Search...

Debian DSA-644-1 : chbg - buffer overflow

2005-01-18T00:00:00

ID DEBIAN_DSA-644.NASL
Type nessus
Reporter Tenable
Modified 2018-08-09T00:00:00

Description

Danny Lungstrom discovered a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-644. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(16186);
  script_version("1.18");
  script_cvs_date("Date: 2018/08/09 17:06:36");

  script_cve_id("CVE-2004-1264");
  script_xref(name:"DSA", value:"644");

  script_name(english:"Debian DSA-644-1 : chbg - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Danny Lungstrom discovered a vulnerability in chbg, a tool to change
background pictures. A maliciously crafted configuration/scenario file
could overflow a buffer and lead to the execution of arbitrary code on
the victim's machine."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-644"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the chbg package.

For the stable distribution (woody) this problem has been fixed in
version 1.5-1woody1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chbg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/18");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"chbg", reference:"1.5-1woody1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DSA-644.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-644-1 : chbg - buffer overflow", "description": "Danny Lungstrom discovered a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.", "published": "2005-01-18T00:00:00", "modified": "2018-08-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=16186", "reporter": "Tenable", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904", "http://www.debian.org/security/2005/dsa-644"], "cvelist": ["CVE-2004-1264"], "type": "nessus", "lastseen": "2018-09-01T23:35:39", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2004-1264"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Danny Lungstrom discovered a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.", "edition": 1, "enchantments": {}, "hash": "ecfdb3cd3e27f2268d55cbbac7bfcb34557830c8e1b71b4569fcf04d9047facd", "hashmap": [{"hash": "fdeddd7db1c053a7cd8f4abd25c2a458", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a992d63e42454ac83664b954b383ab7b", "key": "href"}, {"hash": "a36343fd880f2aa8d09b1896aad01950", "key": "sourceData"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "894d4b4665b798cc65d67cd6a32706aa", "key": "pluginID"}, {"hash": "677b3060e44a58b201122020e57a9859", "key": "title"}, {"hash": "ade83d08157971ec288729238444524a", "key": "cvelist"}, {"hash": "f710bfb9b989f12d50bfe4a324cc6c97", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3a653249445f824ff15af8e4bec29593", "key": "published"}, {"hash": "587a9f83af06ce74ea2dcb1c42361d91", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=16186", "id": "DEBIAN_DSA-644.NASL", "lastseen": "2016-09-26T17:23:33", "modified": "2013-05-18T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.2", "pluginID": "16186", "published": "2005-01-18T00:00:00", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904", "http://www.debian.org/security/2005/dsa-644"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-644. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16186);\n script_version(\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2013/05/18 00:15:57 $\");\n\n script_cve_id(\"CVE-2004-1264\");\n script_osvdb_id(12436);\n script_xref(name:\"DSA\", value:\"644\");\n\n script_name(english:\"Debian DSA-644-1 : chbg - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Danny Lungstrom discovered a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario file\ncould overflow a buffer and lead to the execution of arbitrary code on\nthe victim's machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-644\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chbg package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"chbg\", reference:\"1.5-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-644-1 : chbg - buffer overflow", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:33"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:chbg"], "cvelist": ["CVE-2004-1264"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Danny Lungstrom discovered a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "1e7b093d8fda6c2914e989eb7a4c61b976585ebca21397d96cacd1a543130cdd", "hashmap": [{"hash": "fdeddd7db1c053a7cd8f4abd25c2a458", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c211b720972e21b5d8f20302cea21cbf", "key": "cpe"}, {"hash": "a992d63e42454ac83664b954b383ab7b", "key": "href"}, {"hash": "894d4b4665b798cc65d67cd6a32706aa", "key": "pluginID"}, {"hash": "40c23f99ca54ecc1d13e1bb2911ce09b", "key": "sourceData"}, {"hash": "677b3060e44a58b201122020e57a9859", "key": "title"}, {"hash": "a03d359fb0b4e439f50091cee1f89df6", "key": "modified"}, {"hash": "ade83d08157971ec288729238444524a", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3a653249445f824ff15af8e4bec29593", "key": "published"}, {"hash": "587a9f83af06ce74ea2dcb1c42361d91", "key": "references"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=16186", "id": "DEBIAN_DSA-644.NASL", "lastseen": "2018-08-30T19:32:51", "modified": "2018-08-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "16186", "published": "2005-01-18T00:00:00", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904", "http://www.debian.org/security/2005/dsa-644"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-644. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16186);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2004-1264\");\n script_xref(name:\"DSA\", value:\"644\");\n\n script_name(english:\"Debian DSA-644-1 : chbg - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Danny Lungstrom discovered a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario file\ncould overflow a buffer and lead to the execution of arbitrary code on\nthe victim's machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-644\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chbg package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"chbg\", reference:\"1.5-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-644-1 : chbg - buffer overflow", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:32:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:chbg"], "cvelist": ["CVE-2004-1264"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Danny Lungstrom discovered a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c241a94f657b73dceb5d25799c4d3ad1c9ebf894a4a27f0a6fe5c9ed134b7eef", "hashmap": [{"hash": "fdeddd7db1c053a7cd8f4abd25c2a458", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c211b720972e21b5d8f20302cea21cbf", "key": "cpe"}, {"hash": "a992d63e42454ac83664b954b383ab7b", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "894d4b4665b798cc65d67cd6a32706aa", "key": "pluginID"}, {"hash": "40c23f99ca54ecc1d13e1bb2911ce09b", "key": "sourceData"}, {"hash": "677b3060e44a58b201122020e57a9859", "key": "title"}, {"hash": "a03d359fb0b4e439f50091cee1f89df6", "key": "modified"}, {"hash": "ade83d08157971ec288729238444524a", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3a653249445f824ff15af8e4bec29593", "key": "published"}, {"hash": "587a9f83af06ce74ea2dcb1c42361d91", "key": "references"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=16186", "id": "DEBIAN_DSA-644.NASL", "lastseen": "2018-08-10T16:58:55", "modified": "2018-08-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "16186", "published": "2005-01-18T00:00:00", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904", "http://www.debian.org/security/2005/dsa-644"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-644. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16186);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2004-1264\");\n script_xref(name:\"DSA\", value:\"644\");\n\n script_name(english:\"Debian DSA-644-1 : chbg - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Danny Lungstrom discovered a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario file\ncould overflow a buffer and lead to the execution of arbitrary code on\nthe victim's machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-644\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chbg package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"chbg\", reference:\"1.5-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-644-1 : chbg - buffer overflow", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-10T16:58:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:chbg"], "cvelist": ["CVE-2004-1264"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Danny Lungstrom discovered a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "39bc6247e1e188b768827983ae5280d97163b80ccab15bda33698cfecffd8d8e", "hashmap": [{"hash": "fdeddd7db1c053a7cd8f4abd25c2a458", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c211b720972e21b5d8f20302cea21cbf", "key": "cpe"}, {"hash": "a992d63e42454ac83664b954b383ab7b", "key": "href"}, {"hash": "a36343fd880f2aa8d09b1896aad01950", "key": "sourceData"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "894d4b4665b798cc65d67cd6a32706aa", "key": "pluginID"}, {"hash": "677b3060e44a58b201122020e57a9859", "key": "title"}, {"hash": "ade83d08157971ec288729238444524a", "key": "cvelist"}, {"hash": "f710bfb9b989f12d50bfe4a324cc6c97", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3a653249445f824ff15af8e4bec29593", "key": "published"}, {"hash": "587a9f83af06ce74ea2dcb1c42361d91", "key": "references"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=16186", "id": "DEBIAN_DSA-644.NASL", "lastseen": "2017-10-29T13:34:33", "modified": "2013-05-18T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "16186", "published": "2005-01-18T00:00:00", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904", "http://www.debian.org/security/2005/dsa-644"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-644. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16186);\n script_version(\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2013/05/18 00:15:57 $\");\n\n script_cve_id(\"CVE-2004-1264\");\n script_osvdb_id(12436);\n script_xref(name:\"DSA\", value:\"644\");\n\n script_name(english:\"Debian DSA-644-1 : chbg - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Danny Lungstrom discovered a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario file\ncould overflow a buffer and lead to the execution of arbitrary code on\nthe victim's machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-644\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chbg package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"chbg\", reference:\"1.5-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-644-1 : chbg - buffer overflow", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:34:33"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:chbg"], "cvelist": ["CVE-2004-1264"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Danny Lungstrom discovered a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "7b1204a7e8be65f1676fb5c809d2e27258e92dcf8d026c19fa2df4f977324aae", "hashmap": [{"hash": "fdeddd7db1c053a7cd8f4abd25c2a458", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c211b720972e21b5d8f20302cea21cbf", "key": "cpe"}, {"hash": "a992d63e42454ac83664b954b383ab7b", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "0ea830cbd7c0176941bb9075da7c72b9", "key": "sourceData"}, {"hash": "894d4b4665b798cc65d67cd6a32706aa", "key": "pluginID"}, {"hash": "34288c79e79acf9ff2eb2e88e3d4f828", "key": "modified"}, {"hash": "677b3060e44a58b201122020e57a9859", "key": "title"}, {"hash": "ade83d08157971ec288729238444524a", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3a653249445f824ff15af8e4bec29593", "key": "published"}, {"hash": "587a9f83af06ce74ea2dcb1c42361d91", "key": "references"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=16186", "id": "DEBIAN_DSA-644.NASL", "lastseen": "2018-08-02T07:38:42", "modified": "2018-07-20T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "16186", "published": "2005-01-18T00:00:00", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904", "http://www.debian.org/security/2005/dsa-644"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-644. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16186);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2004-1264\");\n script_osvdb_id(12436);\n script_xref(name:\"DSA\", value:\"644\");\n\n script_name(english:\"Debian DSA-644-1 : chbg - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Danny Lungstrom discovered a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario file\ncould overflow a buffer and lead to the execution of arbitrary code on\nthe victim's machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-644\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chbg package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"chbg\", reference:\"1.5-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-644-1 : chbg - buffer overflow", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-08-02T07:38:42"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c211b720972e21b5d8f20302cea21cbf"}, {"key": "cvelist", "hash": "ade83d08157971ec288729238444524a"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "fdeddd7db1c053a7cd8f4abd25c2a458"}, {"key": "href", "hash": "a992d63e42454ac83664b954b383ab7b"}, {"key": "modified", "hash": "a03d359fb0b4e439f50091cee1f89df6"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "894d4b4665b798cc65d67cd6a32706aa"}, {"key": "published", "hash": "3a653249445f824ff15af8e4bec29593"}, {"key": "references", "hash": "587a9f83af06ce74ea2dcb1c42361d91"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "40c23f99ca54ecc1d13e1bb2911ce09b"}, {"key": "title", "hash": "677b3060e44a58b201122020e57a9859"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c241a94f657b73dceb5d25799c4d3ad1c9ebf894a4a27f0a6fe5c9ed134b7eef", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-644. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16186);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2004-1264\");\n script_xref(name:\"DSA\", value:\"644\");\n\n script_name(english:\"Debian DSA-644-1 : chbg - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Danny Lungstrom discovered a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario file\ncould overflow a buffer and lead to the execution of arbitrary code on\nthe victim's machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-644\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chbg package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"chbg\", reference:\"1.5-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "16186", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:chbg"]}

{"cve": [{"lastseen": "2017-07-11T11:14:32", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/18595", "http://tigger.uic.edu/~jlongs2/holes/chbg.txt", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:027", "http://www.debian.org/security/2005/dsa-644"], "description": "Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file.", "edition": 2, "reporter": "NVD", "published": "2005-01-10T00:00:00", "title": "CVE-2004-1264", "type": "cve", "enchantments": {"score": {"modified": "2017-07-11T11:14:32", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-1264"], "scanner": [], "modified": "2017-07-10T21:30:52", "cpe": ["cpe:/a:chbg:chbg:1.5"], "id": "CVE-2004-1264", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1264", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:56", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "packageVersion": "1.5-1woody1", "arch": "all", "packageFilename": "chbg_1.5-1woody1_all.deb", "packageName": "chbg", "operator": "lt"}], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 644-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 18th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : chbg\nVulnerability : buffer overflow\nProblem-Type : local\nDebian-specific: no\nCVE ID : CAN-2004-1264\nDebian Bug : 285904\n\nDanny Lungstrom discoverd a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario\nfile could overflow a buffer and lead to the execution of arbitrary\ncode on the victim's machine.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.5-4.\n\nWe recommend that you upgrade your chbg package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.dsc\n Size/MD5 checksum: 600 3cb28b61fb97dca63f09a486dae5612f\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.diff.gz\n Size/MD5 checksum: 3612 08098cf0fec406380e968186766de027\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5.orig.tar.gz\n Size/MD5 checksum: 322878 4a158c94c25b359c86da1de9ef3e986b\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_alpha.deb\n Size/MD5 checksum: 294456 afd6ce377d43c0df909d955e04c328cd\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_arm.deb\n Size/MD5 checksum: 247338 878c528ab81decd999503ad47557fc4a\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_i386.deb\n Size/MD5 checksum: 244862 d3a09b86dfc44164c541cda2eb66ce66\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_ia64.deb\n Size/MD5 checksum: 345228 e4b9ae6b9da9c34d5a930727bdfc1a44\n\n HP Precision architecture:\n\n Cannot be updated due to compiler error.\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_m68k.deb\n Size/MD5 checksum: 222916 7dce4c0b3ae27f624ee472bd153d5c66\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mips.deb\n Size/MD5 checksum: 249054 66402b53b158bfa0b2144b6b97b1d794\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mipsel.deb\n Size/MD5 checksum: 247536 769f5074ad1f4b148191d0e196d01778\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_powerpc.deb\n Size/MD5 checksum: 271272 f6b03b2a05de42ee203d7d9cbfe7c468\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_s390.deb\n Size/MD5 checksum: 239098 f20c7b0e36ecfc4540d3673f4ec477dd\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_sparc.deb\n Size/MD5 checksum: 263302 28df5318e314bbaf79493b485aa6cffa\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 1, "reporter": "Debian", "published": "2005-01-18T00:00:00", "title": "[SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:56", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-1264"], "modified": "2005-01-18T00:00:00", "id": "DEBIAN:DSA-644-1:D8A97", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T00:08:40", "osvdbidlist": ["12436"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "ChBg 1.5 Scenario File Overflow Vulnerability. CVE-2004-1264. Remote exploit for linux platform", "reporter": "Danny Lungstrom", "published": "2004-12-15T00:00:00", "type": "exploitdb", "title": "ChBg 1.5 Scenario File Overflow Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1264"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2004-12-15T00:00:00", "id": "EDB-ID:24848", "href": "https://www.exploit-db.com/exploits/24848/", "sourceData": "source: http://www.securityfocus.com/bid/11957/info\r\n\r\nChBg is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain superuser privileges on a vulnerable computer.\r\n\r\nAn attacker can exploit this issue by crafting a malicious scenario file. A scenario is a file containing a list of pictures to display.\r\n\r\nIf a user obtains this file and processes it through ChBg, the attacker-supplied instructions may be executed on the vulnerable computer.\r\n\r\nChBg 1.5 is reported prone to this vulnerability. It is likely that other versions are affected as well.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/24848.zip", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/24848/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:08", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://sourceforge.net/projects/chbg/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-644)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:027)\nSecurity Tracker: 1012581\n[Secunia Advisory ID:13894](https://secuniaresearch.flexerasoftware.com/advisories/13894/)\n[Secunia Advisory ID:13529](https://secuniaresearch.flexerasoftware.com/advisories/13529/)\nOther Advisory URL: http://tigger.uic.edu/~jlongs2/holes/chbg.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0195.html\n[CVE-2004-1264](https://vulners.com/cve/CVE-2004-1264)\n", "reporter": "OSVDB", "published": "2004-12-16T01:12:12", "type": "osvdb", "title": "ChBg config.c simplify_path() Function Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-1264"], "modified": "2004-12-16T01:12:12", "href": "https://vulners.com/osvdb/OSVDB:12436", "id": "OSVDB:12436", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:24", "references": [], "pluginID": "53477", "description": "The remote host is missing an update to chbg\nannounced via advisory DSA 644-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 644-1 (chbg)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1264"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53477", "id": "OPENVAS:53477", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_644_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 644-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Danny Lungstrom discoverd a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario\nfile could overflow a buffer and lead to the execution of arbitrary\ncode on the victim's machine.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.5-4.\n\nWe recommend that you upgrade your chbg package.\";\ntag_summary = \"The remote host is missing an update to chbg\nannounced via advisory DSA 644-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20644-1\";\n\nif(description)\n{\n script_id(53477);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-1264\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 644-1 (chbg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chbg\", ver:\"1.5-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:35:13", "references": [], "pluginID": "16293", "description": "A vulnerability in chbg was discovered by Danny Lungstrom. A maliciously-crafted configuration/scenario file could overflow a buffer leading to the potential execution of arbitrary code.\n\nThe updated packages are patched to prevent the problem.", "edition": 5, "reporter": "Tenable", "published": "2005-02-02T00:00:00", "title": "Mandrake Linux Security Advisory : chbg (MDKSA-2005:027)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1264"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:chbg"], "id": "MANDRAKE_MDKSA-2005-027.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16293", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:027. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16293);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-1264\");\n script_xref(name:\"MDKSA\", value:\"2005:027\");\n\n script_name(english:\"Mandrake Linux Security Advisory : chbg (MDKSA-2005:027)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in chbg was discovered by Danny Lungstrom. A\nmaliciously-crafted configuration/scenario file could overflow a\nbuffer leading to the potential execution of arbitrary code.\n\nThe updated packages are patched to prevent the problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected chbg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:chbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"chbg-1.5-8.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"chbg-1.5-8.1.101mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:11", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 644-1 security@debian.org\r\nhttp://www.debian.org/security/ Martin Schulze\r\nJanuary 18th, 2005 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : chbg\r\nVulnerability : buffer overflow\r\nProblem-Type : local\r\nDebian-specific: no\r\nCVE ID : CAN-2004-1264\r\nDebian Bug : 285904\r\n\r\nDanny Lungstrom discoverd a vulnerability in chbg, a tool to change\r\nbackground pictures. A maliciously crafted configuration/scenario\r\nfile could overflow a buffer and lead to the execution of arbitrary\r\ncode on the victim's machine.\r\n\r\nFor the stable distribution (woody) this problem has been fixed in\r\nversion 1.5-1woody1.\r\n\r\nFor the unstable distribution (sid) this problem has been fixed in\r\nversion 1.5-4.\r\n\r\nWe recommend that you upgrade your chbg package.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.dsc\r\n Size/MD5 checksum: 600 3cb28b61fb97dca63f09a486dae5612f\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.diff.gz\r\n Size/MD5 checksum: 3612 08098cf0fec406380e968186766de027\r\n http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5.orig.tar.gz\r\n Size/MD5 checksum: 322878 4a158c94c25b359c86da1de9ef3e986b\r\n\r\n Alpha architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_alpha.deb\r\n Size/MD5 checksum: 294456 afd6ce377d43c0df909d955e04c328cd\r\n\r\n ARM architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_arm.deb\r\n Size/MD5 checksum: 247338 878c528ab81decd999503ad47557fc4a\r\n\r\n Intel IA-32 architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_i386.deb\r\n Size/MD5 checksum: 244862 d3a09b86dfc44164c541cda2eb66ce66\r\n\r\n Intel IA-64 architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_ia64.deb\r\n Size/MD5 checksum: 345228 e4b9ae6b9da9c34d5a930727bdfc1a44\r\n\r\n HP Precision architecture:\r\n\r\n Cannot be updated due to compiler error.\r\n\r\n Motorola 680x0 architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_m68k.deb\r\n Size/MD5 checksum: 222916 7dce4c0b3ae27f624ee472bd153d5c66\r\n\r\n Big endian MIPS architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mips.deb\r\n Size/MD5 checksum: 249054 66402b53b158bfa0b2144b6b97b1d794\r\n\r\n Little endian MIPS architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mipsel.deb\r\n Size/MD5 checksum: 247536 769f5074ad1f4b148191d0e196d01778\r\n\r\n PowerPC architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_powerpc.deb\r\n Size/MD5 checksum: 271272 f6b03b2a05de42ee203d7d9cbfe7c468\r\n\r\n IBM S/390 architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_s390.deb\r\n Size/MD5 checksum: 239098 f20c7b0e36ecfc4540d3673f4ec477dd\r\n\r\n Sun Sparc architecture:\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_sparc.deb\r\n Size/MD5 checksum: 263302 28df5318e314bbaf79493b485aa6cffa\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n-\r\n---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security\r\ndists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.5 (GNU/Linux)\r\n\r\niD8DBQFB7NmrW5ql+IAeqTIRAmUEAKCLSpd0/8eiiFhfymdRCV70pS6p9QCfUIfW\r\nJmmWy3Pi87ZjfreLomQQIls=\r\n=WpPd\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2005-01-18T00:00:00", "title": "[SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:11", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-1264"], "modified": "2005-01-18T00:00:00", "id": "SECURITYVULNS:DOC:7621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7621", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}