Lucene search

HistoryMay 22, 2006 - 12:00 a.m.

GLSA-200605-14 : libextractor: Two heap-based buffer overflows

2006-05-2200:00:00

www.tenable.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.241 Low

EPSS

Percentile

96.6%

JSON

The remote host is affected by the vulnerability described in GLSA-200605-14 (libextractor: Two heap-based buffer overflows)

Luigi Auriemma has found two heap-based buffer overflows in     libextractor 0.5.13 and earlier: one of them occurs in the     asf_read_header function in the ASF plugin, and the other occurs in the     parse_trak_atom function in the Qt plugin.

Impact :

By enticing a user to open a malformed file using an application     that employs libextractor and its ASF or Qt plugins, an attacker could     execute arbitrary code in the context of the application running the     affected library.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200605-14.
#
# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(21578);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2006-2458");
  script_xref(name:"GLSA", value:"200605-14");

  script_name(english:"GLSA-200605-14 : libextractor: Two heap-based buffer overflows");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200605-14
(libextractor: Two heap-based buffer overflows)

    Luigi Auriemma has found two heap-based buffer overflows in
    libextractor 0.5.13 and earlier: one of them occurs in the
    asf_read_header function in the ASF plugin, and the other occurs in the
    parse_trak_atom function in the Qt plugin.
  
Impact :

    By enticing a user to open a malformed file using an application
    that employs libextractor and its ASF or Qt plugins, an attacker could
    execute arbitrary code in the context of the application running the
    affected library.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://aluigi.altervista.org/adv/libextho-adv.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200605-14"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All libextractor users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=media-libs/libextractor-0.5.14'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libextractor");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/22");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"media-libs/libextractor", unaffected:make_list("ge 0.5.14"), vulnerable:make_list("lt 0.5.14"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libextractor");
}

VendorProductVersionCPE
gentoolinuxlibextractorp-cpe:/a:gentoo:linux:libextractor
gentoolinuxcpe:/o:gentoo:linux

Vendor	Product	Version	CPE
gentoo	linux	libextractor	p-cpe:/a:gentoo:linux:libextractor
gentoo	linux		cpe:/o:gentoo:linux

References

aluigi.altervista.org/adv/libextho-adv.txt

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2458

security.gentoo.org/glsa/200605-14

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.241 Low

EPSS

Percentile

96.6%

JSON

Related for GENTOO_GLSA-200605-14.NASL