Search...

BlackBerry Link < 1.2.3.53 Codec Demux Arbitrary Code Execution

2015-07-24T00:00:00

ID BLACKBERRY_LINK_1_2_3_53.NASL
Type nessus
Reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

The remote host has a version of BlackBerry Link installed that is prior to version 1.2.3.53. Therefore, it is affected by an arbitrary code execution vulnerability in the codec demux. A remote attacker can exploit this, via crafted MP4 file, to execute arbitrary code.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84987);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id("CVE-2015-4111");
  script_bugtraq_id(75950);

  script_name(english:"BlackBerry Link &lt; 1.2.3.53 Codec Demux Arbitrary Code Execution");
  script_summary(english:"Checks version of BlackBerry Link.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has software installed that is affected by an
arbitrary code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host has a version of BlackBerry Link installed that is
prior to version 1.2.3.53. Therefore, it is affected by an arbitrary
code execution vulnerability in the codec demux. A remote attacker can
exploit this, via crafted MP4 file, to execute arbitrary code.");
  script_set_attribute(attribute:"see_also", value:"https://salesforce.services.blackberry.com/kbredirect/KB37207");
  script_set_attribute(attribute:"see_also", value:"https://us.blackberry.com/software/desktop/blackberry-link");
  script_set_attribute(attribute:"solution", value:
"Upgrade to BlackBerry Link 1.2.3.53.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4111");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:blackberry:blackberry_link");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("blackberry_link_installed.nbin");
  script_require_keys("SMB/blackberry_link/Installed");
  script_require_ports(139, 445);

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("global_settings.inc");
include("misc_func.inc");
include("smb_hotfixes_fcheck.inc");

kb_base = "SMB/blackberry_link/";
appname = "BlackBerry Link";

path = get_kb_item_or_exit(kb_base + "Path");
version  = get_kb_item_or_exit(kb_base + "Version");

fix = "1.2.3.53";
report = NULL;

# Paranoid report is a straight version check, normal mode needs to check for the
# affected file as well to see if the workaround has been applied.

if (ver_compare(ver:version, fix:fix, strict:FALSE) &lt; 0)
{

  port = get_kb_item('SMB/transport');
  if (!port) port = 445;

  report =
    '\n  Path              : ' + path +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix +
    '\n';
}
else
  audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

port = get_kb_item('SMB/transport');
if (!port) port = 445;

# Paranoid - don't check for the workaround
if (report_paranoia &gt; 1)
{
  if (report_verbosity &gt; 0)
  {
    report += '\nNessus has not checked to see if the vendor-supplied' +
              '\nworkaround is in place.';

    security_warning(port:port, extra:report);
  }
  else
    security_warning(port:port);

  exit(0);
}

paths = make_list("BlackBerry Desktop", "BlackBerry Link");
parent_dir = path - "\BlackBerry Link";

foreach path(paths)
{
    if(hotfix_file_exists(path:parent_dir + path + "\Codecs\mc_demux_mp4_ds.ax"))
    {
      vuln = TRUE;
      break;
    }
  else
    continue;
}

if(vuln)
{
  if (report_verbosity &gt; 0)
    security_warning(port:port, extra:report);
  else
    security_warning(port:port);

  exit(0);
}
else
{
  audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
}

JSON Vulners Source

Initial Source

{"id": "BLACKBERRY_LINK_1_2_3_53.NASL", "bulletinFamily": "scanner", "title": "BlackBerry Link < 1.2.3.53 Codec Demux Arbitrary Code Execution", "description": "The remote host has a version of BlackBerry Link installed that is\nprior to version 1.2.3.53. Therefore, it is affected by an arbitrary\ncode execution vulnerability in the codec demux. A remote attacker can\nexploit this, via crafted MP4 file, to execute arbitrary code.", "published": "2015-07-24T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/84987", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://us.blackberry.com/software/desktop/blackberry-link", "https://salesforce.services.blackberry.com/kbredirect/KB37207"], "cvelist": ["CVE-2015-4111"], "type": "nessus", "lastseen": "2021-01-01T01:21:58", "edition": 25, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4111"]}], "modified": "2021-01-01T01:21:58", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-01T01:21:58", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84987);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2015-4111\");\n script_bugtraq_id(75950);\n\n script_name(english:\"BlackBerry Link < 1.2.3.53 Codec Demux Arbitrary Code Execution\");\n script_summary(english:\"Checks version of BlackBerry Link.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has software installed that is affected by an\narbitrary code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of BlackBerry Link installed that is\nprior to version 1.2.3.53. Therefore, it is affected by an arbitrary\ncode execution vulnerability in the codec demux. A remote attacker can\nexploit this, via crafted MP4 file, to execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://salesforce.services.blackberry.com/kbredirect/KB37207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://us.blackberry.com/software/desktop/blackberry-link\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to BlackBerry Link 1.2.3.53.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4111\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:blackberry:blackberry_link\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"blackberry_link_installed.nbin\");\n script_require_keys(\"SMB/blackberry_link/Installed\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\nkb_base = \"SMB/blackberry_link/\";\nappname = \"BlackBerry Link\";\n\npath = get_kb_item_or_exit(kb_base + \"Path\");\nversion = get_kb_item_or_exit(kb_base + \"Version\");\n\nfix = \"1.2.3.53\";\nreport = NULL;\n\n# Paranoid report is a straight version check, normal mode needs to check for the\n# affected file as well to see if the workaround has been applied.\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\n# Paranoid - don't check for the workaround\nif (report_paranoia > 1)\n{\n if (report_verbosity > 0)\n {\n report += '\\nNessus has not checked to see if the vendor-supplied' +\n '\\nworkaround is in place.';\n\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port:port);\n\n exit(0);\n}\n\npaths = make_list(\"BlackBerry Desktop\", \"BlackBerry Link\");\nparent_dir = path - \"\\BlackBerry Link\";\n\nforeach path(paths)\n{\n if(hotfix_file_exists(path:parent_dir + path + \"\\Codecs\\mc_demux_mp4_ds.ax\"))\n {\n vuln = TRUE;\n break;\n }\n else\n continue;\n}\n\nif(vuln)\n{\n if (report_verbosity > 0)\n security_warning(port:port, extra:report);\n else\n security_warning(port:port);\n\n exit(0);\n}\nelse\n{\n audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n}\n", "naslFamily": "Windows", "pluginID": "84987", "cpe": ["cpe:/a:blackberry:blackberry_link"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T20:03:04", "description": "mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file.", "edition": 5, "cvss3": {}, "published": "2015-07-20T01:59:00", "title": "CVE-2015-4111", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4111"], "modified": "2017-09-22T01:29:00", "cpe": ["cpe:/a:blackberry:blackberry_link:1.2.3.52"], "id": "CVE-2015-4111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4111", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:blackberry:blackberry_link:1.2.3.52:*:*:*:*:*:*:*"]}]}

BlackBerry Link &lt; 1.2.3.53 Codec Demux Arbitrary Code Execution

Description

The remote host has a version of BlackBerry Link installed that is prior to version 1.2.3.53. Therefore, it is affected by an arbitrary code execution vulnerability in the codec demux. A remote attacker can exploit this, via crafted MP4 file, to execute arbitrary code.

BlackBerry Link < 1.2.3.53 Codec Demux Arbitrary Code Execution