Debian DSA-1313-1: Mplayer buffer overflo
Reporter | Title | Published | Views | Family All 22 |
---|---|---|---|---|
![]() | CVE-2007-2948 | 7 Jun 200721:00 | – | cvelist |
![]() | [SECURITY] [DSA 1313-1] New MPlayer packages fix arbitrary code execution | 19 Jun 200717:45 | – | debian |
![]() | Mandriva Update for mplayer MDKSA-2007:143 (mplayer) | 9 Apr 200900:00 | – | openvas |
![]() | mplayer -- cddb stack overflow | 4 Sep 200800:00 | – | openvas |
![]() | Gentoo Security Advisory GLSA 200707-07 (mplayer) | 24 Sep 200800:00 | – | openvas |
![]() | Debian: Security Advisory (DSA-1313-1) | 17 Jan 200800:00 | – | openvas |
![]() | mplayer -- cddb stack overflow | 4 Sep 200800:00 | – | openvas |
![]() | Debian Security Advisory DSA 1313-1 (mplayer) | 17 Jan 200800:00 | – | openvas |
![]() | Gentoo Security Advisory GLSA 200707-07 (mplayer) | 24 Sep 200800:00 | – | openvas |
![]() | Mandriva Update for mplayer MDKSA-2007:143 (mplayer) | 9 Apr 200900:00 | – | openvas |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
debian | www.debian.org/security/2007/dsa-1313 |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1313. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(25557);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2007-2948");
script_xref(name:"DSA", value:"1313");
script_name(english:"Debian DSA-1313-1 : mplayer - buffer overflow");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer
movie player performs insufficient boundary checks when accessing CDDB
data, which might lead to the execution of arbitrary code.
The oldstable distribution (sarge) doesn't include MPlayer packages."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2007/dsa-1313"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the mplayer package.
For the stable distribution (etch) this problem has been fixed in
version 1.0~rc1-12etch1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mplayer");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
script_set_attribute(attribute:"patch_publication_date", value:"2007/06/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"4.0", prefix:"mplayer", reference:"1.0~rc1-12etch1")) flag++;
if (deb_check(release:"4.0", prefix:"mplayer-doc", reference:"1.0~rc1-12etch1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo