Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1791.NASL
HistoryMay 20, 2019 - 12:00 a.m.

Debian DLA-1791-1 : faad2 security update

2019-05-2000:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder :

CVE-2018-20194 CVE-2018-20197

Improper handling of implicit channel mapping reconfiguration leads to multiple heap based buffer overflow issues. These flaws might be leveraged by remote attackers to cause DoS.

CVE-2018-20198 CVE-2018-20362

Insufficient user input validation in the sbr_hfadj module leads to stack-based buffer underflow issues. These flaws might be leveraged by remote attackers to cause DoS or any other unspecified impact.

For Debian 8 ‘Jessie’, these problems have been fixed in version 2.7-8+deb8u2.

We recommend that you upgrade your faad2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1791-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(125267);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2018-20194", "CVE-2018-20197", "CVE-2018-20198", "CVE-2018-20362");

  script_name(english:"Debian DLA-1791-1 : faad2 security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities have been found in faad2, the Freeware
Advanced Audio Coder :

CVE-2018-20194 CVE-2018-20197

Improper handling of implicit channel mapping reconfiguration leads to
multiple heap based buffer overflow issues. These flaws might be
leveraged by remote attackers to cause DoS.

CVE-2018-20198 CVE-2018-20362

Insufficient user input validation in the sbr_hfadj module leads to
stack-based buffer underflow issues. These flaws might be leveraged by
remote attackers to cause DoS or any other unspecified impact.

For Debian 8 'Jessie', these problems have been fixed in version
2.7-8+deb8u2.

We recommend that you upgrade your faad2 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/05/msg00022.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/faad2"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:faad");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:faad2-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfaad-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfaad2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"faad", reference:"2.7-8+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"faad2-dbg", reference:"2.7-8+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libfaad-dev", reference:"2.7-8+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libfaad2", reference:"2.7-8+deb8u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxfaadp-cpe:/a:debian:debian_linux:faad
debiandebian_linuxfaad2-dbgp-cpe:/a:debian:debian_linux:faad2-dbg
debiandebian_linuxlibfaad-devp-cpe:/a:debian:debian_linux:libfaad-dev
debiandebian_linuxlibfaad2p-cpe:/a:debian:debian_linux:libfaad2
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Related

osv 6
debian 2
openvas 2
ubuntucve 4
veracode 4
debiancve 4
prion 4
alpinelinux 4
cve 4
nessus 2
gentoo 1
osv
osv
faad2 - security update
2019-05-19 00:00:00
CVE-2018-20362
2018-12-22 15:29:00
CVE-2018-20198
2018-12-18 01:29:00
debian
debian
[SECURITY] [DLA 1791-1] faad2 security update
2019-05-19 13:47:05
[SECURITY] [DSA 4522-1] faad2 security update
2019-09-15 15:55:46
openvas
openvas
Debian: Security Advisory (DLA-1791-1)
2019-05-19 00:00:00
Debian: Security Advisory (DSA-4522-1)
2019-09-16 00:00:00
ubuntucve
ubuntucve
CVE-2018-20198
2018-12-18 00:00:00
CVE-2018-20197
2018-12-18 00:00:00
CVE-2018-20362
2018-12-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:25:19
Denial Of Service (DoS)
2020-05-10 23:21:09
Denial Of Service (DoS)
2020-05-10 23:21:07
debiancve
debiancve
CVE-2018-20362
2018-12-22 15:29:00
CVE-2018-20194
2018-12-18 01:29:00
CVE-2018-20198
2018-12-18 01:29:00
prion
prion
Null pointer dereference
2018-12-22 15:29:00
Stack overflow
2018-12-18 01:29:00
Null pointer dereference
2018-12-18 01:29:00
alpinelinux
alpinelinux
CVE-2018-20362
2018-12-22 15:29:00
CVE-2018-20194
2018-12-18 01:29:00
CVE-2018-20198
2018-12-18 01:29:00
cve
cve
CVE-2018-20362
2018-12-22 15:29:00
CVE-2018-20194
2018-12-18 01:29:00
CVE-2018-20198
2018-12-18 01:29:00
nessus
nessus
Debian DSA-4522-1 : faad2 - security update
2019-09-16 00:00:00
GLSA-202006-17 : FAAD2: Multiple vulnerabilities
2020-06-17 00:00:00
gentoo
gentoo
FAAD2: Multiple vulnerabilities
2020-06-15 00:00:00
JSON
Related for DEBIAN_DLA-1791.NASL
osv6debian2openvas2ubuntucve4veracode4debiancve4prion4alpinelinux4cve4nessus2gentoo1