Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)
2009-10-13T00:00:00
ID MANDRIVA_MDVSA-2009-272.NASL Type nessus Reporter Tenable Modified 2016-05-17T00:00:00
Description
Multiple vulnerabilities has been found and corrected in libmikmod :
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2009:272.
# The text itself is copyright (C) Mandriva S.A.
#
include("compat.inc");
if (description)
{
script_id(42097);
script_version("$Revision: 1.12 $");
script_cvs_date("$Date: 2016/05/17 17:02:54 $");
script_cve_id("CVE-2007-6720", "CVE-2009-0179");
script_bugtraq_id(33235, 33240);
script_xref(name:"MDVSA", value:"2009:272-1");
script_name(english:"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities has been found and corrected in libmikmod :
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
possibly other products, relies on the channel count of the last
loaded song, rather than the currently playing song, for certain
playback calculations, which allows user-assisted attackers to cause a
denial of service (application crash) by loading multiple songs (aka
MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mikmod-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mikmod2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmikmod-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmikmod2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mikmod-devel-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mikmod2-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmikmod-devel-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmikmod2-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"published": "2009-10-13T00:00:00", "id": "MANDRIVA_MDVSA-2009-272.NASL", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:16", "bulletin": {"enchantments": {}, "published": "2009-10-13T00:00:00", "id": "MANDRIVA_MDVSA-2009-272.NASL", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "history": [], "cpe": [], "hash": "9fc348f92f7fc4c85cf0850cefec3b635673a1d31f3884c8795bb9a41b827653", "description": "Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "type": "nessus", "pluginID": "42097", "lastseen": "2016-09-26T17:25:16", "edition": 1, "title": "Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42097", "modified": "2016-05-17T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "references": [], "naslFamily": "Mandriva Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:272. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42097);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/17 17:02:54 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"MDVSA\", value:\"2009:272-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause a\ndenial of service (application crash) by loading multiple songs (aka\nMOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "812d0b51d670eeba70014c07acbeab1b", "key": "cvelist"}, {"hash": "49380fff50b48314b9377f6515b4174c", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26fc40b8686206ae6963c459c53a8ff2", "key": "title"}, {"hash": "ea36a38cfad96a89e2614f339f909549", "key": "pluginID"}, {"hash": "eda6b6cbd16377d59756673c52e7be00", "key": "modified"}, {"hash": "45b9bb6781d7d0bd48686d24ecd57756", "key": "href"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "ddca62dcc15ed77d339ae90bcf0f3da3", "key": "published"}, {"hash": "c7d612ca916ddb1463aee9ee0a3ddaf9", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "hash": "9b278a79c53289a5f1344a51998f54928ff0c596174a4456d55c8774e2d93dab", "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "pluginID": "42097", "lastseen": "2017-10-29T13:40:30", "edition": 2, "cpe": ["p-cpe:/a:mandriva:linux:lib64mikmod2", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libmikmod2", "p-cpe:/a:mandriva:linux:libmikmod-devel", "p-cpe:/a:mandriva:linux:lib64mikmod-devel"], "title": "Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42097", "modified": "2016-05-17T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "references": [], "naslFamily": "Mandriva Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:272. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42097);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/17 17:02:54 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"MDVSA\", value:\"2009:272-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause a\ndenial of service (application crash) by loading multiple songs (aka\nMOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "9c97d0b8285d496599a47108b2f9e490", "key": "cpe"}, {"hash": "812d0b51d670eeba70014c07acbeab1b", "key": "cvelist"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "49380fff50b48314b9377f6515b4174c", "key": "description"}, {"hash": "45b9bb6781d7d0bd48686d24ecd57756", "key": "href"}, {"hash": "eda6b6cbd16377d59756673c52e7be00", "key": "modified"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "ea36a38cfad96a89e2614f339f909549", "key": "pluginID"}, {"hash": "ddca62dcc15ed77d339ae90bcf0f3da3", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c7d612ca916ddb1463aee9ee0a3ddaf9", "key": "sourceData"}, {"hash": "26fc40b8686206ae6963c459c53a8ff2", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}
{"result": {"cve": [{"id": "CVE-2009-0179", "type": "cve", "title": "CVE-2009-0179", "description": "libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.", "published": "2009-01-20T11:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0179", "cvelist": ["CVE-2009-0179"], "lastseen": "2016-09-03T11:59:18"}, {"id": "CVE-2007-6720", "type": "cve", "title": "CVE-2007-6720", "description": "libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.", "published": "2009-01-20T11:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6720", "cvelist": ["CVE-2007-6720"], "lastseen": "2017-04-18T15:52:14"}], "openvas": [{"id": "OPENVAS:900443", "type": "openvas", "title": "MikMod Module Player Denial of Service Vulnerability (Linux)", "description": "This host is installed with MikMod Module Player and is prone to\n Denial of Service vulnerability.", "published": "2009-01-29T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=900443", "cvelist": ["CVE-2009-0179"], "lastseen": "2017-07-02T21:14:10"}, {"id": "OPENVAS:1361412562310900443", "type": "openvas", "title": "MikMod Module Player Denial of Service Vulnerability (Linux)", "description": "This host is installed with MikMod Module Player and is prone to\n Denial of Service vulnerability.", "published": "2009-01-29T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900443", "cvelist": ["CVE-2009-0179"], "lastseen": "2018-04-06T11:39:39"}, {"id": "OPENVAS:65874", "type": "openvas", "title": "SLES10: Security update for libmikmod", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65874", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-07-26T08:55:15"}, {"id": "OPENVAS:66407", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:272-1 (libmikmod)", "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272-1.", "published": "2009-12-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66407", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-07-24T12:56:25"}, {"id": "OPENVAS:66029", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:272 (libmikmod)", "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.", "published": "2009-10-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66029", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-07-24T12:56:32"}, {"id": "OPENVAS:64737", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9095 (libmikmod)", "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9095.", "published": "2009-09-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64737", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-07-25T10:56:45"}, {"id": "OPENVAS:64738", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9112 (libmikmod)", "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9112.", "published": "2009-09-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64738", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-07-25T10:56:03"}, {"id": "OPENVAS:136141256231064737", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9095 (libmikmod)", "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9095.", "published": "2009-09-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064737", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2018-04-06T11:39:16"}, {"id": "OPENVAS:136141256231064738", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9112 (libmikmod)", "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9112.", "published": "2009-09-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064738", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2018-04-06T11:37:18"}, {"id": "OPENVAS:136141256231065874", "type": "openvas", "title": "SLES10: Security update for libmikmod", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065874", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2018-04-06T11:37:25"}], "nessus": [{"id": "SOLARIS11_LIBMIKMOD_20140114.NASL", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : libmikmod (cve_2009_0179_denial_of)", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. (CVE-2009-0179)", "published": "2015-01-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80672", "cvelist": ["CVE-2009-0179"], "lastseen": "2017-10-29T13:41:35"}, {"id": "FEDORA_2009-9112.NASL", "type": "nessus", "title": "Fedora 11 : libmikmod-3.2.0-5.beta2.fc11 (2009-9112)", "description": "- Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-5.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-08-31T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40810", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-10-29T13:44:26"}, {"id": "SUSE9_12359.NASL", "type": "nessus", "title": "SuSE9 Security Update : libmikmod (YOU Patch Number 12359)", "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod. (CVE-2009-0179, CVE-2007-6720)", "published": "2009-09-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41282", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-10-29T13:37:50"}, {"id": "SUSE_11_0_LIBMIKMOD-090227.NASL", "type": "nessus", "title": "openSUSE Security Update : libmikmod (libmikmod-570)", "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720).", "published": "2009-07-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40025", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-10-29T13:41:19"}, {"id": "SUSE_LIBMIKMOD-6034.NASL", "type": "nessus", "title": "SuSE 10 Security Update : libmikmod (ZYPP Patch Number 6034)", "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod. (CVE-2009-0179 / CVE-2007-6720)", "published": "2009-09-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41545", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-10-29T13:41:10"}, {"id": "SUSE_LIBMIKMOD-6033.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : libmikmod (libmikmod-6033)", "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720).", "published": "2009-03-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=35759", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-10-29T13:40:14"}, {"id": "FEDORA_2009-9095.NASL", "type": "nessus", "title": "Fedora 10 : libmikmod-3.2.0-4.beta2.fc10 (2009-9095)", "description": "- Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-4.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-08-31T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40809", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-10-29T13:42:41"}, {"id": "SUSE_11_1_LIBMIKMOD-090227.NASL", "type": "nessus", "title": "openSUSE Security Update : libmikmod (libmikmod-570)", "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720).", "published": "2009-07-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40257", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "lastseen": "2017-10-29T13:39:34"}, {"id": "UBUNTU_USN-995-1.NASL", "type": "nessus", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 : libmikmod vulnerabilities (USN-995-1)", "description": "It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service.\n(CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed XM files. If a user were tricked into opening a crafted XM file, an attacker could cause a denial of service. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. If a user were tricked into opening a crafted Impulse Tracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. If a user were tricked into opening a crafted Ultratracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3996).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-10-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49764", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2009-3997", "CVE-2010-2971", "CVE-2009-0179", "CVE-2007-6720", "CVE-2010-2546"], "lastseen": "2017-10-29T13:34:12"}, {"id": "SL_20100928_MIKMOD_ON_SL3_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : mikmod on SL3.x, SL4.x, SL5.x i386/x86_64", "description": "Multiple input validation flaws, resulting in buffer overflows, were discovered in MikMod. Specially crafted music files in various formats could, when played, cause an application using the MikMod library to crash or, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996, CVE-2007-6720)\n\nAll running applications using the MikMod library must be restarted for this update to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60860", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "lastseen": "2017-10-29T13:43:42"}], "ubuntu": [{"id": "USN-995-1", "type": "ubuntu", "title": "libMikMod vulnerabilities", "description": "It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. (CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed XM files. If a user were tricked into opening a crafted XM file, an attacker could cause a denial of service. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. If a user were tricked into opening a crafted Impulse Tracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. If a user were tricked into opening a crafted Ultratracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3996)", "published": "2010-09-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/995-1/", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2010-2971", "CVE-2009-0179", "CVE-2007-6720", "CVE-2010-2546"], "lastseen": "2018-03-29T18:18:39"}], "oraclelinux": [{"id": "ELSA-2010-0720", "type": "oraclelinux", "title": "mikmod security update", "description": "[3.1.6-39.el5_5.1]\n- fix CVE-2007-6720, CVE-2009-3995,3996 (#617486)", "published": "2010-09-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0720.html", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "lastseen": "2016-09-04T11:16:46"}], "redhat": [{"id": "RHSA-2010:0720", "type": "redhat", "title": "(RHSA-2010:0720) Moderate: mikmod security update", "description": "MikMod is a MOD music file player for Linux, UNIX, and similar operating\nsystems. It supports various file formats including MOD, STM, S3M, MTM, XM,\nULT, and IT.\n\nMultiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially-crafted music files in various formats\ncould, when played, cause an application using the MikMod library to crash\nor, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996,\nCVE-2007-6720)\n\nAll MikMod users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe MikMod library must be restarted for this update to take effect.\n", "published": "2010-09-28T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0720", "cvelist": ["CVE-2007-6720", "CVE-2009-3995", "CVE-2009-3996"], "lastseen": "2017-09-08T08:03:30"}], "centos": [{"id": "CESA-2010:0720", "type": "centos", "title": "mikmod security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0720\n\n\nMikMod is a MOD music file player for Linux, UNIX, and similar operating\nsystems. It supports various file formats including MOD, STM, S3M, MTM, XM,\nULT, and IT.\n\nMultiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially-crafted music files in various formats\ncould, when played, cause an application using the MikMod library to crash\nor, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996,\nCVE-2007-6720)\n\nAll MikMod users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe MikMod library must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017063.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017064.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/017024.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/017025.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/017026.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/017027.html\n\n**Affected packages:**\nmikmod\nmikmod-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0720.html", "published": "2010-09-29T05:47:44", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-September/017024.html", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "lastseen": "2017-10-03T18:24:51"}]}}
