Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 Tenable Network Security, Inc.GENTOO_GLSA-201206-16.NASL
HistoryJun 25, 2012 - 12:00 a.m.

GLSA-201206-16 : TagLib: Multiple vulnerabilities

2012-06-2500:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
13

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON

The remote host is affected by the vulnerability described in GLSA-201206-16 (TagLib: Multiple vulnerabilities)

Multiple vulnerabilities have been found in TagLib:
  The 'analyzeCurrent()' function in ape/apeproperties.cpp contains a         division by zero error (CVE-2012-1107).
  The 'parse()' function in inogg/xiphcomment.cpp contains an error         when processing the 'vendorLength' field (CVE-2012-1108).
  The 'mid()' function in toolkit/tbytevector.cpp contains an integer         overflow error (CVE-2012-1584).

Impact :

A remote attacker could entice a user or automated system to open a       specially crafted OGG file with an application using TagLib, possibly       resulting in a Denial of Service condition.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201206-16.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59669);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2012-1107", "CVE-2012-1108", "CVE-2012-1584");
  script_bugtraq_id(52284, 52290);
  script_xref(name:"GLSA", value:"201206-16");

  script_name(english:"GLSA-201206-16 : TagLib: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201206-16
(TagLib: Multiple vulnerabilities)

    Multiple vulnerabilities have been found in TagLib:
      The 'analyzeCurrent()' function in ape/apeproperties.cpp contains a
        division by zero error (CVE-2012-1107).
      The 'parse()' function in inogg/xiphcomment.cpp contains an error
        when processing the 'vendorLength' field (CVE-2012-1108).
      The 'mid()' function in toolkit/tbytevector.cpp contains an integer
        overflow error (CVE-2012-1584).
  
Impact :

    A remote attacker could entice a user or automated system to open a
      specially crafted OGG file with an application using TagLib, possibly
      resulting in a Denial of Service condition.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201206-16"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All TagLib users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=media-libs/taglib-1.7.1'
    Packages which depend on this library may need to be recompiled. Tools
      such as  revdep-rebuild may assist in identifying  some of these
      packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:taglib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"media-libs/taglib", unaffected:make_list("ge 1.7.1"), vulnerable:make_list("lt 1.7.1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "TagLib");
}
VendorProductVersionCPE
gentoolinuxtaglibp-cpe:/a:gentoo:linux:taglib
gentoolinuxcpe:/o:gentoo:linux

Related

openvas 9
fedora 3
nessus 7
gentoo 1
nvd 3
prion 3
cvelist 3
cve 3
ubuntucve 3
debiancve 3
openvas
openvas
Fedora Update for taglib FEDORA-2012-4291
2012-04-11 00:00:00
Fedora Update for taglib FEDORA-2012-4268
2012-04-11 00:00:00
Gentoo Security Advisory GLSA 201206-16 (TagLib)
2012-08-10 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: taglib-1.7.1-1.fc15
2012-04-06 21:30:11
[SECURITY] Fedora 16 Update: taglib-1.7.1-1.fc16
2012-04-06 21:29:27
[SECURITY] Fedora 17 Update: taglib-1.7.1-1.fc17
2012-04-12 03:24:20
nessus
nessus
Fedora 16 : taglib-1.7.1-1.fc16 (2012-4291)
2012-04-09 00:00:00
Fedora 17 : taglib-1.7.1-1.fc17 (2012-4184)
2012-04-12 00:00:00
openSUSE Security Update : taglib (openSUSE-SU-2012:0490-1)
2014-06-13 00:00:00
gentoo
gentoo
TagLib: Multiple vulnerabilities
2012-06-22 00:00:00
nvd
nvd
CVE-2012-1584
2012-09-06 18:55:01
CVE-2012-1107
2012-09-06 18:55:00
CVE-2012-1108
2012-09-06 18:55:01
prion
prion
Integer overflow
2012-09-06 18:55:00
Design/Logic Flaw
2012-09-06 18:55:00
Design/Logic Flaw
2012-09-06 18:55:00
cvelist
cvelist
CVE-2012-1584
2012-09-06 18:00:00
CVE-2012-1107
2012-09-06 18:00:00
CVE-2012-1108
2012-09-06 18:00:00
cve
cve
CVE-2012-1584
2012-09-06 18:55:01
CVE-2012-1107
2012-09-06 18:55:00
CVE-2012-1108
2012-09-06 18:55:01
ubuntucve
ubuntucve
CVE-2012-1584
2012-09-06 00:00:00
CVE-2012-1107
2012-09-06 00:00:00
CVE-2012-1108
2012-09-06 00:00:00
debiancve
debiancve
CVE-2012-1584
2012-09-06 18:55:01
CVE-2012-1107
2012-09-06 18:55:00
CVE-2012-1108
2012-09-06 18:55:01

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for GENTOO_GLSA-201206-16.NASL
openvas9fedora3nessus7gentoo1nvd3prion3cvelist3cve3ubuntucve3debiancve3