6\u53d1\u6808\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\n\nMPlayer MPlayer 1.0 rc2\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMPlayer\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.mplayerhq.hu/MPlayer/patches/url_fix_20080120.diff target=_blank>http://www.mplayerhq.hu/MPlayer/patches/url_fix_20080120.diff</a>\r\n<a href=http://www.mplayerhq.hu/MPlayer/patches/demux_mov_fix_20080129.diff target=_blank>http://www.mplayerhq.hu/MPlayer/patches/demux_mov_fix_20080129.diff</a>\r\n<a href=http://www.mplayerhq.hu/MPlayer/patches/demux_audio_fix_20080129.diff target=_blank>http://www.mplayerhq.hu/MPlayer/patches/demux_audio_fix_20080129.diff</a>", "viewCount": 1, "published": "2008-02-14T00:00:00", "sourceData": "", "id": "SSV:2889", "enchantments_done": [], "_object_type": "robots.models.seebug.SeebugBulletin", "type": "seebug", "lastseen": "2017-11-19T21:48:16", "reporter": "Root", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2017-11-19T21:48:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60529", "OPENVAS:860920", "OPENVAS:830468", "OPENVAS:60533", "OPENVAS:1361412562310830474", "OPENVAS:830474", "OPENVAS:60449"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200802-12.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200803-16.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FEDORA_2008-1543.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2017-11-19T21:48:16", "rev": 2}}, "objectVersion": "1.5", "references": [], "immutableFields": []}], "securityvulns": [{"id": "SECURITYVULNS:DOC:19007", "bulletinFamily": "software", "title": "CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs\r\n\r\n MPlayer 1.0rc2 buffer overflow vulnerability\r\n\r\n\r\n*Advisory Information*\r\n\r\nTitle: MPlayer 1.0rc2 buffer overflow vulnerability\r\nAdvisory ID: CORE-2007-1218\r\nAdvisory URL: http://www.coresecurity.com/?action=item&amp;id=2103\r\nDate published: 2008-02-04\r\nDate of last update: 2008-02-01\r\nVendors contacted: MPlayer and Xine team\r\nRelease mode: Coordinated release\r\n\r\n\r\n*Vulnerability Information*\r\n\r\nClass: Buffer overflow\r\nRemotely Exploitable: No\r\nLocally Exploitable: Yes\r\nBugtraq ID: 27441\r\nCVE Name: CVE-2008-0486\r\n\r\n\r\n*Vulnerability Description*\r\n\r\nThe MPlayer package [1] is vulnerable to a buffer overflow attack, which\r\ncan be exploited by malicious remote attackers. The vulnerability is due\r\nto MPlayer not properly sanitizing certain tags on a FLAC file before\r\nusing them to index an array on the stack. This can be exploited to\r\nexecute arbitrary commands by opening a specially crafted file.\r\n\r\nThe Xine package [2], and probably other packages based on MPlayer [3],\r\nare vulnerable to this attack too.\r\n\r\n\r\n*Vulnerable Packages*\r\n\r\n. MPlayer 1.0rc2 and SVN before r25917 &#40;Tue Jan 29 22:00:58 2008 UTC&#41;.\r\nOlder versions are probably affected too, but they were not checked.\r\n. Xine-lib 1.1.10. Other MPlayer related projects are affected too.\r\n\r\n\r\n*Non-vulnerable Packages*\r\n\r\n. MPlayer SVN HEAD after r25917.\r\n. MPlayer 1.0rc2 + security patches.\r\n\r\n\r\n*Vendor Information, Solutions and Workarounds*\r\n\r\nA fix for this problem was committed to SVN on the MPlayer project [4].\r\nUsers of affected MPlayer versions should download a patch [5] for\r\nMPlayer 1.0rc2 or update to the latest version if they are using SVN.\r\n\r\n\r\n*Credits*\r\n\r\nThis vulnerability was discovered by Damian Frizza and Alfredo Ortega,\r\nfrom the Exploit Writers team of Core Security Technologies.\r\n\r\n\r\n*Technical Description / Proof of Concept Code*\r\n\r\nThe vulnerability was found in the following code, used to parse FLAC\r\ncomments inside MPlayer:\r\n\r\n/-----------\r\n\r\nlibmpdemux/demux_audio.c\r\n \r\n206 case FLAC_VORBIS_COMMENT:\r\n207 {\r\n208 /* For a description of the format please have a look at */\r\n209 /* http://www.xiph.org/vorbis/doc/v-comment.html */\r\n210\r\n211 uint32_t length, comment_list_len;\r\n212 &#40;1&#41; char comments[blk_len];\r\n213 uint8_t *ptr = comments;\r\n214 char *comment;\r\n215 int cn;\r\n216 char c;\r\n217\r\n218 if &#40;stream_read &#40;s, comments, blk_len&#41; == blk_len&#41;\r\n219 {\r\n220 &#40;2&#41; length = AV_RL32&#40;ptr&#41;;\r\n221 ptr += 4 + length;\r\n222\r\n223 comment_list_len = AV_RL32&#40;ptr&#41;;\r\n224 ptr += 4;\r\n225\r\n226 cn = 0;\r\n227 for &#40;; cn &lt; comment_list_len; cn++&#41;\r\n228 {\r\n229 length = AV_RL32&#40;ptr&#41;;\r\n230 ptr += 4;\r\n231\r\n232 comment = ptr;\r\n233 &#40;3&#41; c = comment[length];\r\n234 comment[length] = 0; ...\r\n\r\n- -----------/\r\n\r\nWe can see in &#40;2&#41; that the &#39;length&#39; variable is being loaded from a\r\nposition on the file stream, and then used without any validation to\r\nindex the &#39;comment&#39; buffer, that was allocated from the stack in &#40;1&#41;.\r\nThis causes a stack corruption, and possibly allows code execution &#40;e.g.\r\nmodifying the value of the &#39;length&#39; variable, that is also on the stack&#41;.\r\n\r\nExample Attack Scenario:\r\n\r\n1&#41; The user receives an email with an attachment called e.g.\r\n&#39;goodmusic.flac&#39;.\r\n2&#41; The user opens the file with MPlayer or another vulnerable software.\r\n3&#41; This causes a stack corruption and malicious code execution on the\r\nuser computer.\r\n\r\n\r\n*Report Timeline*\r\n\r\n. 2007-12-18: Core Security Technologies notifies the MPlayer team of\r\nthe vulnerability &#40;no reply received&#41;.\r\n. 2008-01-04: A new notification of the vulnerability was sent to the\r\nMPlayer team &#40;no reply received&#41;.\r\n. 2008-01-18: A new notification of the vulnerability was sent to the\r\nMPlayer team.\r\n. 2008-01-18: The MPlayer team asked Core Security Technologies for\r\ntechnical description of the vulnerability.\r\n. 2008-01-22: Technical details was sent to MPlayer team by Core\r\nSecurity Technologies.\r\n. 2008-01-28: MPlayer notified Core Security Technologies that a fix had\r\nbeen produced.\r\n. 2008-02-04: CORE-2007-1218 advisory was published.\r\n\r\n\r\n*References*\r\n\r\n[1] http://www.mplayerhq.hu\r\n[2] http://xinehq.de/\r\n[3] http://www.mplayerhq.hu/design7/projects.html\r\n[4]\r\nhttp://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_audio.c?r1=25911&amp;r2=25917\r\n[5] http://www.mplayerhq.hu/MPlayer/patches/demux_audio_fix_20080129.diff\r\n\r\n\r\n*About CoreLabs*\r\n\r\nCoreLabs, the research center of Core Security Technologies, is charged\r\nwith anticipating the future needs and requirements for information\r\nsecurity technologies. We conduct our research in several important\r\nareas of computer security including system vulnerabilities, cyber\r\nattack planning and simulation, source code auditing, and cryptography.\r\nOur results include problem formalization, identification of\r\nvulnerabilities, novel solutions and prototypes for new technologies.\r\nCoreLabs regularly publishes security advisories, technical papers,\r\nproject information and shared software tools for public use at:\r\nhttp://www.coresecurity.com/corelabs/.\r\n\r\n\r\n*About Core Security Technologies*\r\n\r\nCore Security Technologies develops strategic solutions that help\r\nsecurity-conscious organizations worldwide develop and maintain a\r\nproactive process for securing their networks. The company&#39;s flagship\r\nproduct, CORE IMPACT, is the most comprehensive product for performing\r\nenterprise security assurance testing. CORE IMPACT evaluates network,\r\nendpoint and end-user vulnerabilities and identifies what resources are\r\nexposed. It enables organizations to determine if current security\r\ninvestments are detecting and preventing attacks. Core Security\r\nTechnologies augments its leading technology solution with world-class\r\nsecurity consulting services, including penetration testing and software\r\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\r\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\r\nhttp://www.coresecurity.com.\r\n\r\n\r\n*Disclaimer*\r\n\r\nThe contents of this advisory are copyright &#40;c&#41; 2008 Core Security\r\nTechnologies and &#40;c&#41; 2008 CoreLabs, and may be distributed freely\r\nprovided that no fee is charged for this distribution and proper credit\r\nis given.\r\n\r\n\r\n*GPG/PGP Keys*\r\n\r\nThis advisory has been signed with the GPG key of Core Security\r\nTechnologies advisories team, which is available for download at\r\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;MingW32&#41;\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFHp2riyNibggitWa0RApD/AKCtN46G9t/7fMEutRQbUx6uVKonDwCfWYcb\r\ng+kdvVlvzynfGW8XUUI1v7w=\r\n=Byqy\r\n-----END PGP SIGNATURE-----", "published": "2008-02-05T00:00:00", "modified": "2008-02-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19007", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2008-0486"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:24", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2b90dbc42782cc8a9be1aee14e182ac1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "4a03ce025fc7a537660eaf8e1f46f79c"}, {"key": "href", "hash": "694e0658303a71d82064ee4365523292"}, {"key": "modified", "hash": "f06356e809bc58409f335182f92ab4dc"}, {"key": "published", "hash": "f06356e809bc58409f335182f92ab4dc"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "9e1e210cc14258223e11d76a58fb3584"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "5764b3aed42577a62b7f6512081ed4d6bbd50cd0c71bd33b9551f241e162fcf7", "viewCount": 1, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2018-08-31T11:10:24", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60529", "OPENVAS:860920", "OPENVAS:60533", "OPENVAS:830468", "OPENVAS:1361412562310830474", "OPENVAS:830474", "OPENVAS:60449", "OPENVAS:60519"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19370"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200802-12.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200803-16.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FEDORA_2008-1543.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2018-08-31T11:10:24", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": []}, {"id": "SECURITYVULNS:DOC:19149", "bulletinFamily": "software", "title": "[ MDVSA-2008:046 ] - Updated xine-lib package fixes arbitrary code execution vulnerability", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDVSA-2008:046\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : xine-lib\r\n Date : February 15, 2008\r\n Affected: 2007.1, 2008.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n An array index vulnerability found in the FLAC audio demuxer might\r\n allow remote attackers to execute arbitrary code via a crafted FLAC\r\n tag, which triggers a buffer overflow. Although originally an MPlayer\r\n issue, it also affects xine-lib due to code similarity.\r\n \r\n The updated packages have been patched to prevent this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2007.1:\r\n 92b105e8e45cc7c628cfea03b65e5ebc 2007.1/i586/libxine1-1.1.4-6.5mdv2007.1.i586.rpm\r\n 8c10ae324cb8e3b02fe142cae8d86b23 2007.1/i586/libxine1-devel-1.1.4-6.5mdv2007.1.i586.rpm\r\n bb26522243e95621a475b886ebedacca 2007.1/i586/xine-aa-1.1.4-6.5mdv2007.1.i586.rpm\r\n 5d01cf04b75ba1ad6a4b8e85448e7b78 2007.1/i586/xine-arts-1.1.4-6.5mdv2007.1.i586.rpm\r\n 08be3876d609ee70b0966eaaa395085b 2007.1/i586/xine-caca-1.1.4-6.5mdv2007.1.i586.rpm\r\n b0702ce5b6e2bd2bc12c8a4b42e8ee30 2007.1/i586/xine-dxr3-1.1.4-6.5mdv2007.1.i586.rpm\r\n a1dd806006624254b89f9bc6c756bd2c 2007.1/i586/xine-esd-1.1.4-6.5mdv2007.1.i586.rpm\r\n b0218b6ae17e7874a0949055f1271365 2007.1/i586/xine-flac-1.1.4-6.5mdv2007.1.i586.rpm\r\n f7b59004050060fd3ebb83bbedc7d16a 2007.1/i586/xine-gnomevfs-1.1.4-6.5mdv2007.1.i586.rpm\r\n 38ab5fb451a81ffcce9357a3884eeaff 2007.1/i586/xine-image-1.1.4-6.5mdv2007.1.i586.rpm\r\n ef5bbbf902ebf0b51a56a908ff79712c 2007.1/i586/xine-jack-1.1.4-6.5mdv2007.1.i586.rpm\r\n 0add0fbbf3e70a84739e17d66b1c851d 2007.1/i586/xine-plugins-1.1.4-6.5mdv2007.1.i586.rpm\r\n 50c7fda320ef57b995686477a5fbbfc4 2007.1/i586/xine-pulse-1.1.4-6.5mdv2007.1.i586.rpm\r\n f942f35a3d5b637b20f4b9e08c4912b8 2007.1/i586/xine-sdl-1.1.4-6.5mdv2007.1.i586.rpm\r\n 7aa83070759e8ff44153f6422c5204dd 2007.1/i586/xine-smb-1.1.4-6.5mdv2007.1.i586.rpm \r\n 0d47a2b57fa073f8618bf57b149a9f42 2007.1/SRPMS/xine-lib-1.1.4-6.5mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n 25893aeb0c101954c541a2f4f9c9c1da 2007.1/x86_64/lib64xine1-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 1fb04166eecb9a1ab1e011a0f1ababb4 2007.1/x86_64/lib64xine1-devel-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 3e48a4aafaa97bd47cb7c0bbb7ba1237 2007.1/x86_64/xine-aa-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n bd2347ff386d44948c88c67485fb1b5a 2007.1/x86_64/xine-arts-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n a509d9ebab2bf1941934d2cba759e770 2007.1/x86_64/xine-caca-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n ba1b934caece9ae950e565d9a097b40e 2007.1/x86_64/xine-dxr3-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 95297e819a47fdcae07625741d5eabeb 2007.1/x86_64/xine-esd-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 8e8a92caa399113211cfd95336429ead 2007.1/x86_64/xine-flac-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 90aa9c3977c15458fe0c0ac98b1dabb2 2007.1/x86_64/xine-gnomevfs-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 28070563c3b364760a6fd9a93a0a64bd 2007.1/x86_64/xine-image-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 1309d3ffbdaabeaf28f8476f94fb8105 2007.1/x86_64/xine-jack-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n c268f6d3a92ebee7d444470d9948bd2c 2007.1/x86_64/xine-plugins-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 46f6800167c1c8766cfa168e94a5ab89 2007.1/x86_64/xine-pulse-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n 88adcbb90e87e260eb79a1f6d4c11adc 2007.1/x86_64/xine-sdl-1.1.4-6.5mdv2007.1.x86_64.rpm\r\n fb5ef2d8db31b0c6da3db2401963d1f8 2007.1/x86_64/xine-smb-1.1.4-6.5mdv2007.1.x86_64.rpm \r\n 0d47a2b57fa073f8618bf57b149a9f42 2007.1/SRPMS/xine-lib-1.1.4-6.5mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2008.0:\r\n a006ee314a3487abda9f87844a418283 2008.0/i586/libxine-devel-1.1.8-4.3mdv2008.0.i586.rpm\r\n 50300dd0ede82d905faa0148864ce5c3 2008.0/i586/libxine1-1.1.8-4.3mdv2008.0.i586.rpm\r\n f7354400019aa522a9b4c9183cdcbf01 2008.0/i586/xine-aa-1.1.8-4.3mdv2008.0.i586.rpm\r\n d9246649fabf1ec7d5ded73fc69389de 2008.0/i586/xine-caca-1.1.8-4.3mdv2008.0.i586.rpm\r\n 17cfc011b27bbee2ded3e57840892f3e 2008.0/i586/xine-dxr3-1.1.8-4.3mdv2008.0.i586.rpm\r\n b3bc62b1d9704e4c387b9dc05ca78c21 2008.0/i586/xine-esd-1.1.8-4.3mdv2008.0.i586.rpm\r\n bfc01255d453d4b024a3b219077d1410 2008.0/i586/xine-flac-1.1.8-4.3mdv2008.0.i586.rpm\r\n 76c62017cdd33345889c1582caf3b827 2008.0/i586/xine-gnomevfs-1.1.8-4.3mdv2008.0.i586.rpm\r\n 512904d1519640475146f19449398d05 2008.0/i586/xine-image-1.1.8-4.3mdv2008.0.i586.rpm\r\n b854ed87d8b85e43c766d47267e61ef1 2008.0/i586/xine-jack-1.1.8-4.3mdv2008.0.i586.rpm\r\n b3b83be2f3b0a1e5125921b17bef5b21 2008.0/i586/xine-plugins-1.1.8-4.3mdv2008.0.i586.rpm\r\n 781983b84a24bcd23ea7ed087b42d1bf 2008.0/i586/xine-pulse-1.1.8-4.3mdv2008.0.i586.rpm\r\n e7f7b472e8fd8bf30bc448fee29ae94d 2008.0/i586/xine-sdl-1.1.8-4.3mdv2008.0.i586.rpm\r\n 00d5184581be159ba607b277d4b3326d 2008.0/i586/xine-smb-1.1.8-4.3mdv2008.0.i586.rpm \r\n bc6508f3f527de2c25039bc3bff359d4 2008.0/SRPMS/xine-lib-1.1.8-4.3mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n ac5c1cf34cf85bd33c60a9707aa851d4 2008.0/x86_64/lib64xine-devel-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n 2b995c0f69aa471d4700e5721b67a8af 2008.0/x86_64/lib64xine1-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n cace153adb4181e62fdf6b9cbc715ab9 2008.0/x86_64/xine-aa-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n d5c963ebc4814b1642937959531de6bf 2008.0/x86_64/xine-caca-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n a20718c6f1abe8c06afb98ae52f36208 2008.0/x86_64/xine-dxr3-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n fd4f65b926b4d9d3e5f734bfce8b7cbb 2008.0/x86_64/xine-esd-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n e9f18928c5ed86e531545b98f721102b 2008.0/x86_64/xine-flac-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n 0cad217d2138a6f6597db02714a5c0e8 2008.0/x86_64/xine-gnomevfs-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n 3d2a618e0cc44cf47c0556ce6cc09bd9 2008.0/x86_64/xine-image-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n 14baefc41749868298378b2d637c62b0 2008.0/x86_64/xine-jack-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n ef3bc2769f717ac9bc6f8a1f6c801f30 2008.0/x86_64/xine-plugins-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n 8296113a6b5db2f3846dd2c28755f583 2008.0/x86_64/xine-pulse-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n 37745a135e8fafd10e31731048d5b58a 2008.0/x86_64/xine-sdl-1.1.8-4.3mdv2008.0.x86_64.rpm\r\n 5493e7511c3b601ffcc0632a8beab66c 2008.0/x86_64/xine-smb-1.1.8-4.3mdv2008.0.x86_64.rpm \r\n bc6508f3f527de2c25039bc3bff359d4 2008.0/SRPMS/xine-lib-1.1.8-4.3mdv2008.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFHtecEmqjQ0CJFipgRAp/oAKDAs0GcPuf5v18wYBF+L2JNUCA4yQCfWnc3\r\nZNRY5WdeYXIevrA4KN0S9y4=\r\n=x1LB\r\n-----END PGP SIGNATURE-----", "published": "2008-02-16T00:00:00", "modified": "2008-02-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19149", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2008-0486"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2b90dbc42782cc8a9be1aee14e182ac1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "b92e9eb543441eb3b82c3df71a6c2f38"}, {"key": "href", "hash": "3e0e342817be4993bb5dbe8cb0daba7f"}, {"key": "modified", "hash": "6a5df2dae1a62eed120f277e1cf0e505"}, {"key": "published", "hash": "6a5df2dae1a62eed120f277e1cf0e505"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "40ebbba713d328c4f40b1cbf04431bde"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "9d7c129e07d2a09faf0c2ba456de249068da336dc464c7f5b67a0e02f7ebf4e8", "viewCount": 0, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2018-08-31T11:10:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:VULN:8631"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830474", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60529", "OPENVAS:860920"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2018-08-31T11:10:25", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:VULN:8631", "bulletinFamily": "software", "title": "Mplayer / Xine multiple security vulnerabilities", "description": "Buffer overflow on FLAC data parsing, uninitilized pointer dereference on MOV parsing.", "published": "2008-02-16T00:00:00", "modified": "2008-02-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8631", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:19007", "https://vulners.com/securityvulns/securityvulns:doc:19006", "https://vulners.com/securityvulns/securityvulns:doc:19149"], "cvelist": ["CVE-2008-0486", "CVE-2008-0238", "CVE-2008-0225", "CVE-2008-0485"], "type": "securityvulns", "lastseen": "2021-06-08T19:02:51", "history": [{"bulletin": {"affectedSoftware": [{"name": "xinelib", "operator": "eq", "version": "1.1"}, {"name": "xine", "operator": "eq", "version": "1.1"}, {"name": "MPlayer", "operator": "eq", "version": "1.0"}], "bulletinFamily": "software", "cvelist": ["CVE-2008-0486", "CVE-2008-0238", "CVE-2008-0225", "CVE-2008-0485"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Buffer overflow on FLAC data parsing, uninitilized pointer dereference on MOV parsing.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:09:28", "references": [{"idList": ["CVE-2008-0486", "CVE-2008-0238", "CVE-2008-0225", "CVE-2008-0485"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8592", "SECURITYVULNS:DOC:18915", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["GENTOO_GLSA-200801-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "UBUNTU_USN-635-1.NASL", "MANDRIVA_MDVSA-2008-020.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M0FNBRLI022132", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["OPENVAS:60275", "OPENVAS:60529", "OPENVAS:1361412562310830627", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:840193", "OPENVAS:830627", "OPENVAS:830756", "OPENVAS:60519"], "type": "openvas"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "02EEDD3C-C6B5-11DC-93B6-000E35248AD7", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["GLSA-200801-12", "GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["EDB-ID:31076", "EDB-ID:31002"], "type": "exploitdb"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1472-1:F256B"], "type": "debian"}], "rev": 2}, "score": {"modified": "2018-08-31T11:09:28", "rev": 2, "value": 7.0, "vector": "NONE"}}, "hash": "1d932aa7e85138a7eca4a0e843301e260852259d9078f57bfe72b125d12b4c34", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "695b868d62f682f46ef2147e580bf533", "key": "affectedSoftware"}, {"hash": "5fdd777357e66ae034eaae141e504cba", "key": "title"}, {"hash": "6a5df2dae1a62eed120f277e1cf0e505", "key": "modified"}, {"hash": "7d5527ee3cabf54b0ac64521913b8a74", "key": "href"}, {"hash": "6a5df2dae1a62eed120f277e1cf0e505", "key": "published"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "62932fd3f9a89d0c0d37be8eb4b53102", "key": "description"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "6ab1f3d5a1e03e139715a2163e759ec7", "key": "references"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "2b724f1d62a7bcc8ff3ddb21edad106b", "key": "cvelist"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8631", "id": "SECURITYVULNS:VULN:8631", "immutableFields": [], "lastseen": "2018-08-31T11:09:28", "modified": "2008-02-16T00:00:00", "objectVersion": "1.5", "published": "2008-02-16T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:19007", "https://vulners.com/securityvulns/securityvulns:doc:19006", "https://vulners.com/securityvulns/securityvulns:doc:19149"], "reporter": "BUGTRAQ", "title": "Mplayer / Xine multiple security vulnerabilities", "type": "securityvulns", "viewCount": 4}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:09:28"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1afef14bfb60359b24698e53fe37a81b"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2b724f1d62a7bcc8ff3ddb21edad106b"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "62932fd3f9a89d0c0d37be8eb4b53102"}, {"key": "href", "hash": "7d5527ee3cabf54b0ac64521913b8a74"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "6a5df2dae1a62eed120f277e1cf0e505"}, {"key": "published", "hash": "6a5df2dae1a62eed120f277e1cf0e505"}, {"key": "references", "hash": "6ab1f3d5a1e03e139715a2163e759ec7"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "5fdd777357e66ae034eaae141e504cba"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "3d720bc2fea88ad43cecee0659d5377c688a4a86bb5bc2977f8fdbf9384d1c5f", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-0485", "UB:CVE-2008-0486", "UB:CVE-2008-0238", "UB:CVE-2008-0225"]}, {"type": "cve", "idList": ["CVE-2008-0486", "CVE-2008-0485", "CVE-2008-0225", "CVE-2008-0238"]}, {"type": "openvas", "idList": ["OPENVAS:60519", "OPENVAS:830756", "OPENVAS:1361412562310830627", "OPENVAS:60275", "OPENVAS:1361412562310830756", "OPENVAS:840193", "OPENVAS:860441", "OPENVAS:60371", "OPENVAS:60529", "OPENVAS:830627"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "MANDRIVA_MDVSA-2008-020.NASL", "UBUNTU_USN-635-1.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "GENTOO_GLSA-200801-12.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200801-12", "GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "02EEDD3C-C6B5-11DC-93B6-000E35248AD7", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8592", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:18915"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1472-1:F256B", "DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2008-0122", "CORE-2007-1218"]}, {"type": "exploitdb", "idList": ["EDB-ID:31002", "EDB-ID:31076"]}, {"type": "fedora", "idList": ["FEDORA:M0FNBRLI022132", "FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}], "modified": "2021-06-08T19:02:51", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-06-08T19:02:51", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "xinelib", "operator": "eq", "version": "1.1"}, {"name": "xine", "operator": "eq", "version": "1.1"}, {"name": "mplayer", "operator": "eq", "version": "1.0"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:19370", "bulletinFamily": "software", "title": "[ GLSA 200803-16 ] MPlayer: Multiple buffer overflows", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200803-16\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: MPlayer: Multiple buffer overflows\r\n Date: March 10, 2008\r\n Bugs: #208566\r\n ID: 200803-16\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple vulnerabilities have been discovered in MPlayer, possibly\r\nallowing for the remote execution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nMPlayer is a media player incuding support for a wide range of audio\r\nand video formats.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 media-video/mplayer &lt; 1.0_rc2_p25993 &gt;= 1.0_rc2_p25993\r\n\r\nDescription\r\n===========\r\n\r\nThe following errors have been discovered in MPlayer:\r\n\r\n* Felipe Manzano and Anibal Sacco &#40;Core Security Technologies&#41;\r\n reported an array indexing error in the file libmpdemux/demux_mov.c\r\n when parsing MOV file headers &#40;CVE-2008-0485&#41;.\r\n\r\n* Damian Frizza and Alfredo Ortega &#40;Core Security Technologies&#41;\r\n reported a boundary error in the file libmpdemux/demux_audio.c when\r\n parsing FLAC comments &#40;CVE-2008-0486&#41;.\r\n\r\n* Adam Bozanich &#40;Mu Security&#41; reported boundary errors in the\r\n cddb_parse_matches_list&#40;&#41; and cddb_query_parse&#40;&#41; functions in the\r\n file stream_cddb.c when parsing CDDB album titles &#40;CVE-2008-0629&#41; and\r\n in the url_scape_string&#40;&#41; function in the file stream/url.c when\r\n parsing URLS &#40;CVE-2008-0630&#41;.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could entice a user to open a specially crafted file,\r\npossibly resulting in the execution of arbitrary code with the\r\nprivileges of the user running MPlayer.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll MPlayer users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose &quot;&gt;=media-video/mplayer-1.0_rc2_p25993&quot;\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-0485\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485\r\n [ 2 ] CVE-2008-0486\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486\r\n [ 3 ] CVE-2008-0629\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629\r\n [ 4 ] CVE-2008-0630\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200803-16.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner&#40;s&#41;.\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.7 &#40;GNU/Linux&#41;\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFH1aw6uhJ+ozIKI5gRAlmEAJ4ygxVXlGiWqBzdc5KMUEbF0omH9gCgibFB\r\nQBUdO9db/Z4Zm2aqaiznRAI=\r\n=JZmi\r\n-----END PGP SIGNATURE-----", "published": "2008-03-11T00:00:00", "modified": "2008-03-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19370", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "97118dbd376ebef53ec3c01aed7234c6"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "9ca0c4fdccfc2162a3d164acdd98bda1"}, {"key": "href", "hash": "67b0d67431f1aa58ec9aa4a9f974f9d4"}, {"key": "modified", "hash": "902a4fa3e976a08fb935cb61443102fa"}, {"key": "published", "hash": "902a4fa3e976a08fb935cb61443102fa"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "f64f4263fc2fb759a567f87563172614"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "4c583a91a5425b0ebe65a6f34e81047fc4b524577cc0508563ee9126d31dc07c", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:10:25", "rev": 2}, "dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200803-16.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "SUSE_XINE-DEVEL-5080.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "MANDRIVA_MDVSA-2008-046.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:1361412562310830474", "OPENVAS:1361412562310830756", "OPENVAS:60533", "OPENVAS:830468", "OPENVAS:860920", "OPENVAS:60529", "OPENVAS:60519", "OPENVAS:830756", "OPENVAS:830474"]}, {"type": "cve", "idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0629", "CVE-2008-0485"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0485", "UB:CVE-2008-0630", "UB:CVE-2008-0629", "UB:CVE-2008-0486"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218", "CORE-2008-0122"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2018-08-31T11:10:25", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "nessus": [{"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "hash": "6ee57430f5b57303387032a45dd3b5d8", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a security fix (array index vulnerability which may lead to a stack buffer overflow.", "published": "2008-02-28T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31304", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f14f2d0f", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://www.nessus.org/u?26820bf6"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-19T13:10:59", "history": [{"bulletin": {"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "hash": "f00201472e84b0aef82e7d6f29ac358633e288797aee7bdd97c37f495fe574e7", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a security fix (array index vulnerability which may lead to a stack buffer overflow.", "published": "2008-02-28T00:00:00", "modified": "2013-08-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31304", "reporter": "Tenable", "references": ["http://www.nessus.org/u?f14f2d0f", "http://www.nessus.org/u?bb147f0f"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2018-09-02T00:00:40", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31304);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2013/08/09 10:50:39 $\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.\"\n );\n # http://www.xinehq.de/index.php/news\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f14f2d0f\"\n );\n # http://www.freebsd.org/ports/portaudit/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb147f0f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxine"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-09-02T00:00:40", "differentElements": ["cvss", "description", "href", "modified", "references", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "hash": "c77aa51e1368b98e4e9ebd910548412c49d6329dc7240a11cf52e38b2e4d651c", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.", "published": "2008-02-28T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31304", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f14f2d0f", "http://www.nessus.org/u?26820bf6"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2019-11-01T02:40:04", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-11-01T02:40:04", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:60658", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2019-11-01T02:40:04", "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31304", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31304);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.\"\n );\n # http://www.xinehq.de/index.php/news\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f14f2d0f\"\n );\n # https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26820bf6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxine"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-11-01T02:40:04", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "hash": "66beb3a05fc4ae1bf079beb6c2686dbfc5b8836fa0fcf599225f3a50e64b8a7a", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.", "published": "2008-02-28T00:00:00", "modified": "2020-04-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31304", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f14f2d0f", "http://www.nessus.org/u?26820bf6"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-04-01T00:14:13", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-04-01T00:14:13", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-04-01T00:14:13", "rev": 2, "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31304", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31304);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.\"\n );\n # http://www.xinehq.de/index.php/news\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f14f2d0f\"\n );\n # https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26820bf6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxine"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-04-01T00:14:13", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "hash": "c910487675140b119c38e70237e6fcdc6e9fdd138ef3290a2b699e214824577e", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.", "published": "2008-02-28T00:00:00", "modified": "2020-07-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31304", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f14f2d0f", "http://www.nessus.org/u?26820bf6"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-07-01T02:08:06", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-07-01T02:08:06", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60658", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-07-01T02:08:06", "rev": 2, "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31304", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31304);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.\"\n );\n # http://www.xinehq.de/index.php/news\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f14f2d0f\"\n );\n # https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26820bf6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxine"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-07-01T02:08:06", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "hash": "1dbc591b2281defd17bb5a79185d889b08fa6730bcdf0c8ceb99a56f0c63f581", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.", "published": "2008-02-28T00:00:00", "modified": "2008-02-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31304", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f14f2d0f", "http://www.nessus.org/u?26820bf6"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-01-07T10:51:15", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-01-07T10:51:15", "references": [{"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-07T10:51:15", "rev": 2, "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31304);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.\"\n );\n # http://www.xinehq.de/index.php/news\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f14f2d0f\"\n );\n # https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26820bf6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxine"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:51:15", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "hash": "e528ca425a2ee5ca424368ebe3bef7b5", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.", "published": "2008-02-28T00:00:00", "modified": "2008-02-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31304", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f14f2d0f", "http://www.nessus.org/u?26820bf6"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-07-29T00:17:11", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "openvas", "idList": ["OPENVAS:860441", "OPENVAS:830468", "OPENVAS:830474", "OPENVAS:860920", "OPENVAS:60371", "OPENVAS:1361412562310830468", "OPENVAS:60519", "OPENVAS:60533", "OPENVAS:60449", "OPENVAS:1361412562310830474"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "DEBIAN_DSA-1536.NASL", "DEBIAN_DSA-1496.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "GENTOO_GLSA-200803-16.NASL", "FEDORA_2008-1543.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL", "SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200802-12.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-29T00:17:11", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-07-29T00:17:11", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31304);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.\"\n );\n # http://www.xinehq.de/index.php/news\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f14f2d0f\"\n );\n # https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26820bf6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxine"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:17:11", "differentElements": ["cvss2", "cvss3", "description", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "hash": "c5e88b4b27478ca3d7618e7e0b48c906", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a security fix (array index vulnerability which may lead to a stack buffer overflow.", "published": "2008-02-28T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31304", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://www.nessus.org/u?f14f2d0f", "http://www.nessus.org/u?26820bf6"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-12T13:14:31", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "GENTOO_GLSA-200802-12.NASL", "DEBIAN_DSA-1536.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:60519", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:1361412562310830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:860920"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-12T13:14:31", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-08-12T13:14:31", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31304);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.\"\n );\n # http://www.xinehq.de/index.php/news\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f14f2d0f\"\n );\n # https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26820bf6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:libxine", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-02-26T00:00:00", "vulnerabilityPublicationDate": "2007-02-08T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-12T13:14:31", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8631"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["SUSE_XINE-DEVEL-5078.NASL", "DEBIAN_DSA-1536.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200803-16.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:860920", "OPENVAS:60519", "OPENVAS:830474", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60529", "OPENVAS:830468", "OPENVAS:1361412562310830474", "OPENVAS:60449", "OPENVAS:60533"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:10:59", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-08-19T13:10:59", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31304);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xine Team reports :\n\nA new xine-lib version is now available. This release contains a\nsecurity fix (array index vulnerability which may lead to a stack\nbuffer overflow.\"\n );\n # http://www.xinehq.de/index.php/news\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f14f2d0f\"\n );\n # https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26820bf6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:libxine", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-02-26T00:00:00", "vulnerabilityPublicationDate": "2007-02-08T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FEDORA_2008-1581.NASL", "hash": "778615c160dbeef0b72cd893f7c28d58", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10-2 - Include spu, spucc, and spucmml decoders (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31072", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?7855ae4b", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://www.nessus.org/u?c37a6482"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-19T13:11:19", "history": [{"bulletin": {"id": "FEDORA_2008-1581.NASL", "hash": "57bdbba4ff19cc745c93b743442e1e32836d8a1fd6c848d979ff08c060699b18", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10-2 - Include spu, spucc, and spucmml decoders (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2015-10-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31072", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b", "http://www.nessus.org/u?c37a6482"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2018-09-01T23:54:41", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31072", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1581.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31072);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:13:37 $\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1581\");\n\n script_name(english:\"Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c37a6482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xine-lib-1.1.10.1-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-09-01T23:54:41", "differentElements": ["description"], "edition": 1}, {"bulletin": {"id": "FEDORA_2008-1581.NASL", "hash": "50e67ec61bf2bac698acf177cd846be19f1ea326526ba7b30845246d11a87ce7", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2015-10-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31072", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b", "http://www.nessus.org/u?c37a6482"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2019-01-16T20:08:07", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-01-16T20:08:07", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60658", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31072", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1581.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31072);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:13:37 $\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1581\");\n\n script_name(english:\"Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c37a6482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xine-lib-1.1.10.1-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-01-16T20:08:07", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "FEDORA_2008-1581.NASL", "hash": "a6a72ef18ffcba9eb5ae1aa365ac73979c2a2eef0cdc83b1f8a1f8692335056e", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2020-05-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31072", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b", "http://www.nessus.org/u?c37a6482"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-05-03T02:16:06", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-05-03T02:16:06", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60658", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-05-03T02:16:06", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31072", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1581.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31072);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1581\");\n\n script_name(english:\"Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c37a6482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xine-lib-1.1.10.1-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-05-03T02:16:06", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "FEDORA_2008-1581.NASL", "hash": "b3702fa863581893fa9dfdd1914e557822adb0769162dfed24f4b2151f31b80c", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31072", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b", "http://www.nessus.org/u?c37a6482"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-09-04T01:40:16", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-09-04T01:40:16", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-09-04T01:40:16", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31072", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1581.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31072);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1581\");\n\n script_name(english:\"Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c37a6482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xine-lib-1.1.10.1-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-04T01:40:16", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FEDORA_2008-1581.NASL", "hash": "60f6e64847725b99f702dbcbf6205cce77b83b6e6e33f731fcdeaba95ffad6fe", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2008-02-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31072", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b", "http://www.nessus.org/u?c37a6482"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-01-12T10:06:25", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"modified": "2021-01-12T10:06:25", "references": [{"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-12T10:06:25", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1581.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31072);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1581\");\n\n script_name(english:\"Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c37a6482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xine-lib-1.1.10.1-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-12T10:06:25", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FEDORA_2008-1581.NASL", "hash": "00e1fecab788259441ae584d64fd3547", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2008-02-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31072", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b", "http://www.nessus.org/u?c37a6482"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-07-28T23:24:54", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "openvas", "idList": ["OPENVAS:860441", "OPENVAS:830468", "OPENVAS:830474", "OPENVAS:860920", "OPENVAS:60529", "OPENVAS:1361412562310830468", "OPENVAS:60519", "OPENVAS:60533", "OPENVAS:60449", "OPENVAS:1361412562310830474"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "DEBIAN_DSA-1536.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FEDORA_2008-1543.NASL", "SUSE_XINE-DEVEL-5078.NASL", "SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200802-12.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-28T23:24:54", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-07-28T23:24:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1581.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31072);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1581\");\n\n script_name(english:\"Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c37a6482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xine-lib-1.1.10.1-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:24:54", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "FEDORA_2008-1581.NASL", "hash": "682f0c7312a71387f0cbee9dd210f975", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10-2 - Include spu, spucc, and spucmml decoders (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31072", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?7855ae4b", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://www.nessus.org/u?c37a6482"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-12T13:14:32", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19007"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830468", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830468", "OPENVAS:830474", "OPENVAS:60371", "OPENVAS:60533", "OPENVAS:60529", "OPENVAS:860441", "OPENVAS:60449"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "GENTOO_GLSA-200802-12.NASL", "GENTOO_GLSA-200803-16.NASL", "DEBIAN_DSA-1536.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "SUSE_XINE-DEVEL-5078.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-12T13:14:32", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-12T13:14:32", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1581.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31072);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1581\");\n\n script_name(english:\"Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c37a6482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xine-lib-1.1.10.1-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:xine-lib", "cpe:/o:fedoraproject:fedora:7"], "solution": "Update the affected xine-lib package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-02-13T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:14:32", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:VULN:8631"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200803-16.NASL", "DEBIAN_DSA-1496.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "DEBIAN_DSA-1536.NASL", "GENTOO_GLSA-200802-12.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830474", "OPENVAS:830468", "OPENVAS:860441", "OPENVAS:860920", "OPENVAS:1361412562310830468", "OPENVAS:60529", "OPENVAS:60519", "OPENVAS:60533", "OPENVAS:60449", "OPENVAS:830474"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:11:19", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-19T13:11:19", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1581.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31072);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1581\");\n\n script_name(english:\"Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c37a6482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xine-lib-1.1.10.1-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:xine-lib", "cpe:/o:fedoraproject:fedora:7"], "solution": "Update the affected xine-lib package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-02-13T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "SUSE_XINE-DEVEL-5080.NASL", "hash": "d322cd859263bce754263bdf20b00a04", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be triggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and a possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31460", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://support.novell.com/security/cve/CVE-2008-0486.html"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-19T13:11:09", "history": [{"bulletin": {"id": "SUSE_XINE-DEVEL-5080.NASL", "hash": "1586e66045c0296b0519fa198ac4955ebd5b416143fe145809f2d16e158a3d56", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2020-02-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31460", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2008-0486.html"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-02-01T02:37:31", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-02-01T02:37:31", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60658", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2020-02-01T02:37:31", "value": 7.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31460", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31460);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5080.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-devel-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-lib-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-02-01T02:37:31", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5080.NASL", "hash": "522444ae00ec6f6b24c3fc722d0c50c53fe490f09ba90c33c71d09cbbd194ed3", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31460", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2008-0486.html"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-09-04T06:04:07", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-09-04T06:04:07", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-09-04T06:04:07", "rev": 2, "value": 7.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31460", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31460);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5080.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-devel-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-lib-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-04T06:04:07", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5080.NASL", "hash": "ad0628d0206fed3e39f3d498be100027de4b0e74f5f6ba8c8873ac2edeca5b45", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2020-10-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31460", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2008-0486.html"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-10-01T03:21:11", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-10-01T03:21:11", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-10-01T03:21:11", "rev": 2, "value": 7.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31460", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31460);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5080.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-devel-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-lib-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-10-01T03:21:11", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5080.NASL", "hash": "758670e0c5a9ee7e600df22c88dc990b83fc3e789e783e48fe57bf040996196d", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31460", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2008-0486.html"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-12-01T15:02:22", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-12-01T15:02:22", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-12-01T15:02:22", "rev": 2, "value": 7.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31460", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31460);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5080.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-devel-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-lib-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T15:02:22", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5080.NASL", "hash": "1f35f38d073ef8e90ce0fe58cecf4671a27579cd6c823237cb84e7033b3a3a51", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2008-03-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31460", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2008-0486.html"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-01-17T14:47:19", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-01-17T14:47:19", "references": [{"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-17T14:47:19", "rev": 2, "value": 7.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31460);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5080.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-devel-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-lib-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-17T14:47:19", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5080.NASL", "hash": "fc7ab51a14a749036b05b686e978fd9d", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2008-03-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31460", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2008-0486.html"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-07-29T21:48:52", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19007"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830474", "OPENVAS:60371", "OPENVAS:60533", "OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:860920", "OPENVAS:60449", "OPENVAS:860441", "OPENVAS:1361412562310830468"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["FEDORA_2008-1543.NASL", "SUSE_XINE-DEVEL-5078.NASL", "GENTOO_GLSA-200802-12.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "GENTOO_GLSA-200803-16.NASL", "DEBIAN_DSA-1536.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-29T21:48:52", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-07-29T21:48:52", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31460);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5080.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-devel-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-lib-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T21:48:52", "differentElements": ["cvss2", "cvss3", "description", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5080.NASL", "hash": "4c66e6d3b8bf9701d5578706c07ca131", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be triggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and a possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31460", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://support.novell.com/security/cve/CVE-2008-0486.html"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-12T13:14:39", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200802-12.NASL", "DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830474", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60529", "OPENVAS:860920"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-12T13:14:39", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-08-12T13:14:39", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31460);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5080.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-devel-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-lib-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "Apply ZYPP patch number 5080.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-03-06T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:14:39", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:VULN:8631"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200803-16.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FEDORA_2008-1543.NASL", "DEBIAN_DSA-1536.NASL", "GENTOO_GLSA-200802-12.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830474", "OPENVAS:830468", "OPENVAS:860441", "OPENVAS:860920", "OPENVAS:1361412562310830468", "OPENVAS:60529", "OPENVAS:60519", "OPENVAS:60533", "OPENVAS:60449", "OPENVAS:830474"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:11:09", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-08-19T13:11:09", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31460);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"SuSE 10 Security Update : xine (ZYPP Patch Number 5080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5080.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-devel-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"xine-lib-1.1.1-24.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "Apply ZYPP patch number 5080.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-03-06T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FEDORA_2008-1543.NASL", "hash": "3a0c40032585ca7f5bcf72fbc1b579b5", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10-2 - Include spu, spucc, and spucmml decoders (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31068", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?7855ae4b", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://www.nessus.org/u?e154db68"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-19T13:11:37", "history": [{"bulletin": {"id": "FEDORA_2008-1543.NASL", "hash": "171c9a4b4c01b737651bb8e69b635562ce6661fe3f1100985e60df7fc5caa837", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10-2 - Include spu, spucc, and spucmml decoders (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2015-10-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31068", "reporter": "Tenable", "references": ["http://www.nessus.org/u?e154db68", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2018-09-01T23:42:06", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31068", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1543.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31068);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:13:37 $\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1543\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007776.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e154db68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.10.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-09-01T23:42:06", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "FEDORA_2008-1543.NASL", "hash": "2502b07edb6595ea0e4badc28de7fb5fc89b7ec6ff66e8e1b2be2fb4279767d6", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2020-05-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31068", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?e154db68", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-05-03T02:16:06", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-05-03T02:16:06", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60658", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-05-03T02:16:06", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31068", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1543.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31068);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1543\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007776.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e154db68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.10.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-05-03T02:16:06", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "FEDORA_2008-1543.NASL", "hash": "789643fdfe2fe27d42544a87d66005c6ad80b351db48bc2c2e61e218d7920319", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2020-06-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31068", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?e154db68", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-06-01T01:26:12", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-06-01T01:26:12", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60658", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-06-01T01:26:12", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31068", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1543.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31068);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1543\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007776.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e154db68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.10.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-06-01T01:26:12", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "FEDORA_2008-1543.NASL", "hash": "91977a89889f0975e516bcbe48ef994cf1eba9d21b9214ce637e1b378b62f472", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31068", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?e154db68", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-12-01T10:07:23", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-12-01T10:07:23", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-12-01T10:07:23", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31068", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1543.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31068);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1543\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007776.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e154db68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.10.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T10:07:23", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FEDORA_2008-1543.NASL", "hash": "f09fae8668f93867a43715d4821f6194baa13222c9456173fb811f66bfc5b9f3", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2008-02-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31068", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?e154db68", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-01-12T10:06:25", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-01-12T10:06:25", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-12T10:06:25", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1543.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31068);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1543\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007776.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e154db68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.10.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-12T10:06:25", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FEDORA_2008-1543.NASL", "hash": "fdf45474f95a3e591289209a23577f39", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": " - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2008-02-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31068", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?e154db68", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://www.nessus.org/u?7855ae4b"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-07-28T23:24:54", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19007", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19370"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830474", "OPENVAS:60533", "OPENVAS:860441", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:830474", "OPENVAS:860920", "OPENVAS:60529", "OPENVAS:60449", "OPENVAS:830468"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1536.NASL", "SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200803-16.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-28T23:24:54", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-07-28T23:24:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1543.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31068);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1543\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007776.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e154db68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.10.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:24:54", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "FEDORA_2008-1543.NASL", "hash": "0467eadcdfbe2bf111d107c534af3d6c", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10-2 - Include spu, spucc, and spucmml decoders (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31068", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?7855ae4b", "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://www.nessus.org/u?e154db68"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-12T13:14:39", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200802-12.NASL", "DEBIAN_DSA-1536.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830474", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60529", "OPENVAS:860920"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-12T13:14:39", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-12T13:14:39", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1543.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31068);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1543\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007776.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e154db68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.10.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:xine-lib", "cpe:/o:fedoraproject:fedora:8"], "solution": "Update the affected xine-lib package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-02-13T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:14:39", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19007"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "openvas", "idList": ["OPENVAS:60519", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:60529", "OPENVAS:830468", "OPENVAS:830474", "OPENVAS:60449", "OPENVAS:860441", "OPENVAS:1361412562310830468", "OPENVAS:60533"]}, {"type": "nessus", "idList": ["SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "DEBIAN_DSA-1536.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:11:37", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-19T13:11:37", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1543.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31068);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0486\");\n script_bugtraq_id(27441);\n script_xref(name:\"FEDORA\", value:\"2008-1543\");\n\n script_name(english:\"Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun\n Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> -\n 1.1.10-2 - Include spu, spucc, and spucmml decoders\n (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96\n 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7855ae4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=431541\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007776.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e154db68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xine-lib-1.1.10.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:xine-lib", "cpe:/o:fedoraproject:fedora:8"], "solution": "Update the affected xine-lib package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-02-13T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "SUSE_XINE-DEVEL-5078.NASL", "hash": "c3371eea216a292b910a2d647929ce26", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be triggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and a possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31459", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-19T13:11:00", "history": [{"bulletin": {"id": "SUSE_XINE-DEVEL-5078.NASL", "hash": "402e91783969eb82aad6554890aa0c1092a36f580dc388f66111acd6ca84167c", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31459", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2019-11-03T12:30:13", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-11-03T12:30:13", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2019-11-03T12:30:13", "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31459", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-5078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31459);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-devel (xine-devel-5078)\");\n script_summary(english:\"Check for the xine-devel-5078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-devel-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-extra-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-lib-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-ui-0.99.4-32.25\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-devel-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-extra-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-lib-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-ui-0.99.4-84.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-ui-32bit-0.99.4-84.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-ui", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:xine-ui-32bit", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-11-03T12:30:13", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5078.NASL", "hash": "b276d1a297031ee0dd4eb6f6df3b66deaba95408d8b98b51d8db8fd784dc57ca", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2020-03-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31459", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-03-18T03:17:24", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-03-18T03:17:24", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2020-03-18T03:17:24", "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31459", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-5078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31459);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-devel (xine-devel-5078)\");\n script_summary(english:\"Check for the xine-devel-5078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-devel-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-extra-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-lib-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-ui-0.99.4-32.25\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-devel-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-extra-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-lib-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-ui-0.99.4-84.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-ui-32bit-0.99.4-84.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-ui", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:xine-ui-32bit", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-03-18T03:17:24", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5078.NASL", "hash": "89365395d642d83ac960cd46b98b10087d368b33da389f095ef13290ba36560a", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31459", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-09-04T06:04:07", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-09-04T06:04:07", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-09-04T06:04:07", "rev": 2, "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31459", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-5078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31459);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-devel (xine-devel-5078)\");\n script_summary(english:\"Check for the xine-devel-5078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-devel-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-extra-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-lib-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-ui-0.99.4-32.25\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-devel-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-extra-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-lib-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-ui-0.99.4-84.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-ui-32bit-0.99.4-84.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-ui", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:xine-ui-32bit", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-04T06:04:07", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5078.NASL", "hash": "8e563dd6fd8b1ce88deb2a2e11635887daecec9064d1f981ab64d353227ef4c9", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2020-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31459", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2020-11-01T02:11:04", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-11-01T02:11:04", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-11-01T02:11:04", "rev": 2, "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31459", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-5078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31459);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-devel (xine-devel-5078)\");\n script_summary(english:\"Check for the xine-devel-5078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-devel-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-extra-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-lib-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-ui-0.99.4-32.25\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-devel-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-extra-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-lib-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-ui-0.99.4-84.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-ui-32bit-0.99.4-84.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-ui", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:xine-ui-32bit", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-11-01T02:11:04", "differentElements": ["cvss2", "modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5078.NASL", "hash": "1199109735c628bacc5180f2ffcbeffc", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2008-03-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31459", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-01-17T14:47:19", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19007"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830474", "OPENVAS:60371", "OPENVAS:60533", "OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:860920", "OPENVAS:60449", "OPENVAS:860441", "OPENVAS:1361412562310830468"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["FEDORA_2008-1543.NASL", "SUSE_XINE-DEVEL-5080.NASL", "GENTOO_GLSA-200802-12.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "GENTOO_GLSA-200803-16.NASL", "DEBIAN_DSA-1536.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-01-17T14:47:19", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-01-17T14:47:19", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31459", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-5078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31459);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-devel (xine-devel-5078)\");\n script_summary(english:\"Check for the xine-devel-5078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-devel-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-extra-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-lib-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-ui-0.99.4-32.25\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-devel-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-extra-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-lib-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-ui-0.99.4-84.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-ui-32bit-0.99.4-84.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-ui", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:xine-ui-32bit", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-extra"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-17T14:47:19", "differentElements": ["cpe", "cvss2", "naslFamily", "sourceData"], "edition": 5}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5078.NASL", "hash": "2b12b1391dd1b7d925fb825bf9b72b409eca0bfc04d41ba489e3465724c4ddf3", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2008-03-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31459", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-01-17T14:47:19", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-01-17T14:47:19", "references": [{"idList": ["DEBIAN_DSA-1536.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["UB:CVE-2008-0486"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["CVE-2008-0486"], "type": "cve"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-17T14:47:19", "rev": 2, "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31459", "sourceData": "", "naslFamily": "", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-17T14:47:19", "differentElements": ["cpe", "cvss3", "description", "modified", "naslFamily", "patchPublicationDate", "references", "solution", "sourceData", "vpr"], "edition": 6}, {"bulletin": {"id": "SUSE_XINE-DEVEL-5078.NASL", "hash": "34564ff14c19043ff25e2bd36e6b7cc0", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be triggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and a possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31459", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486"], "cvelist": ["CVE-2008-0486"], "immutableFields": [], "lastseen": "2021-08-12T13:14:33", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19007"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830468", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830468", "OPENVAS:830474", "OPENVAS:60533", "OPENVAS:60519", "OPENVAS:60529", "OPENVAS:860441", "OPENVAS:60449"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "DEBIAN_DSA-1496.NASL", "FEDORA_2008-1543.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "GENTOO_GLSA-200802-12.NASL", "GENTOO_GLSA-200803-16.NASL", "DEBIAN_DSA-1536.NASL", "FEDORA_2008-1581.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-12T13:14:33", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-08-12T13:14:33", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31459", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-5078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31459);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-devel (xine-devel-5078)\");\n script_summary(english:\"Check for the xine-devel-5078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-devel-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-extra-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-lib-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-ui-0.99.4-32.25\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-devel-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-extra-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-lib-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-ui-0.99.4-84.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-ui-32bit-0.99.4-84.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-extra", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-ui", "p-cpe:/a:novell:opensuse:xine-ui-32bit", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2"], "solution": "Update the affected xine-devel packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-03-07T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:14:33", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-0486"]}, {"type": "cve", "idList": ["CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["SUSE_XINE-DEVEL-5080.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FEDORA_2008-1581.NASL", "GENTOO_GLSA-200803-16.NASL", "DEBIAN_DSA-1536.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200802-12.NASL", "FEDORA_2008-1543.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:830468", "OPENVAS:1361412562310830474", "OPENVAS:60533", "OPENVAS:60449", "OPENVAS:860441", "OPENVAS:1361412562310830468", "OPENVAS:60529", "OPENVAS:860920", "OPENVAS:60371", "OPENVAS:830474"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:11:00", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-08-19T13:11:00", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31459", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-devel-5078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31459);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0486\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-devel (xine-devel-5078)\");\n script_summary(english:\"Check for the xine-devel-5078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of xine fixes a possible buffer overflow that can be\ntriggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and\na possible buffer overflow in the matroska demuxer.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-ui-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-devel-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-extra-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-lib-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-ui-0.99.4-32.25\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-devel-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-extra-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-lib-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xine-ui-0.99.4-84.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.2-40.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"xine-ui-32bit-0.99.4-84.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:xine-devel", "p-cpe:/a:novell:opensuse:xine-extra", "p-cpe:/a:novell:opensuse:xine-lib", "p-cpe:/a:novell:opensuse:xine-lib-32bit", "p-cpe:/a:novell:opensuse:xine-ui", "p-cpe:/a:novell:opensuse:xine-ui-32bit", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2"], "solution": "Update the affected xine-devel packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-03-07T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "GENTOO_GLSA-200802-12.NASL", "hash": "ad774b0bfc60637dcdeb36254f502668", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12 (xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies) discovered a stack-based buffer overflow within the open_flac_file() function in the file demux_flac.c when parsing tags within a FLAC file (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n Impact :\n\n A remote attacker could entice a user to play specially crafted FLAC or ASF video streams with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31295", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1664", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "https://security.gentoo.org/glsa/200802-12", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1110"], "cvelist": ["CVE-2006-1664", "CVE-2008-0486", "CVE-2008-1110"], "immutableFields": [], "lastseen": "2021-08-19T13:11:04", "history": [{"bulletin": {"id": "GENTOO_GLSA-200802-12.NASL", "hash": "12d3ca9943ec3ce566140ea1edba823e3ef4765901987160f8c69b566e3aa3c4", "type": "nessus", "bulletinFamily": "exploit", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12 (xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies) discovered a stack-based buffer overflow within the open_flac_file() function in the file demux_flac.c when parsing tags within a FLAC file (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n Impact :\n\n A remote attacker could entice a user to play specially crafted FLAC or ASF video streams with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "modified": "2015-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31295", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/200802-12"], "cvelist": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "immutableFields": [], "lastseen": "2016-09-26T17:26:44", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "pluginID": "31295", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-12.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31295);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:04:25 $\");\n\n script_cve_id(\"CVE-2006-1664\", \"CVE-2008-0486\", \"CVE-2008-1110\");\n script_osvdb_id(25004, 42197, 42658);\n script_xref(name:\"GLSA\", value:\"200802-12\");\n\n script_name(english:\"GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.10.1\"), vulnerable:make_list(\"lt 1.1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2016-09-26T17:26:44", "differentElements": ["bulletinFamily", "cpe", "description", "modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "GENTOO_GLSA-200802-12.NASL", "hash": "5c3fdf60dfa6d9dd3089347e9158c3d52641fd61da661ea9216f90aa20f2abfd", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "modified": "2018-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31295", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/200802-12"], "cvelist": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "immutableFields": [], "lastseen": "2019-01-16T20:08:09", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-01-16T20:08:09", "references": [{"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["EDB-ID:1641"], "type": "exploitdb"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "6ECD0B42-CE77-11DC-89B1-000E35248AD7"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["OPENVAS:860572", "OPENVAS:830468", "OPENVAS:60285", "OPENVAS:56683", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:860892", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["GLSA-200604-16", "GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "type": "cve"}, {"idList": ["OSVDB:25004"], "type": "osvdb"}, {"idList": ["FREEBSD_PKG_6ECD0B42CE7711DC89B1000E35248AD7.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200604-16.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1043.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1047.NASL", "UBUNTU_USN-635-1.NASL", "FEDORA_2008-1581.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31295", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31295);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2006-1664\", \"CVE-2008-0486\", \"CVE-2008-1110\");\n script_xref(name:\"GLSA\", value:\"200802-12\");\n\n script_name(english:\"GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.10.1\"), vulnerable:make_list(\"lt 1.1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-01-16T20:08:09", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "GENTOO_GLSA-200802-12.NASL", "hash": "1d61e00e3694854568e934627cde0e02868d2f4cfbf80a3b3db4b6d664fcbb8b", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31295", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200802-12"], "cvelist": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "immutableFields": [], "lastseen": "2019-12-13T07:33:22", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2019-12-13T07:33:22", "references": [{"idList": ["OPENVAS:860572", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:60285", "OPENVAS:1361412562310830468", "OPENVAS:56683", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860892", "OPENVAS:60449"], "type": "openvas"}, {"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["EDB-ID:1641"], "type": "exploitdb"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "6ECD0B42-CE77-11DC-89B1-000E35248AD7"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["GLSA-200604-16", "GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "type": "cve"}, {"idList": ["OSVDB:25004"], "type": "osvdb"}, {"idList": ["FREEBSD_PKG_6ECD0B42CE7711DC89B1000E35248AD7.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200604-16.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1043.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1047.NASL", "UBUNTU_USN-635-1.NASL", "FEDORA_2008-1581.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-12-13T07:33:22", "value": 8.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31295", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31295);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2006-1664\", \"CVE-2008-0486\", \"CVE-2008-1110\");\n script_xref(name:\"GLSA\", value:\"200802-12\");\n\n script_name(english:\"GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.10.1\"), vulnerable:make_list(\"lt 1.1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-12-13T07:33:22", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "GENTOO_GLSA-200802-12.NASL", "hash": "d0045a1fd437c63e3f6cccbb6ebc14f86f332cf2db11728542b5e8076ea77951", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31295", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200802-12"], "cvelist": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "immutableFields": [], "lastseen": "2020-12-01T11:00:32", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-12-01T11:00:32", "references": [{"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["OPENVAS:860572", "OPENVAS:830474", "OPENVAS:60285", "OPENVAS:56683", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:860892", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["EDB-ID:1641"], "type": "exploitdb"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "6ECD0B42-CE77-11DC-89B1-000E35248AD7"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["GLSA-200604-16", "GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "type": "cve"}, {"idList": ["OSVDB:25004"], "type": "osvdb"}, {"idList": ["FREEBSD_PKG_6ECD0B42CE7711DC89B1000E35248AD7.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200604-16.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1043.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1047.NASL", "UBUNTU_USN-635-1.NASL", "FEDORA_2008-1581.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-12-01T11:00:32", "rev": 2, "value": 8.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31295", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31295);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2006-1664\", \"CVE-2008-0486\", \"CVE-2008-1110\");\n script_xref(name:\"GLSA\", value:\"200802-12\");\n\n script_name(english:\"GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.10.1\"), vulnerable:make_list(\"lt 1.1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T11:00:32", "differentElements": ["cvss2", "modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "GENTOO_GLSA-200802-12.NASL", "hash": "c13c43c0f3178911e575340576f900f9", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "modified": "2008-02-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31295", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200802-12"], "cvelist": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "immutableFields": [], "lastseen": "2021-01-07T10:52:19", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-01-07T10:52:19", "references": [{"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["UB:CVE-2008-1110", "UB:CVE-2008-0486", "UB:CVE-2006-1664"], "type": "ubuntucve"}, {"idList": ["EDB-ID:1641"], "type": "exploitdb"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["OPENVAS:860572", "OPENVAS:830474", "OPENVAS:60285", "OPENVAS:1361412562310830468", "OPENVAS:56683", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:860892", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "6ECD0B42-CE77-11DC-89B1-000E35248AD7"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["GLSA-200604-16", "GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "type": "cve"}, {"idList": ["OSVDB:25004"], "type": "osvdb"}, {"idList": ["FREEBSD_PKG_6ECD0B42CE7711DC89B1000E35248AD7.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200604-16.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1043.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1047.NASL", "UBUNTU_USN-635-1.NASL", "FEDORA_2008-1581.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-01-07T10:52:19", "rev": 2, "value": 8.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31295);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1664\", \"CVE-2008-0486\", \"CVE-2008-1110\");\n script_xref(name:\"GLSA\", value:\"200802-12\");\n\n script_name(english:\"GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.10.1\"), vulnerable:make_list(\"lt 1.1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xine-lib"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:52:19", "differentElements": ["cpe", "cvss2", "naslFamily", "sourceData"], "edition": 5}, {"bulletin": {"id": "GENTOO_GLSA-200802-12.NASL", "hash": "b769c43c52abfb645386fd84cc4347a6244d4ded9f9f2a504488b7388960398a", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "modified": "2008-02-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31295", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200802-12"], "cvelist": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "immutableFields": [], "lastseen": "2021-01-07T10:52:19", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-01-07T10:52:19", "references": [{"idList": ["SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["UB:CVE-2008-1110", "UB:CVE-2008-0486", "UB:CVE-2006-1664"], "type": "ubuntucve"}, {"idList": ["EDB-ID:1641"], "type": "exploitdb"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["OPENVAS:860572", "OPENVAS:830474", "OPENVAS:60285", "OPENVAS:1361412562310830468", "OPENVAS:56683", "OPENVAS:1361412562310830474", "OPENVAS:860441", "OPENVAS:860892", "OPENVAS:60449", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "6ECD0B42-CE77-11DC-89B1-000E35248AD7"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["GLSA-200604-16", "GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "type": "cve"}, {"idList": ["OSVDB:25004"], "type": "osvdb"}, {"idList": ["FREEBSD_PKG_6ECD0B42CE7711DC89B1000E35248AD7.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200604-16.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1043.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1047.NASL", "UBUNTU_USN-635-1.NASL", "FEDORA_2008-1581.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-01-07T10:52:19", "rev": 2, "value": 8.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31295", "sourceData": "", "naslFamily": "", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:52:19", "differentElements": ["cpe", "cvss3", "description", "modified", "naslFamily", "patchPublicationDate", "references", "solution", "sourceData", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "GENTOO_GLSA-200802-12.NASL", "hash": "1d31ba0899c656037000c984d10dec65", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12 (xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies) discovered a stack-based buffer overflow within the open_flac_file() function in the file demux_flac.c when parsing tags within a FLAC file (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n Impact :\n\n A remote attacker could entice a user to play specially crafted FLAC or ASF video streams with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31295", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1110", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1664", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "https://security.gentoo.org/glsa/200802-12"], "cvelist": ["CVE-2006-1664", "CVE-2008-0486", "CVE-2008-1110"], "immutableFields": [], "lastseen": "2021-08-12T13:14:46", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486", "UB:CVE-2008-1110", "UB:CVE-2006-1664"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16", "GLSA-200604-16"]}, {"type": "exploitdb", "idList": ["EDB-ID:1641"]}, {"type": "openvas", "idList": ["OPENVAS:60533", "OPENVAS:860892", "OPENVAS:830474", "OPENVAS:1361412562310830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60285", "OPENVAS:860441", "OPENVAS:60449", "OPENVAS:860920"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "freebsd", "idList": ["6ECD0B42-CE77-11DC-89B1-000E35248AD7", "E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "nessus", "idList": ["FEDORA_2008-1043.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FREEBSD_PKG_6ECD0B42CE7711DC89B1000E35248AD7.NASL", "SUSE_XINE-DEVEL-5080.NASL", "UBUNTU_USN-635-1.NASL", "FEDORA_2008-1543.NASL", "SUSE_XINE-DEVEL-5078.NASL", "GENTOO_GLSA-200604-16.NASL", "FEDORA_2008-1047.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "osvdb", "idList": ["OSVDB:25004"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}], "modified": "2021-08-12T13:14:46", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-08-12T13:14:46", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31295);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1664\", \"CVE-2008-0486\", \"CVE-2008-1110\");\n script_xref(name:\"GLSA\", value:\"200802-12\");\n\n script_name(english:\"GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.10.1\"), vulnerable:make_list(\"lt 1.1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:xine-lib", "cpe:/o:gentoo:linux"], "solution": "All xine-lib users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.3"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-02-26T00:00:00", "vulnerabilityPublicationDate": "2006-04-04T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-12T13:14:46", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0486", "CVE-2006-1664", "CVE-2008-1110"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486", "UB:CVE-2008-1110", "UB:CVE-2006-1664"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200604-16", "GLSA-200802-12"]}, {"type": "exploitdb", "idList": ["EDB-ID:1641"]}, {"type": "openvas", "idList": ["OPENVAS:860892", "OPENVAS:860572", "OPENVAS:56683", "OPENVAS:860441", "OPENVAS:860920", "OPENVAS:1361412562310830468", "OPENVAS:60285", "OPENVAS:60533", "OPENVAS:60449", "OPENVAS:830474"]}, {"type": "osvdb", "idList": ["OSVDB:25004"]}, {"type": "freebsd", "idList": ["6ECD0B42-CE77-11DC-89B1-000E35248AD7", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["FEDORA_2008-1581.NASL", "UBUNTU_USN-635-1.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_6ECD0B42CE7711DC89B1000E35248AD7.NASL", "GENTOO_GLSA-200604-16.NASL", "FEDORA_2008-1047.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "FEDORA_2008-1043.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:VULN:8631"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}], "modified": "2021-08-19T13:11:04", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-08-19T13:11:04", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31295);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1664\", \"CVE-2008-0486\", \"CVE-2008-1110\");\n script_xref(name:\"GLSA\", value:\"200802-12\");\n\n script_name(english:\"GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-12\n(xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies)\n discovered a stack-based buffer overflow within the open_flac_file()\n function in the file demux_flac.c when parsing tags within a FLAC file\n (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is\n similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n \nImpact :\n\n A remote attacker could entice a user to play specially crafted FLAC or\n ASF video streams with a player using xine-lib, potentially resulting\n in the execution of arbitrary code with the privileges of the user\n running the player.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.10.1\"), vulnerable:make_list(\"lt 1.1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:xine-lib", "cpe:/o:gentoo:linux"], "solution": "All xine-lib users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.10.1'", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.3"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-02-26T00:00:00", "vulnerabilityPublicationDate": "2006-04-04T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "DEBIAN_DSA-1496.NASL", "hash": "b6d64adf630b796f27b35efac41aadac", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0485 Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.\n\n - CVE-2008-0486 Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.\n\n - CVE-2008-0629 Adam Bozanich discovered a buffer overflow in the CDDB access code.\n\n - CVE-2008-0630 Adam Bozanich discovered a buffer overflow in URL parsing.", "published": "2008-02-14T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31056", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485", "https://security-tracker.debian.org/tracker/CVE-2008-0485", "https://security-tracker.debian.org/tracker/CVE-2008-0630", "https://www.debian.org/security/2008/dsa-1496", "https://security-tracker.debian.org/tracker/CVE-2008-0486", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630", "https://security-tracker.debian.org/tracker/CVE-2008-0629"], "cvelist": ["CVE-2008-0485", "CVE-2008-0486", "CVE-2008-0629", "CVE-2008-0630"], "immutableFields": [], "lastseen": "2021-08-19T13:11:19", "history": [{"bulletin": {"id": "DEBIAN_DSA-1496.NASL", "hash": "0ec812fdc1345fe512e1bbffd213406b18308f5fcd213df9925f0260c486b239", "type": "nessus", "bulletinFamily": "exploit", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0485 Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.\n\n - CVE-2008-0486 Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.\n\n - CVE-2008-0629 Adam Bozanich discovered a buffer overflow in the CDDB access code.\n\n - CVE-2008-0630 Adam Bozanich discovered a buffer overflow in URL parsing.", "published": "2008-02-14T00:00:00", "modified": "2014-05-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31056", "reporter": "Tenable", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0630", "https://security-tracker.debian.org/tracker/CVE-2008-0629", "https://security-tracker.debian.org/tracker/CVE-2008-0485", "http://www.debian.org/security/2008/dsa-1496"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2016-09-26T17:23:16", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "pluginID": "31056", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31056);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2014/05/03 11:14:59 $\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_osvdb_id(42197, 42199, 42200, 42201);\n script_xref(name:\"DSA\", value:\"1496\");\n\n script_name(english:\"Debian DSA-1496-1 : mplayer - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2008/dsa-1496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mplayer\", reference:\"1.0~rc1-12etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mplayer-doc\", reference:\"1.0~rc1-12etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2016-09-26T17:23:16", "differentElements": ["bulletinFamily", "cpe", "modified", "references", "sourceData"], "edition": 1}, {"bulletin": {"id": "DEBIAN_DSA-1496.NASL", "hash": "de7c597dfb009e2b65e22732d889569e24f53ed3563e13a825d3f3aa007dd463", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0485 Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.\n\n - CVE-2008-0486 Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.\n\n - CVE-2008-0629 Adam Bozanich discovered a buffer overflow in the CDDB access code.\n\n - CVE-2008-0630 Adam Bozanich discovered a buffer overflow in URL parsing.", "published": "2008-02-14T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31056", "reporter": "Tenable", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0630", "https://security-tracker.debian.org/tracker/CVE-2008-0629", "https://security-tracker.debian.org/tracker/CVE-2008-0485", "https://www.debian.org/security/2008/dsa-1496"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2018-11-11T12:40:13", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31056", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31056);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"DSA\", value:\"1496\");\n\n script_name(english:\"Debian DSA-1496-1 : mplayer - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mplayer\", reference:\"1.0~rc1-12etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mplayer-doc\", reference:\"1.0~rc1-12etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:mplayer"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-11-11T12:40:13", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "DEBIAN_DSA-1496.NASL", "hash": "b8362bcecc86604bc94a8aff8e798c8e02db98b29010b73c62bbd69326aa1fa5", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.", "published": "2008-02-14T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31056", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0630", "https://security-tracker.debian.org/tracker/CVE-2008-0629", "https://security-tracker.debian.org/tracker/CVE-2008-0485", "https://www.debian.org/security/2008/dsa-1496"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2019-12-13T06:51:03", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-12-13T06:51:03", "references": [{"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:60519"], "type": "openvas"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2019-12-13T06:51:03", "value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31056", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31056);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"DSA\", value:\"1496\");\n\n script_name(english:\"Debian DSA-1496-1 : mplayer - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mplayer\", reference:\"1.0~rc1-12etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mplayer-doc\", reference:\"1.0~rc1-12etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:mplayer"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-12-13T06:51:03", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "DEBIAN_DSA-1496.NASL", "hash": "0d29710760347c94c342498d2ab550f19efda2bd8d5d40fef4428ca2c3062738", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.", "published": "2008-02-14T00:00:00", "modified": "2020-04-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31056", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0630", "https://security-tracker.debian.org/tracker/CVE-2008-0629", "https://security-tracker.debian.org/tracker/CVE-2008-0485", "https://www.debian.org/security/2008/dsa-1496"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2020-04-01T06:59:11", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-04-01T06:59:11", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["OPENVAS:60529", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-04-01T06:59:11", "rev": 2, "value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31056", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31056);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"DSA\", value:\"1496\");\n\n script_name(english:\"Debian DSA-1496-1 : mplayer - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mplayer\", reference:\"1.0~rc1-12etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mplayer-doc\", reference:\"1.0~rc1-12etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:mplayer"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-04-01T06:59:11", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "DEBIAN_DSA-1496.NASL", "hash": "2f56b7f53633e79a12e086d6f19af2357c81c556a743899fb10609ab7f3803b6", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.", "published": "2008-02-14T00:00:00", "modified": "2008-02-14T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31056", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0630", "https://security-tracker.debian.org/tracker/CVE-2008-0629", "https://security-tracker.debian.org/tracker/CVE-2008-0485", "https://www.debian.org/security/2008/dsa-1496"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-01-06T09:44:57", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-01-06T09:44:57", "references": [{"idList": ["UB:CVE-2008-0630", "UB:CVE-2008-0486", "UB:CVE-2008-0485", "UB:CVE-2008-0629"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-06T09:44:57", "rev": 2, "value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31056);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"DSA\", value:\"1496\");\n\n script_name(english:\"Debian DSA-1496-1 : mplayer - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mplayer\", reference:\"1.0~rc1-12etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mplayer-doc\", reference:\"1.0~rc1-12etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:mplayer"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-06T09:44:57", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "DEBIAN_DSA-1496.NASL", "hash": "38f122b7993e88781db50a55d35d8ec2", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.", "published": "2008-02-14T00:00:00", "modified": "2008-02-14T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31056", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0630", "https://security-tracker.debian.org/tracker/CVE-2008-0629", "https://security-tracker.debian.org/tracker/CVE-2008-0485", "https://www.debian.org/security/2008/dsa-1496"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-07-28T23:01:54", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19149"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:60519", "OPENVAS:830468", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:60529", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:830756"]}, {"type": "nessus", "idList": ["SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "GENTOO_GLSA-200802-12.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL", "FEDORA_2008-1543.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "cve", "idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0485", "UB:CVE-2008-0486", "UB:CVE-2008-0629", "UB:CVE-2008-0630"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-28T23:01:54", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-07-28T23:01:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31056);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"DSA\", value:\"1496\");\n\n script_name(english:\"Debian DSA-1496-1 : mplayer - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mplayer\", reference:\"1.0~rc1-12etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mplayer-doc\", reference:\"1.0~rc1-12etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:mplayer"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:01:54", "differentElements": ["cvss2", "cvss3", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "DEBIAN_DSA-1496.NASL", "hash": "30bf4619942ac7ff5a654a772b7a8b74", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0485 Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.\n\n - CVE-2008-0486 Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.\n\n - CVE-2008-0629 Adam Bozanich discovered a buffer overflow in the CDDB access code.\n\n - CVE-2008-0630 Adam Bozanich discovered a buffer overflow in URL parsing.", "published": "2008-02-14T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31056", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2008/dsa-1496", "https://security-tracker.debian.org/tracker/CVE-2008-0629", "https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0630", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0485"], "cvelist": ["CVE-2008-0485", "CVE-2008-0486", "CVE-2008-0629", "CVE-2008-0630"], "immutableFields": [], "lastseen": "2021-08-12T13:14:30", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19006", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19007"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "openvas", "idList": ["OPENVAS:60519", "OPENVAS:830756", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:1361412562310830756", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60371", "OPENVAS:60529", "OPENVAS:860920"]}, {"type": "cve", "idList": ["CVE-2008-0629", "CVE-2008-0486", "CVE-2008-0485", "CVE-2008-0630"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0629", "UB:CVE-2008-0486", "UB:CVE-2008-0630", "UB:CVE-2008-0485"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2008-0122", "CORE-2007-1218"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-12T13:14:30", "rev": 2}, "score": {"value": 9.2, "vector": "NONE", "modified": "2021-08-12T13:14:30", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31056);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"DSA\", value:\"1496\");\n\n script_name(english:\"Debian DSA-1496-1 : mplayer - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mplayer\", reference:\"1.0~rc1-12etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mplayer-doc\", reference:\"1.0~rc1-12etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:mplayer", "cpe:/o:debian:debian_linux:4.0"], "solution": "Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in version 1.0~rc1-12etch2.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-02-12T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact"]}, "lastseen": "2021-08-12T13:14:30", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631"]}, {"type": "openvas", "idList": ["OPENVAS:60371", "OPENVAS:1361412562310830474", "OPENVAS:1361412562310830756", "OPENVAS:60533", "OPENVAS:860920", "OPENVAS:1361412562310830468", "OPENVAS:60529", "OPENVAS:60519", "OPENVAS:830756", "OPENVAS:830474"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200803-16.NASL", "FEDORA_2008-1581.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "SUSE_XINE-DEVEL-5080.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "GENTOO_GLSA-200802-12.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "cve", "idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0629", "CVE-2008-0485"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0485", "UB:CVE-2008-0630", "UB:CVE-2008-0629", "UB:CVE-2008-0486"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218", "CORE-2008-0122"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:11:19", "rev": 2}, "score": {"value": 9.2, "vector": "NONE", "modified": "2021-08-19T13:11:19", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1496. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31056);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"DSA\", value:\"1496\");\n\n script_name(english:\"Debian DSA-1496-1 : mplayer - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflows have been discovered in the MPlayer movie\nplayer, which might lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0485\n Felipe Manzano and Anibal Sacco discovered a buffer\n overflow in the demuxer for MOV files.\n\n - CVE-2008-0486\n Reimar Doeffinger discovered a buffer overflow in the\n FLAC header parsing.\n\n - CVE-2008-0629\n Adam Bozanich discovered a buffer overflow in the CDDB\n access code.\n\n - CVE-2008-0630\n Adam Bozanich discovered a buffer overflow in URL\n parsing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1496\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"mplayer\", reference:\"1.0~rc1-12etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mplayer-doc\", reference:\"1.0~rc1-12etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:mplayer", "cpe:/o:debian:debian_linux:4.0"], "solution": "Upgrade the mplayer packages.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in version 1.0~rc1-12etch2.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-02-12T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "MANDRIVA_MDVSA-2008-046.NASL", "hash": "f3ff02be5e30f5decfc6948ef5586c73", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.", "published": "2009-04-23T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/36358", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629"], "cvelist": ["CVE-2008-0485", "CVE-2008-0486", "CVE-2008-0629", "CVE-2008-0630"], "immutableFields": [], "lastseen": "2021-08-19T13:08:04", "history": [{"bulletin": {"id": "MANDRIVA_MDVSA-2008-046.NASL", "hash": "41ecfa14ece529e05462aae08c423d4810943f591285a662b1d6fa8ad4cfd28d", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.", "published": "2009-04-23T00:00:00", "modified": "2016-11-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36358", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2016-11-29T05:35:18", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "pluginID": "36358", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36358);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/11/28 21:39:22 $\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"MDVSA\", value:\"2008:046-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-aa-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-arts-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-caca-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-dxr3-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-esd-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-flac-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-gnomevfs-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-image-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-jack-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-plugins-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-pulse-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-sdl-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-smb-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2016-11-29T05:35:18", "differentElements": ["cpe", "description", "modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "MANDRIVA_MDVSA-2008-046.NASL", "hash": "050d02b0da8283a02e6d065345fc0ab74ce07bd526101b4b23971a9990d629b7", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.", "published": "2009-04-23T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36358", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2019-01-16T20:09:02", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-01-16T20:09:02", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:60529", "OPENVAS:830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "36358", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36358);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"MDVSA\", value:\"2008:046-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-aa-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-arts-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-caca-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-dxr3-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-esd-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-flac-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-gnomevfs-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-image-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-jack-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-plugins-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-pulse-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-sdl-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-smb-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": ["p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:xine-caca", "p-cpe:/a:mandriva:linux:libxine1", "p-cpe:/a:mandriva:linux:xine-smb", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-esd", "p-cpe:/a:mandriva:linux:lib64xine-devel", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:xine-jack", "p-cpe:/a:mandriva:linux:xine-pulse", "p-cpe:/a:mandriva:linux:xine-arts", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:xine-dxr3", "p-cpe:/a:mandriva:linux:xine-sdl", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:libxine-devel", "p-cpe:/a:mandriva:linux:xine-aa", "p-cpe:/a:mandriva:linux:xine-image"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-01-16T20:09:02", "differentElements": ["cvss", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "MANDRIVA_MDVSA-2008-046.NASL", "hash": "12dae44d072a99fd8bce923202abac8ae17073fdf791537daf61226712338ed8", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.", "published": "2009-04-23T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/36358", "reporter": "This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2019-12-13T08:05:34", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2019-12-13T08:05:34", "references": [{"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:60519"], "type": "openvas"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2019-12-13T08:05:34", "value": 8.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "36358", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36358);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:50\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"MDVSA\", value:\"2008:046-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-aa-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-arts-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-caca-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-dxr3-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-esd-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-flac-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-gnomevfs-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-image-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-jack-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-plugins-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-pulse-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-sdl-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-smb-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": ["p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:xine-caca", "p-cpe:/a:mandriva:linux:libxine1", "p-cpe:/a:mandriva:linux:xine-smb", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-esd", "p-cpe:/a:mandriva:linux:lib64xine-devel", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:xine-jack", "p-cpe:/a:mandriva:linux:xine-pulse", "p-cpe:/a:mandriva:linux:xine-arts", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:xine-dxr3", "p-cpe:/a:mandriva:linux:xine-sdl", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:libxine-devel", "p-cpe:/a:mandriva:linux:xine-aa", "p-cpe:/a:mandriva:linux:xine-image"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-12-13T08:05:34", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "MANDRIVA_MDVSA-2008-046.NASL", "hash": "f079160ec15a6a5d01b95a39e39a1a939c116174701910d6314b6710b8c2d2ad", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.", "published": "2009-04-23T00:00:00", "modified": "2020-03-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/36358", "reporter": "This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2020-03-18T01:21:38", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-03-18T01:21:38", "references": [{"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:60519"], "type": "openvas"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2020-03-18T01:21:38", "value": 8.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "36358", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36358);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:50\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"MDVSA\", value:\"2008:046-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-aa-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-arts-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-caca-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-dxr3-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-esd-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-flac-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-gnomevfs-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-image-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-jack-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-plugins-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-pulse-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-sdl-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-smb-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": ["p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:xine-caca", "p-cpe:/a:mandriva:linux:libxine1", "p-cpe:/a:mandriva:linux:xine-smb", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-esd", "p-cpe:/a:mandriva:linux:lib64xine-devel", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:xine-jack", "p-cpe:/a:mandriva:linux:xine-pulse", "p-cpe:/a:mandriva:linux:xine-arts", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:xine-dxr3", "p-cpe:/a:mandriva:linux:xine-sdl", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:libxine-devel", "p-cpe:/a:mandriva:linux:xine-aa", "p-cpe:/a:mandriva:linux:xine-image"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-03-18T01:21:38", "differentElements": ["cvss2", "modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "MANDRIVA_MDVSA-2008-046.NASL", "hash": "2ee331559cff73be0f01cbb628e77cf4", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.", "published": "2009-04-23T00:00:00", "modified": "2009-04-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/36358", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-01-07T11:51:50", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-01-07T11:51:50", "references": [{"idList": ["UB:CVE-2008-0630", "UB:CVE-2008-0486", "UB:CVE-2008-0485", "UB:CVE-2008-0629"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["OPENVAS:60529", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-07T11:51:50", "rev": 2, "value": 8.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "36358", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36358);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"MDVSA\", value:\"2008:046-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-aa-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-arts-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-caca-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-dxr3-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-esd-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-flac-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-gnomevfs-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-image-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-jack-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-plugins-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-pulse-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-sdl-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-smb-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": ["p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:xine-caca", "p-cpe:/a:mandriva:linux:libxine1", "p-cpe:/a:mandriva:linux:xine-smb", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-esd", "p-cpe:/a:mandriva:linux:lib64xine-devel", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:xine-jack", "p-cpe:/a:mandriva:linux:xine-pulse", "p-cpe:/a:mandriva:linux:xine-arts", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:xine-dxr3", "p-cpe:/a:mandriva:linux:xine-sdl", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:libxine-devel", "p-cpe:/a:mandriva:linux:xine-aa", "p-cpe:/a:mandriva:linux:xine-image"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T11:51:50", "differentElements": ["cpe", "cvss2", "naslFamily", "sourceData"], "edition": 5}, {"bulletin": {"id": "MANDRIVA_MDVSA-2008-046.NASL", "hash": "ca0c8aba563d15aad35e12698d06337c2e028dc8d957e0e7c3acbb4b7c6c579c", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.", "published": "2009-04-23T00:00:00", "modified": "2009-04-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/36358", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-01-07T11:51:50", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-01-07T11:51:50", "references": [{"idList": ["UB:CVE-2008-0630", "UB:CVE-2008-0486", "UB:CVE-2008-0485", "UB:CVE-2008-0629"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["OPENVAS:60529", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-07T11:51:50", "rev": 2, "value": 8.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "36358", "sourceData": "", "naslFamily": "", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T11:51:50", "differentElements": ["cpe", "cvss3", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "naslFamily", "patchPublicationDate", "references", "solution", "sourceData", "vpr"], "edition": 6}, {"bulletin": {"id": "MANDRIVA_MDVSA-2008-046.NASL", "hash": "c1bd482fcbe995936212929a3e997c71", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.", "published": "2009-04-23T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/36358", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485"], "cvelist": ["CVE-2008-0485", "CVE-2008-0486", "CVE-2008-0629", "CVE-2008-0630"], "immutableFields": [], "lastseen": "2021-08-11T14:38:35", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19006", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19007"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "openvas", "idList": ["OPENVAS:60519", "OPENVAS:830756", "OPENVAS:60533", "OPENVAS:830474", "OPENVAS:1361412562310830756", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60371", "OPENVAS:60529", "OPENVAS:860920"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "cve", "idList": ["CVE-2008-0629", "CVE-2008-0486", "CVE-2008-0485", "CVE-2008-0630"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0629", "UB:CVE-2008-0486", "UB:CVE-2008-0630", "UB:CVE-2008-0485"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2008-0122", "CORE-2007-1218"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-11T14:38:35", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-08-11T14:38:35", "rev": 2}}, "objectVersion": "1.6", "pluginID": "36358", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36358);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"MDVSA\", value:\"2008:046-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-aa-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-arts-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-caca-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-dxr3-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-esd-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-flac-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-gnomevfs-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-image-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-jack-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-plugins-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-pulse-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-sdl-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-smb-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": ["p-cpe:/a:mandriva:linux:lib64xine-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:libxine-devel", "p-cpe:/a:mandriva:linux:libxine1", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:xine-aa", "p-cpe:/a:mandriva:linux:xine-arts", "p-cpe:/a:mandriva:linux:xine-caca", "p-cpe:/a:mandriva:linux:xine-dxr3", "p-cpe:/a:mandriva:linux:xine-esd", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:xine-image", "p-cpe:/a:mandriva:linux:xine-jack", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:xine-pulse", "p-cpe:/a:mandriva:linux:xine-sdl", "p-cpe:/a:mandriva:linux:xine-smb", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0"], "solution": "Update the affected packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-02-20T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact"]}, "lastseen": "2021-08-11T14:38:35", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007"]}, {"type": "openvas", "idList": ["OPENVAS:830468", "OPENVAS:60371", "OPENVAS:860920", "OPENVAS:830474", "OPENVAS:60529", "OPENVAS:1361412562310830468", "OPENVAS:1361412562310830756", "OPENVAS:60533", "OPENVAS:830756", "OPENVAS:60519"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2008-045.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "DEBIAN_DSA-1496.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "FEDORA_2008-1581.NASL", "GENTOO_GLSA-200803-16.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1496-1:61CB9", "DEBIAN:DSA-1536-1:8073C"]}, {"type": "cve", "idList": ["CVE-2008-0486", "CVE-2008-0485", "CVE-2008-0630", "CVE-2008-0629"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0486", "UB:CVE-2008-0485", "UB:CVE-2008-0629", "UB:CVE-2008-0630"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218", "CORE-2008-0122"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:08:04", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-08-19T13:08:04", "rev": 2}}, "objectVersion": "1.6", "pluginID": "36358", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36358);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"MDVSA\", value:\"2008:046-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index vulnerability found in the FLAC audio demuxer might\nallow remote attackers to execute arbitrary code via a crafted FLAC\ntag, which triggers a buffer overflow. Although originally an MPlayer\nissue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very\nunresponsive while playing FLAC files. This new update fixes the\nsecurity issue with a better patch.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxine1-devel-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-aa-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-arts-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-caca-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-dxr3-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-esd-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-flac-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-gnomevfs-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-image-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-jack-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-plugins-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-pulse-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-sdl-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"xine-smb-1.1.4-6.7mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine-devel-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxine1-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-aa-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-caca-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-dxr3-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-esd-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-flac-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-gnomevfs-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-image-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-jack-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-plugins-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-pulse-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-sdl-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xine-smb-1.1.8-4.5mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": ["p-cpe:/a:mandriva:linux:lib64xine-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:libxine-devel", "p-cpe:/a:mandriva:linux:libxine1", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:xine-aa", "p-cpe:/a:mandriva:linux:xine-arts", "p-cpe:/a:mandriva:linux:xine-caca", "p-cpe:/a:mandriva:linux:xine-dxr3", "p-cpe:/a:mandriva:linux:xine-esd", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:xine-image", "p-cpe:/a:mandriva:linux:xine-jack", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:xine-pulse", "p-cpe:/a:mandriva:linux:xine-sdl", "p-cpe:/a:mandriva:linux:xine-smb", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-02-20T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "GENTOO_GLSA-200803-16.NASL", "hash": "16bf2d22021bb51559b241a684cf0192", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16 (MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies) reported an array indexing error in the file libmpdemux/demux_mov.c when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza and Alfredo Ortega (Core Security Technologies) reported a boundary error in the file libmpdemux/demux_audio.c when parsing FLAC comments (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary errors in the cddb_parse_matches_list() and cddb_query_parse() functions in the file stream_cddb.c when parsing CDDB album titles (CVE-2008-0629) and in the url_scape_string() function in the file stream/url.c when parsing URLS (CVE-2008-0630).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31442", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200803-16", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630"], "cvelist": ["CVE-2008-0485", "CVE-2008-0486", "CVE-2008-0629", "CVE-2008-0630"], "immutableFields": [], "lastseen": "2021-08-19T13:11:07", "history": [{"bulletin": {"id": "GENTOO_GLSA-200803-16.NASL", "hash": "7e77c2ab76e2ff9983b65b83fa4be983e2e61e0fa15075afe3863f915e739f53", "type": "nessus", "bulletinFamily": "exploit", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16 (MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies) reported an array indexing error in the file libmpdemux/demux_mov.c when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza and Alfredo Ortega (Core Security Technologies) reported a boundary error in the file libmpdemux/demux_audio.c when parsing FLAC comments (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary errors in the cddb_parse_matches_list() and cddb_query_parse() functions in the file stream_cddb.c when parsing CDDB album titles (CVE-2008-0629) and in the url_scape_string() function in the file stream/url.c when parsing URLS (CVE-2008-0630).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "modified": "2015-04-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31442", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/200803-16"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2016-09-26T17:25:38", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "pluginID": "31442", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-16.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31442);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:04:25 $\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_osvdb_id(42197, 42199, 42200, 42201);\n script_xref(name:\"GLSA\", value:\"200803-16\");\n\n script_name(english:\"GLSA-200803-16 : MPlayer: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p25993\"), vulnerable:make_list(\"lt 1.0_rc2_p25993\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2016-09-26T17:25:38", "differentElements": ["bulletinFamily", "cpe", "description", "modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "GENTOO_GLSA-200803-16.NASL", "hash": "ab1a13a38a6c3cbbb9905d41d7ff507ac9313b07e50b7ecf8d3da88abed72434", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "modified": "2018-08-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31442", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/200803-16"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2019-01-16T20:08:10", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-01-16T20:08:10", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31442", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31442);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"GLSA\", value:\"200803-16\");\n\n script_name(english:\"GLSA-200803-16 : MPlayer: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p25993\"), vulnerable:make_list(\"lt 1.0_rc2_p25993\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:mplayer", "cpe:/o:gentoo:linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-01-16T20:08:10", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "GENTOO_GLSA-200803-16.NASL", "hash": "bfe5b5be9792b556be784e11a90210573f73db47b58d793cae7da7826f17d868", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31442", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200803-16"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2019-12-13T07:33:22", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2019-12-13T07:33:22", "references": [{"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:60519"], "type": "openvas"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2019-12-13T07:33:22", "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31442", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31442);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"GLSA\", value:\"200803-16\");\n\n script_name(english:\"GLSA-200803-16 : MPlayer: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p25993\"), vulnerable:make_list(\"lt 1.0_rc2_p25993\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:mplayer", "cpe:/o:gentoo:linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-12-13T07:33:22", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "GENTOO_GLSA-200803-16.NASL", "hash": "60bce8eff6199f2d089fd4d037c74d57fd35748a6a7c44d664c08d84b6165c53", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "modified": "2020-08-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31442", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200803-16"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2020-08-01T02:25:22", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-08-01T02:25:22", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-08-01T02:25:22", "rev": 2, "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31442", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31442);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"GLSA\", value:\"200803-16\");\n\n script_name(english:\"GLSA-200803-16 : MPlayer: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p25993\"), vulnerable:make_list(\"lt 1.0_rc2_p25993\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:mplayer", "cpe:/o:gentoo:linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-08-01T02:25:22", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "GENTOO_GLSA-200803-16.NASL", "hash": "03abb323da01fea89e5f217e5c1cf9d26151bc4788f06c0c3fd13fb95e715284", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "modified": "2008-03-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31442", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200803-16"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-01-07T10:52:20", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-01-07T10:52:20", "references": [{"idList": ["UB:CVE-2008-0630", "UB:CVE-2008-0486", "UB:CVE-2008-0485", "UB:CVE-2008-0629"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-07T10:52:20", "rev": 2, "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31442);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"GLSA\", value:\"200803-16\");\n\n script_name(english:\"GLSA-200803-16 : MPlayer: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p25993\"), vulnerable:make_list(\"lt 1.0_rc2_p25993\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:mplayer", "cpe:/o:gentoo:linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:52:20", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "GENTOO_GLSA-200803-16.NASL", "hash": "bff6c772be06057efcfe327b261680a6", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "modified": "2008-03-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31442", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200803-16"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-07-29T00:18:53", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19007", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19006"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830468", "OPENVAS:830474", "OPENVAS:60533", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:60529", "OPENVAS:830756", "OPENVAS:60371", "OPENVAS:60519", "OPENVAS:1361412562310830474"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2008-046.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5078.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1543.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "cve", "idList": ["CVE-2008-0629", "CVE-2008-0486", "CVE-2008-0485", "CVE-2008-0630"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0630", "UB:CVE-2008-0485", "UB:CVE-2008-0486", "UB:CVE-2008-0629"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-29T00:18:53", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-07-29T00:18:53", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31442);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"GLSA\", value:\"200803-16\");\n\n script_name(english:\"GLSA-200803-16 : MPlayer: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p25993\"), vulnerable:make_list(\"lt 1.0_rc2_p25993\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:mplayer", "cpe:/o:gentoo:linux"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:18:53", "differentElements": ["cvss2", "cvss3", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "GENTOO_GLSA-200803-16.NASL", "hash": "000a07a235515e4217f4221eac9974c8", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16 (MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies) reported an array indexing error in the file libmpdemux/demux_mov.c when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza and Alfredo Ortega (Core Security Technologies) reported a boundary error in the file libmpdemux/demux_audio.c when parsing FLAC comments (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary errors in the cddb_parse_matches_list() and cddb_query_parse() functions in the file stream_cddb.c when parsing CDDB album titles (CVE-2008-0629) and in the url_scape_string() function in the file stream/url.c when parsing URLS (CVE-2008-0630).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31442", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "https://security.gentoo.org/glsa/200803-16"], "cvelist": ["CVE-2008-0485", "CVE-2008-0486", "CVE-2008-0629", "CVE-2008-0630"], "immutableFields": [], "lastseen": "2021-08-12T13:14:37", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "openvas", "idList": ["OPENVAS:60519", "OPENVAS:830756", "OPENVAS:60533", "OPENVAS:1361412562310830756", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60371", "OPENVAS:60529", "OPENVAS:860920"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19006", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19007"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "cve", "idList": ["CVE-2008-0629", "CVE-2008-0486", "CVE-2008-0485", "CVE-2008-0630"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0629", "UB:CVE-2008-0486", "UB:CVE-2008-0630", "UB:CVE-2008-0485"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2008-0122", "CORE-2007-1218"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-12T13:14:37", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-08-12T13:14:37", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31442);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"GLSA\", value:\"200803-16\");\n\n script_name(english:\"GLSA-200803-16 : MPlayer: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p25993\"), vulnerable:make_list(\"lt 1.0_rc2_p25993\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:mplayer", "cpe:/o:gentoo:linux"], "solution": "All MPlayer users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-03-10T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact"]}, "lastseen": "2021-08-12T13:14:37", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200803-16", "GLSA-200802-12"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "nessus", "idList": ["SUSE_XINE-DEVEL-5080.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200802-12.NASL", "FEDORA_2008-1543.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19370"]}, {"type": "openvas", "idList": ["OPENVAS:830468", "OPENVAS:60533", "OPENVAS:1361412562310830756", "OPENVAS:60519", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60529", "OPENVAS:860920", "OPENVAS:60371", "OPENVAS:830474"]}, {"type": "cve", "idList": ["CVE-2008-0630", "CVE-2008-0629", "CVE-2008-0485", "CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0629", "UB:CVE-2008-0485", "UB:CVE-2008-0630", "UB:CVE-2008-0486"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218", "CORE-2008-0122"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:11:07", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-08-19T13:11:07", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31442);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"GLSA\", value:\"200803-16\");\n\n script_name(english:\"GLSA-200803-16 : MPlayer: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-16\n(MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies)\n reported an array indexing error in the file libmpdemux/demux_mov.c\n when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza\n and Alfredo Ortega (Core Security Technologies) reported a boundary\n error in the file libmpdemux/demux_audio.c when parsing FLAC comments\n (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary\n errors in the cddb_parse_matches_list() and cddb_query_parse()\n functions in the file stream_cddb.c when parsing CDDB album titles\n (CVE-2008-0629) and in the url_scape_string() function in the file\n stream/url.c when parsing URLS (CVE-2008-0630).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the\n privileges of the user running MPlayer.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p25993\"), vulnerable:make_list(\"lt 1.0_rc2_p25993\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:mplayer", "cpe:/o:gentoo:linux"], "solution": "All MPlayer users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p25993'", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-03-10T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "hash": "cea8b25bb1aeb7b3b245f0f7c7e9ce3c", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles from CDDB server answers. When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious database entry could trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving a pointer to a temporary buffer with a non-NULL value; this causes the unescape code to reuse the buffer, and may lead to a buffer overflow if the old buffer is smaller than required. A malicious URL string may be used to trigger a buffer overflow in the program, that can lead to arbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file headers. The code read some values from the file and used them as indexes into as array allocated on the heap without performing any boundary check. A malicious file may be used to trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31378", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f7282845", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630"], "cvelist": ["CVE-2008-0485", "CVE-2008-0486", "CVE-2008-0629", "CVE-2008-0630"], "immutableFields": [], "lastseen": "2021-08-19T13:10:59", "history": [{"bulletin": {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "hash": "54ae0b5f5674b92ad862dfe38b1b975d319ae731161e18801524a718b8388f23", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles from CDDB server answers. When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious database entry could trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving a pointer to a temporary buffer with a non-NULL value; this causes the unescape code to reuse the buffer, and may lead to a buffer overflow if the old buffer is smaller than required. A malicious URL string may be used to trigger a buffer overflow in the program, that can lead to arbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file headers. The code read some values from the file and used them as indexes into as array allocated on the heap without performing any boundary check. A malicious file may be used to trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "modified": "2016-12-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31378", "reporter": "Tenable", "references": ["http://www.nessus.org/u?4f86faa5"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2018-08-30T19:42:16", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31378", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31378);\n script_version(\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:42:12 $\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"Secunia\", value:\"28779\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.\"\n );\n # http://www.freebsd.org/ports/portaudit/de4d4110-ebce-11dc-ae14-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f86faa5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-08-30T19:42:16", "differentElements": ["cvss", "description", "href", "modified", "references", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "hash": "5e17cafb9ffb29fa7e05c4569e81add6b32bd03d4797ea0ce0c04237910a76b1", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "modified": "2020-01-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31378", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f7282845"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2020-01-01T07:46:46", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2020-01-01T07:46:46", "references": [{"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:60519"], "type": "openvas"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}]}, "score": {"modified": "2020-01-01T07:46:46", "value": 7.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31378", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31378);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"Secunia\", value:\"28779\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.\"\n );\n # https://vuxml.freebsd.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7282845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-01-01T07:46:46", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "hash": "ace201cceef1062f5a5a4a686967926bcf16fd2ceab9498aebedf3ee797f1359", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "modified": "2020-07-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31378", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f7282845"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2020-07-01T02:07:37", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2020-07-01T02:07:37", "references": [{"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:60529", "OPENVAS:830474", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-07-01T02:07:37", "rev": 2, "value": 7.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31378", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31378);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"Secunia\", value:\"28779\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.\"\n );\n # https://vuxml.freebsd.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7282845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-07-01T02:07:37", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "hash": "8158cd5bb34e9b483bfceff31341398ae2c32df0407c91517c24cb6ef435b448", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31378", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f7282845"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-01-01T02:46:08", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-01-01T02:46:08", "references": [{"idList": ["OPENVAS:60529", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:860441", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-01T02:46:08", "rev": 2, "value": 7.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31378", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31378);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"Secunia\", value:\"28779\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.\"\n );\n # https://vuxml.freebsd.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7282845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-01T02:46:08", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "hash": "9c4dd0235075fc6c95e6f321371bfd6c26660eab43c1940648e100a2476b9693", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "modified": "2008-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31378", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f7282845"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-01-07T10:50:43", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2021-01-07T10:50:43", "references": [{"idList": ["UB:CVE-2008-0630", "UB:CVE-2008-0486", "UB:CVE-2008-0485", "UB:CVE-2008-0629"], "type": "ubuntucve"}, {"idList": ["GLSA-200803-16", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768"], "type": "securityvulns"}, {"idList": ["EDB-ID:31076"], "type": "exploitdb"}, {"idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"], "type": "fedora"}, {"idList": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "type": "cve"}, {"idList": ["KLA10253"], "type": "kaspersky"}, {"idList": ["USN-635-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["SSV:2889"], "type": "seebug"}, {"idList": ["OPENVAS:60529", "OPENVAS:830468", "OPENVAS:1361412562310830468", "OPENVAS:60371", "OPENVAS:1361412562310830756", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:830756", "OPENVAS:60519", "OPENVAS:60533"], "type": "openvas"}, {"idList": ["FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1581.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "DEBIAN_DSA-1496.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200803-16.NASL"], "type": "nessus"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-07T10:50:43", "rev": 2, "value": 7.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31378);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"Secunia\", value:\"28779\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.\"\n );\n # https://vuxml.freebsd.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7282845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:50:43", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "hash": "615137f6ddafbb5e698d88698fef112a", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "modified": "2008-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31378", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f7282845"], "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "immutableFields": [], "lastseen": "2021-07-29T00:16:35", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"]}, {"type": "openvas", "idList": ["OPENVAS:60529", "OPENVAS:860441", "OPENVAS:1361412562310830756", "OPENVAS:60533", "OPENVAS:1361412562310830474", "OPENVAS:60371", "OPENVAS:830756", "OPENVAS:60519", "OPENVAS:830474", "OPENVAS:830468"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2008-045.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FEDORA_2008-1543.NASL", "DEBIAN_DSA-1496.NASL", "FEDORA_2008-1581.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "SUSE_XINE-DEVEL-5080.NASL", "SUSE_XINE-DEVEL-5078.NASL", "GENTOO_GLSA-200802-12.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "cve", "idList": ["CVE-2008-0630", "CVE-2008-0629", "CVE-2008-0486", "CVE-2008-0485"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0629", "UB:CVE-2008-0630", "UB:CVE-2008-0486", "UB:CVE-2008-0485"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "fedora", "idList": ["FEDORA:M1D5BNSN006178", "FEDORA:M1D55W2W005532"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-07-29T00:16:35", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-07-29T00:16:35", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31378);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"Secunia\", value:\"28779\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.\"\n );\n # https://vuxml.freebsd.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7282845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:16:35", "differentElements": ["cvss2", "cvss3", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "hash": "f3000285557eea0b72b36028f2071f0b", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles from CDDB server answers. When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious database entry could trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving a pointer to a temporary buffer with a non-NULL value; this causes the unescape code to reuse the buffer, and may lead to a buffer overflow if the old buffer is smaller than required. A malicious URL string may be used to trigger a buffer overflow in the program, that can lead to arbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file headers. The code read some values from the file and used them as indexes into as array allocated on the heap without performing any boundary check. A malicious file may be used to trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31378", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "http://www.nessus.org/u?f7282845"], "cvelist": ["CVE-2008-0485", "CVE-2008-0486", "CVE-2008-0629", "CVE-2008-0630"], "immutableFields": [], "lastseen": "2021-08-12T13:14:33", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "GENTOO_GLSA-200802-12.NASL", "SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60519", "OPENVAS:830756", "OPENVAS:60533", "OPENVAS:1361412562310830756", "OPENVAS:1361412562310830474", "OPENVAS:1361412562310830468", "OPENVAS:860441", "OPENVAS:60371", "OPENVAS:60529", "OPENVAS:860920"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19370", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19006", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19007"]}, {"type": "cve", "idList": ["CVE-2008-0629", "CVE-2008-0486", "CVE-2008-0485", "CVE-2008-0630"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0629", "UB:CVE-2008-0486", "UB:CVE-2008-0630", "UB:CVE-2008-0485"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2008-0122", "CORE-2007-1218"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-12T13:14:33", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-08-12T13:14:33", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31378);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"Secunia\", value:\"28779\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.\"\n );\n # https://vuxml.freebsd.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7282845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-03-06T00:00:00", "vulnerabilityPublicationDate": "2008-02-05T00:00:00", "exploitableWith": ["Core Impact"]}, "lastseen": "2021-08-12T13:14:33", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-200802-12", "GLSA-200803-16"]}, {"type": "freebsd", "idList": ["DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "E8A6A16D-E498-11DC-BB89-000BCDC1757A"]}, {"type": "nessus", "idList": ["SUSE_XINE-DEVEL-5080.NASL", "FEDORA_2008-1543.NASL", "GENTOO_GLSA-200802-12.NASL", "MANDRIVA_MDVSA-2008-045.NASL", "SUSE_XINE-DEVEL-5078.NASL", "FEDORA_2008-1581.NASL", "DEBIAN_DSA-1496.NASL", "GENTOO_GLSA-200803-16.NASL", "MANDRIVA_MDVSA-2008-046.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19006", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19149", "SECURITYVULNS:VULN:8768", "SECURITYVULNS:DOC:19007"]}, {"type": "openvas", "idList": ["OPENVAS:830756", "OPENVAS:60519", "OPENVAS:860920", "OPENVAS:1361412562310830474", "OPENVAS:60529", "OPENVAS:1361412562310830756", "OPENVAS:830474", "OPENVAS:60371", "OPENVAS:860441", "OPENVAS:60533"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"]}, {"type": "cve", "idList": ["CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629", "CVE-2008-0486"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0485", "UB:CVE-2008-0630", "UB:CVE-2008-0486", "UB:CVE-2008-0629"]}, {"type": "exploitdb", "idList": ["EDB-ID:31076"]}, {"type": "kaspersky", "idList": ["KLA10253"]}, {"type": "coresecurity", "idList": ["CORE-2007-1218", "CORE-2008-0122"]}, {"type": "fedora", "idList": ["FEDORA:M1D55W2W005532", "FEDORA:M1D5BNSN006178"]}, {"type": "seebug", "idList": ["SSV:2889"]}, {"type": "ubuntu", "idList": ["USN-635-1"]}], "modified": "2021-08-19T13:10:59", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-08-19T13:10:59", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31378);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0485\", \"CVE-2008-0486\", \"CVE-2008-0629\", \"CVE-2008-0630\");\n script_xref(name:\"Secunia\", value:\"28779\");\n\n script_name(english:\"FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles\nfrom CDDB server answers. When parsing answers from the CDDB server,\nthe album title is copied into a fixed-size buffer with insufficient\nsize checks, which may cause a buffer overflow. A malicious database\nentry could trigger a buffer overflow in the program. That can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving\na pointer to a temporary buffer with a non-NULL value; this causes the\nunescape code to reuse the buffer, and may lead to a buffer overflow\nif the old buffer is smaller than required. A malicious URL string may\nbe used to trigger a buffer overflow in the program, that can lead to\narbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file\nheaders. The code read some values from the file and used them as\nindexes into as array allocated on the heap without performing any\nboundary check. A malicious file may be used to trigger a buffer\noverflow in the program. That can lead to arbitrary code execution\nwith the UID of the user running MPlayer.\"\n );\n # https://vuxml.freebsd.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7282845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:mplayer", "p-cpe:/a:freebsd:freebsd:mplayer-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk", "p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2", "p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2008-03-06T00:00:00", "vulnerabilityPublicationDate": "2008-02-05T00:00:00", "exploitableWith": ["Core Impact"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "DEBIAN_DSA-1536.NASL", "hash": "79fbf75619cd9f6bedaa4604d07a6d49", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1536-1 : libxine - several vulnerabilities", "description": "Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content.\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-1246 / CVE-2007-1387 The DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only).\n\n - CVE-2008-0073 Array index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.\n\n - CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only).\n\n - CVE-2008-1161 Buffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.", "published": "2008-04-01T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31721", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1161", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464696", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073", "https://security-tracker.debian.org/tracker/CVE-2008-1161", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://www.debian.org/security/2008/dsa-1536", "https://security-tracker.debian.org/tracker/CVE-2007-1246", "https://security-tracker.debian.org/tracker/CVE-2007-1387", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387", "https://security-tracker.debian.org/tracker/CVE-2008-0073"], "cvelist": ["CVE-2007-1246", "CVE-2007-1387", "CVE-2008-0073", "CVE-2008-0486", "CVE-2008-1161"], "immutableFields": [], "lastseen": "2021-08-19T13:10:46", "history": [{"bulletin": {"id": "DEBIAN_DSA-1536.NASL", "hash": "da417d01e1abf5d952ec3a3df18f38df13528cc289906de009cfe052c2cd7719", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1536-1 : libxine - several vulnerabilities", "description": "Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content.\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-1246 / CVE-2007-1387 The DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only).\n\n - CVE-2008-0073 Array index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.\n\n - CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only).\n\n - CVE-2008-1161 Buffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.", "published": "2008-04-01T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31721", "reporter": "Tenable", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-1387", "https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0073", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464696", "https://www.debian.org/security/2008/dsa-1536", "https://security-tracker.debian.org/tracker/CVE-2008-1161", "https://security-tracker.debian.org/tracker/CVE-2007-1246"], "cvelist": ["CVE-2008-0073", "CVE-2008-0486", "CVE-2007-1246", "CVE-2008-1161", "CVE-2007-1387"], "immutableFields": [], "lastseen": "2019-02-21T01:10:49", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-02-21T01:10:49", "references": [{"idList": ["SUSE_XINE-LIB-2988.NASL", "MANDRIVA_MDVSA-2008-178.NASL", "UBUNTU_USN-433-1.NASL", "FREEBSD_PKG_ABEB9B64CE5011DBBC240016179B2DD5.NASL", "MANDRAKE_MDKSA-2007-057.NASL", "MANDRAKE_MDKSA-2007-055.NASL", "SUSE_XINE-DEVEL-5080.NASL", "UBUNTU_USN-635-1.NASL", "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "GENTOO_GLSA-200705-21.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:58230", "OPENVAS:830768", "OPENVAS:58116", "OPENVAS:830340", "OPENVAS:1361412562310830768", "OPENVAS:60658", "OPENVAS:840193", "OPENVAS:136141256231058230", "OPENVAS:1361412562310830340", "OPENVAS:58299"], "type": "openvas"}, {"idList": ["PACKETSTORM:64874"], "type": "packetstorm"}, {"idList": ["SSV:8213", "SSV:2889", "SSV:3072"], "type": "seebug"}, {"idList": ["SSA-2008-089-03", "SSA-2007-109-02"], "type": "slackware"}, {"idList": ["CVE-2008-0073", "CVE-2008-0486", "CVE-2007-1246", "CVE-2008-1161", "CVE-2007-1387"], "type": "cve"}, {"idList": ["GLSA-200705-21", "GLSA-200704-09", "GLSA-200803-16", "GLSA-200808-01", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "ABEB9B64-CE50-11DB-BC24-0016179B2DD5", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}, {"idList": ["SECURITYVULNS:DOC:19504", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:VULN:7330", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["OSVDB:33996", "OSVDB:33995"], "type": "osvdb"}, {"idList": ["USN-433-1", "USN-635-1", "USN-435-1"], "type": "ubuntu"}]}, "score": {"modified": "2019-02-21T01:10:49", "value": 8.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1536. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31721);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-1246\", \"CVE-2007-1387\", \"CVE-2008-0073\", \"CVE-2008-0486\", \"CVE-2008-1161\");\n script_bugtraq_id(22771, 27441, 28312);\n script_xref(name:\"DSA\", value:\"1536\");\n\n script_name(english:\"Debian DSA-1536-1 : libxine - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in Xine, a media\nplayer library, allowed for a denial of service or arbitrary code\nexecution, which could be exploited through viewing malicious content.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-1246 / CVE-2007-1387\n The DMO_VideoDecoder_Open function does not set the\n biSize before use in a memcpy, which allows\n user-assisted remote attackers to cause a buffer\n overflow and possibly execute arbitrary code (applies to\n sarge only).\n\n - CVE-2008-0073\n Array index error in the sdpplin_parse function allows\n remote RTSP servers to execute arbitrary code via a\n large streamid SDP parameter.\n\n - CVE-2008-0486\n Array index vulnerability in libmpdemux/demux_audio.c\n might allow remote attackers to execute arbitrary code\n via a crafted FLAC tag, which triggers a buffer overflow\n (applies to etch only).\n\n - CVE-2008-1161\n Buffer overflow in the Matroska demuxer allows remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via a Matroska file with\n invalid frame sizes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1536\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xine-lib package.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.0.1-1sarge7.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.1.2+dfsg-6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libxine-dev\", reference:\"1.0.1-1sarge7\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxine1\", reference:\"1.0.1-1sarge7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxine-dev\", reference:\"1.1.2+dfsg-6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxine1\", reference:\"1.1.2+dfsg-6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxine1-dbg\", reference:\"1.1.2+dfsg-6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:xine-lib", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-02-21T01:10:49", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "DEBIAN_DSA-1536.NASL", "hash": "f5bf17a1c1785fdee72f646425ca10f96d4a14fd35a86bc0908b50dfce438ca9", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1536-1 : libxine - several vulnerabilities", "description": "Several local vulnerabilities have been discovered in Xine, a media\nplayer library, allowed for a denial of service or arbitrary code\nexecution, which could be exploited through viewing malicious content.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-1246 / CVE-2007-1387\n The DMO_VideoDecoder_Open function does not set the\n biSize before use in a memcpy, which allows\n user-assisted remote attackers to cause a buffer\n overflow and possibly execute arbitrary code (applies to\n sarge only).\n\n - CVE-2008-0073\n Array index error in the sdpplin_parse function allows\n remote RTSP servers to execute arbitrary code via a\n large streamid SDP parameter.\n\n - CVE-2008-0486\n Array index vulnerability in libmpdemux/demux_audio.c\n might allow remote attackers to execute arbitrary code\n via a crafted FLAC tag, which triggers a buffer overflow\n (applies to etch only).\n\n - CVE-2008-1161\n Buffer overflow in the Matroska demuxer allows remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via a Matroska file with\n invalid frame sizes.", "published": "2008-04-01T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31721", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-1387", "https://security-tracker.debian.org/tracker/CVE-2008-0486", "https://security-tracker.debian.org/tracker/CVE-2008-0073", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464696", "https://www.debian.org/security/2008/dsa-1536", "https://security-tracker.debian.org/tracker/CVE-2008-1161", "https://security-tracker.debian.org/tracker/CVE-2007-1246"], "cvelist": ["CVE-2008-0073", "CVE-2008-0486", "CVE-2007-1246", "CVE-2008-1161", "CVE-2007-1387"], "immutableFields": [], "lastseen": "2019-12-13T06:51:03", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-12-13T06:51:03", "references": [{"idList": ["PACKETSTORM:64874"], "type": "packetstorm"}, {"idList": ["SSV:8213", "SSV:2889", "SSV:3072"], "type": "seebug"}, {"idList": ["SSA-2008-089-03", "SSA-2007-109-02"], "type": "slackware"}, {"idList": ["CVE-2008-0073", "CVE-2008-0486", "CVE-2007-1246", "CVE-2008-1161", "CVE-2007-1387"], "type": "cve"}, {"idList": ["GLSA-200705-21", "GLSA-200704-09", "GLSA-200803-16", "GLSA-200808-01", "GLSA-200802-12"], "type": "gentoo"}, {"idList": ["OPENVAS:58230", "OPENVAS:830768", "OPENVAS:58116", "OPENVAS:830340", "OPENVAS:1361412562310830768", "OPENVAS:60658", "OPENVAS:840193", "OPENVAS:1361412562310830474", "OPENVAS:136141256231058230", "OPENVAS:58299"], "type": "openvas"}, {"idList": ["E8A6A16D-E498-11DC-BB89-000BCDC1757A", "ABEB9B64-CE50-11DB-BC24-0016179B2DD5", "DE4D4110-EBCE-11DC-AE14-0016179B2DD5"], "type": "freebsd"}, {"idList": ["SECURITYVULNS:DOC:19504", "SECURITYVULNS:VULN:8631", "SECURITYVULNS:VULN:7330", "SECURITYVULNS:DOC:19370", "SECURITYVULNS:DOC:19007", "SECURITYVULNS:DOC:19149"], "type": "securityvulns"}, {"idList": ["DEBIAN:DSA-1536-1:8073C", "DEBIAN:DSA-1496-1:61CB9"], "type": "debian"}, {"idList": ["OSVDB:33996", "OSVDB:33995"], "type": "osvdb"}, {"idList": ["USN-433-1", "USN-635-1", "USN-435-1"], "type": "ubuntu"}, {"idList": ["SUSE_XINE-LIB-2988.NASL", "MANDRIVA_MDVSA-2008-178.NASL", "UBUNTU_USN-433-1.NASL", "FREEBSD_PKG_ABEB9B64CE5011DBBC240016179B2DD5.NASL", "MANDRAKE_MDKSA-2007-057.NASL", "SUSE_XINE-DEVEL-5078.NASL", "MANDRAKE_MDKSA-2007-055.NASL", "UBUNTU_USN-635-1.NASL", "FEDORA_2008-1581.NASL", "GENTOO_GLSA-200705-21.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-12-13T06:51:03", "value": 8.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31721", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1536. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31721);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2007-1246\", \"CVE-2007-1387\", \"CVE-2008-0073\", \"CVE-2008-0486\", \"CVE-2008-1161\");\n script_bugtraq_id(22771, 27441, 28312);\n script_xref(name:\"DSA\", value:\"1536\");\n\n script_name(english:\"Debian DSA-1536-1 : libxine - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in Xine, a media\nplayer library, allowed for a denial of service or arbitrary code\nexecution, which could be exploited through viewing malicious content.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-1246 / CVE-2007-1387\n The DMO_VideoDecoder_Open function does not set the\n biSize before use in a memcpy, which allows\n user-assisted remote attackers to cause a buffer\n overflow and possibly execute arbitrary code (applies to\n sarge only).\n\n - CVE-2008-0073\n Array index error in the sdpplin_parse function allows\n remote RTSP servers to execute arbitrary code via a\n large streamid SDP parameter.\n\n - CVE-2008-0486\n Array index vulnerability in libmpdemux/demux_audio.c\n might allow remote attackers to execute arbitrary code\n via a crafted FLAC tag, which triggers a buffer overflow\n (applies to etch only).\n\n - CVE-2008-1161\n Buffer overflow in the Matroska demuxer allows remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via a Matroska file with\n invalid frame sizes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1536\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xine-lib package.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.0.1-1sarge7.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.1.2+dfsg-6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libxine-dev\", reference:\"1.0.1-1sarge7\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxine1\", reference:\"1.0.1-1sarge7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxine-dev\", reference:\"1.1.2+dfsg-6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxine1\", reference:\"1.1.2+dfsg-6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxine1-dbg\", reference:\"1.1.2+dfsg-6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:xine-lib", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-12-13T06:51:03", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "DEBIAN_DSA-1536.NASL", "hash": "452b900a4a6358212a00af36de44b43418a3272547699b7845d759ded11fd5c3", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1536-1 : libxine - several vulnerabilities", "description": "Several local vulnerabilities have been discovered in Xine, a media\nplayer library, allowed for a denial of service or arbitrary code\nexecution, which could be exploited through viewing malicious content.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-1246 / CVE-2007-1387\n The DMO_VideoDecoder_Open function does not set the\n biSize before use in a memcpy, which allows\n user-assisted remote attackers to cause a buffer\n overflow and possibly execute arbitrary code (applies to\n sarge only).\n\n - CVE-2008-0073\n Array index error in the sdpplin_parse function allows\n remote RTSP servers to execute arbitrary code via a\n large streamid SDP parameter.\n\n - CVE-2008-0486\n Array index vulnerability in libmpdemux/demux_audio.c\n might allow remote attackers to execute arbitrary code\n via a crafted FLAC tag, which triggers a buffer overflow\n (applies to etch only).\n\n - CVE-2008-1161\n Buffer overflow in the Matroska demuxer allows