Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)
2009-10-13T00:00:00
ID MANDRIVA_MDVSA-2009-272.NASL Type nessus Reporter This script is Copyright (C) 2009-2021 Tenable Network Security, Inc. Modified 2009-10-13T00:00:00
Description
Multiple vulnerabilities has been found and corrected in libmikmod :
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
possibly other products, relies on the channel count of the last
loaded song, rather than the currently playing song, for certain
playback calculations, which allows user-assisted attackers to cause a
denial of service (application crash) by loading multiple songs (aka
MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2009:272.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(42097);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2007-6720", "CVE-2009-0179");
script_bugtraq_id(33235, 33240);
script_xref(name:"MDVSA", value:"2009:272-1");
script_name(english:"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities has been found and corrected in libmikmod :
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
possibly other products, relies on the channel count of the last
loaded song, rather than the currently playing song, for certain
playback calculations, which allows user-assisted attackers to cause a
denial of service (application crash) by loading multiple songs (aka
MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mikmod-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mikmod2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmikmod-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmikmod2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mikmod-devel-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mikmod2-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmikmod-devel-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmikmod2-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "MANDRIVA_MDVSA-2009-272.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)", "description": "Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause a\ndenial of service (application crash) by loading multiple songs (aka\nMOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers", "published": "2009-10-13T00:00:00", "modified": "2009-10-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/42097", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "type": "nessus", "lastseen": "2021-01-07T11:52:21", "edition": 24, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6720", "CVE-2009-0179"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064738", "OPENVAS:64738", "OPENVAS:65874", "OPENVAS:66029", "OPENVAS:66407", "OPENVAS:64737", "OPENVAS:136141256231066407", "OPENVAS:136141256231065537", "OPENVAS:136141256231065874", "OPENVAS:136141256231066029"]}, {"type": "nessus", "idList": ["SUSE_11_1_LIBMIKMOD-090227.NASL", "UBUNTU_USN-995-1.NASL", "FEDORA_2009-9095.NASL", "SUSE_11_0_LIBMIKMOD-090227.NASL", "SUSE_LIBMIKMOD-6034.NASL", "SUSE9_12359.NASL", "FEDORA_2009-9112.NASL", "SL_20100928_MIKMOD_ON_SL3_X.NASL", "SUSE_LIBMIKMOD-6033.NASL", "SOLARIS11_LIBMIKMOD_20140114.NASL"]}, {"type": "fedora", "idList": ["FEDORA:093C110F878", "FEDORA:2B3AF10F878"]}, {"type": "ubuntu", "idList": ["USN-995-1"]}, {"type": "centos", "idList": ["CESA-2010:0720"]}, {"type": "redhat", "idList": ["RHSA-2010:0720"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0720"]}], "modified": "2021-01-07T11:52:21", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-01-07T11:52:21", "rev": 2}, "vulnersScore": 5.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:272. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42097);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"MDVSA\", value:\"2009:272-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause a\ndenial of service (application crash) by loading multiple songs (aka\nMOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "42097", "cpe": ["p-cpe:/a:mandriva:linux:lib64mikmod2", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libmikmod2", "p-cpe:/a:mandriva:linux:libmikmod-devel", "p-cpe:/a:mandriva:linux:lib64mikmod-devel"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:45:55", "description": "libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.", "edition": 3, "cvss3": {}, "published": "2009-01-20T16:30:00", "title": "CVE-2007-6720", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6720"], "modified": "2016-10-04T01:59:00", "cpe": ["cpe:/a:igno_saitz:libmikmod:3.1.11-5", "cpe:/a:igno_saitz:libmikmod:3.1.11-3", "cpe:/a:igno_saitz:libmikmod:3.1.12", "cpe:/a:igno_saitz:libmikmod:3.1.9-6", "cpe:/a:igno_saitz:libmikmod:3.1.10-2", "cpe:/a:igno_saitz:libmikmod:3.1.11-6", "cpe:/a:igno_saitz:libmikmod:3.1.9-3", "cpe:/a:igno_saitz:libmikmod:3.1.9-5", "cpe:/a:igno_saitz:libmikmod:3.1.10-4", "cpe:/a:igno_saitz:libmikmod:3.1.11-2", "cpe:/a:igno_saitz:libmikmod:3.1.10-1", "cpe:/a:igno_saitz:libmikmod:3.1.11-1", "cpe:/a:igno_saitz:libmikmod:3.1.11-4", "cpe:/a:igno_saitz:libmikmod:3.1.9-2", "cpe:/a:igno_saitz:libmikmod:3.2.0", "cpe:/a:igno_saitz:libmikmod:3.1.10-3", "cpe:/a:igno_saitz:libmikmod:3.1.9-1", "cpe:/a:igno_saitz:libmikmod:3.1.9-4", "cpe:/a:igno_saitz:libmikmod:3.1.10-5"], "id": "CVE-2007-6720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6720", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:igno_saitz:libmikmod:3.1.11-6:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-3:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-1:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-6:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-2:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-5:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-4:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-5:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-4:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-5:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-4:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-3:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-2:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-3:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:10", "description": "libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.", "edition": 3, "cvss3": {}, "published": "2009-01-20T16:30:00", "title": "CVE-2009-0179", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0179"], "modified": "2009-09-02T05:20:00", "cpe": ["cpe:/a:igno_saitz:libmikmod:3.1.11-5", "cpe:/a:igno_saitz:libmikmod:3.1.11-3", "cpe:/a:igno_saitz:libmikmod:3.1.12", "cpe:/a:igno_saitz:libmikmod:3.1.9-6", "cpe:/a:igno_saitz:libmikmod:3.1.10-2", "cpe:/a:igno_saitz:libmikmod:3.1.11-6", "cpe:/a:igno_saitz:libmikmod:3.1.9-3", "cpe:/a:igno_saitz:libmikmod:3.1.9-5", "cpe:/a:igno_saitz:libmikmod:3.1.10-4", "cpe:/a:igno_saitz:libmikmod:3.1.11-2", "cpe:/a:igno_saitz:libmikmod:3.1.10-1", "cpe:/a:igno_saitz:libmikmod:3.1.11-1", "cpe:/a:igno_saitz:libmikmod:3.1.11-4", "cpe:/a:igno_saitz:libmikmod:3.1.9-2", "cpe:/a:igno_saitz:libmikmod:3.2.0", "cpe:/a:igno_saitz:libmikmod:3.1.10-3", "cpe:/a:igno_saitz:libmikmod:3.1.9-1", "cpe:/a:igno_saitz:libmikmod:3.1.9-4", "cpe:/a:igno_saitz:libmikmod:3.1.10-5"], "id": "CVE-2009-0179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0179", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:igno_saitz:libmikmod:3.1.11-6:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-3:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-1:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-6:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-2:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-5:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-4:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-5:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-4:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-5:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-4:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-3:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-2:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-3:*:*:*:*:*:*:*", "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-06T11:37:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9112.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:136141256231064738", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064738", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9112 (libmikmod)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9112.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9112 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Aug 28 2009 Jindrich Novy 3.2.0-5.beta2\n- fix CVE-2007-6720 (#479829)\n- fix CVE-2009-0179 (#479833)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libmikmod' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9112\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9112.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64738\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-9112 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479829\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479833\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-debuginfo\", rpm:\"libmikmod-debuginfo~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5043927 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065537", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065537", "type": "openvas", "title": "SLES9: Security update for libmikmod", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5043927.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for libmikmod\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5043927 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65537\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-0179\", \"CVE-2007-6720\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for libmikmod\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.1.10~662.5\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9095.", "modified": "2017-07-10T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64737", "href": "http://plugins.openvas.org/nasl.php?oid=64737", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9095 (libmikmod)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9095.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9095 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Aug 28 2009 Jindrich Novy 3.2.0-4.beta2\n- fix CVE-2007-6720 (#479829)\n- fix CVE-2009-0179 (#479833)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libmikmod' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9095\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9095.\";\n\n\n\nif(description)\n{\n script_id(64737);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-9095 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479833\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479829\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-debuginfo\", rpm:\"libmikmod-debuginfo~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.", "modified": "2018-04-06T00:00:00", "published": "2009-10-19T00:00:00", "id": "OPENVAS:136141256231066029", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066029", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:272 (libmikmod)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_272.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:272 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libmikmod:\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause\na denial of service (application crash) by loading multiple songs\n(aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nAffected: 2008.1, 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:272\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66029\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:272 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod2\", rpm:\"libmikmod2~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod2\", rpm:\"lib64mikmod2~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod3\", rpm:\"libmikmod3~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod3\", rpm:\"lib64mikmod3~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod3\", rpm:\"libmikmod3~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod3\", rpm:\"lib64mikmod3~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.", "modified": "2017-07-06T00:00:00", "published": "2009-10-19T00:00:00", "id": "OPENVAS:66029", "href": "http://plugins.openvas.org/nasl.php?oid=66029", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:272 (libmikmod)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_272.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:272 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libmikmod:\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause\na denial of service (application crash) by loading multiple songs\n(aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nAffected: 2008.1, 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:272\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.\";\n\n \n\nif(description)\n{\n script_id(66029);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:272 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod2\", rpm:\"libmikmod2~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod2\", rpm:\"lib64mikmod2~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod3\", rpm:\"libmikmod3~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod3\", rpm:\"lib64mikmod3~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod3\", rpm:\"libmikmod3~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod3\", rpm:\"lib64mikmod3~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65874", "href": "http://plugins.openvas.org/nasl.php?oid=65874", "type": "openvas", "title": "SLES10: Security update for libmikmod", "sourceData": "#\n#VID slesp2-libmikmod-6034\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libmikmod\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65874);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0179\", \"CVE-2007-6720\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for libmikmod\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.1.11~14.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5043927 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65537", "href": "http://plugins.openvas.org/nasl.php?oid=65537", "type": "openvas", "title": "SLES9: Security update for libmikmod", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5043927.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for libmikmod\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5043927 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65537);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-0179\", \"CVE-2007-6720\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for libmikmod\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.1.10~662.5\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9112.", "modified": "2017-07-10T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64738", "href": "http://plugins.openvas.org/nasl.php?oid=64738", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9112 (libmikmod)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9112.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9112 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Aug 28 2009 Jindrich Novy 3.2.0-5.beta2\n- fix CVE-2007-6720 (#479829)\n- fix CVE-2009-0179 (#479833)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libmikmod' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9112\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9112.\";\n\n\n\nif(description)\n{\n script_id(64738);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-9112 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479829\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479833\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-debuginfo\", rpm:\"libmikmod-debuginfo~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272-1.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:136141256231066407", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066407", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:272-1 (libmikmod)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_272_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:272-1 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libmikmod:\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause\na denial of service (application crash) by loading multiple songs\n(aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:272-1\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66407\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:272-1 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod2\", rpm:\"libmikmod2~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod2\", rpm:\"lib64mikmod2~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9095.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:136141256231064737", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064737", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9095 (libmikmod)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9095.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9095 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Aug 28 2009 Jindrich Novy 3.2.0-4.beta2\n- fix CVE-2007-6720 (#479829)\n- fix CVE-2009-0179 (#479833)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libmikmod' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9095\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9095.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64737\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-9095 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479833\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479829\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-debuginfo\", rpm:\"libmikmod-debuginfo~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T05:50:24", "description": "Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod. (CVE-2009-0179,\nCVE-2007-6720)", "edition": 22, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : libmikmod (YOU Patch Number 12359)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12359.NASL", "href": "https://www.tenable.com/plugins/nessus/41282", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41282);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"SuSE9 Security Update : libmikmod (YOU Patch Number 12359)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod. (CVE-2009-0179,\nCVE-2007-6720)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0179.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12359.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libmikmod-3.1.10-662.5\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libmikmod-32bit-9-200902271558\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:52:42", "description": "Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).", "edition": 22, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : libmikmod (libmikmod-570)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libmikmod", "p-cpe:/a:novell:opensuse:libmikmod-devel", "p-cpe:/a:novell:opensuse:libmikmod-32bit"], "id": "SUSE_11_1_LIBMIKMOD-090227.NASL", "href": "https://www.tenable.com/plugins/nessus/40257", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmikmod-570.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40257);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"openSUSE Security Update : libmikmod (libmikmod-570)\");\n script_summary(english:\"Check for the libmikmod-570 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=468760\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmikmod-3.1.11a-71.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmikmod-devel-3.1.11a-71.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11a-71.56.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod / libmikmod-32bit / libmikmod-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:32:34", "description": "Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod. (CVE-2009-0179 /\nCVE-2007-6720)", "edition": 22, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : libmikmod (ZYPP Patch Number 6034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBMIKMOD-6034.NASL", "href": "https://www.tenable.com/plugins/nessus/41545", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41545);\n script_version (\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:36\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"SuSE 10 Security Update : libmikmod (ZYPP Patch Number 6034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod. (CVE-2009-0179 /\nCVE-2007-6720)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0179.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6034.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libmikmod-3.1.11-14.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11-14.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libmikmod-3.1.11-14.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11-14.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:32:34", "description": "Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).", "edition": 22, "published": "2009-03-03T00:00:00", "title": "openSUSE 10 Security Update : libmikmod (libmikmod-6033)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:libmikmod", "p-cpe:/a:novell:opensuse:libmikmod-devel", "p-cpe:/a:novell:opensuse:libmikmod-32bit"], "id": "SUSE_LIBMIKMOD-6033.NASL", "href": "https://www.tenable.com/plugins/nessus/35759", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmikmod-6033.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35759);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:36\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"openSUSE 10 Security Update : libmikmod (libmikmod-6033)\");\n script_summary(english:\"Check for the libmikmod-6033 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libmikmod-3.1.11a-34.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libmikmod-devel-3.1.11a-34.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11a-34.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod / libmikmod-32bit / libmikmod-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:51:31", "description": "Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).", "edition": 22, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : libmikmod (libmikmod-570)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:libmikmod", "p-cpe:/a:novell:opensuse:libmikmod-devel", "p-cpe:/a:novell:opensuse:libmikmod-32bit"], "id": "SUSE_11_0_LIBMIKMOD-090227.NASL", "href": "https://www.tenable.com/plugins/nessus/40025", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmikmod-570.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40025);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:34\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"openSUSE Security Update : libmikmod (libmikmod-570)\");\n script_summary(english:\"Check for the libmikmod-570 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=468760\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libmikmod-3.1.11a-84.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libmikmod-devel-3.1.11a-84.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11a-84.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod / libmikmod-32bit / libmikmod-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:38", "description": " - Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com>\n 3.2.0-5.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-08-31T00:00:00", "title": "Fedora 11 : libmikmod-3.2.0-5.beta2.fc11 (2009-9112)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2009-08-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libmikmod", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-9112.NASL", "href": "https://www.tenable.com/plugins/nessus/40810", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-9112.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40810);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"FEDORA\", value:\"2009-9112\");\n\n script_name(english:\"Fedora 11 : libmikmod-3.2.0-5.beta2.fc11 (2009-9112)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com>\n 3.2.0-5.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479833\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028582.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b1d9419\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"libmikmod-3.2.0-5.beta2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:38", "description": " - Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com>\n 3.2.0-4.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-08-31T00:00:00", "title": "Fedora 10 : libmikmod-3.2.0-4.beta2.fc10 (2009-9095)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2009-08-31T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:libmikmod"], "id": "FEDORA_2009-9095.NASL", "href": "https://www.tenable.com/plugins/nessus/40809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-9095.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40809);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"FEDORA\", value:\"2009-9095\");\n\n script_name(english:\"Fedora 10 : libmikmod-3.2.0-4.beta2.fc10 (2009-9095)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com>\n 3.2.0-4.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479833\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028575.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61f910a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"libmikmod-3.2.0-4.beta2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:57:45", "description": "It was discovered that libMikMod incorrectly handled songs with\ndifferent channel counts. If a user were tricked into opening a\ncrafted song file, an attacker could cause a denial of service.\n(CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nXM files. If a user were tricked into opening a crafted XM file, an\nattacker could cause a denial of service. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nImpulse Tracker files. If a user were tricked into opening a crafted\nImpulse Tracker file, an attacker could cause a denial of service or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nUltratracker files. If a user were tricked into opening a crafted\nUltratracker file, an attacker could cause a denial of service or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2009-3996).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2010-10-06T00:00:00", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 : libmikmod vulnerabilities (USN-995-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2009-3997", "CVE-2010-2971", "CVE-2009-0179", "CVE-2007-6720", "CVE-2010-2546"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmikmod2", "p-cpe:/a:canonical:ubuntu_linux:libmikmod2-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-995-1.NASL", "href": "https://www.tenable.com/plugins/nessus/49764", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-995-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49764);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\", \"CVE-2009-3995\", \"CVE-2009-3996\", \"CVE-2009-3997\", \"CVE-2010-2546\", \"CVE-2010-2971\");\n script_bugtraq_id(33235, 33240, 37374, 41917, 42464);\n script_xref(name:\"USN\", value:\"995-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 : libmikmod vulnerabilities (USN-995-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libMikMod incorrectly handled songs with\ndifferent channel counts. If a user were tricked into opening a\ncrafted song file, an attacker could cause a denial of service.\n(CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nXM files. If a user were tricked into opening a crafted XM file, an\nattacker could cause a denial of service. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nImpulse Tracker files. If a user were tricked into opening a crafted\nImpulse Tracker file, an attacker could cause a denial of service or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nUltratracker files. If a user were tricked into opening a crafted\nUltratracker file, an attacker could cause a denial of service or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2009-3996).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/995-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod2 and / or libmikmod2-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmikmod2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libmikmod2\", pkgver:\"3.1.11-6ubuntu3.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libmikmod2-dev\", pkgver:\"3.1.11-a-6ubuntu3.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libmikmod2\", pkgver:\"3.1.11-6ubuntu3.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libmikmod2-dev\", pkgver:\"3.1.11-a-6ubuntu3.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libmikmod2\", pkgver:\"3.1.11-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libmikmod2-dev\", pkgver:\"3.1.11-a-6ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod2 / libmikmod2-dev\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:49:10", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - libmikmod 3.1.11 through 3.2.0, as used by MikMod and\n possibly other products, allows user-assisted attackers\n to cause a denial of service (application crash) by\n loading an XM file. (CVE-2009-0179)", "edition": 23, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : libmikmod (cve_2009_0179_denial_of)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:libmikmod", "cpe:/o:oracle:solaris:11.1"], "id": "SOLARIS11_LIBMIKMOD_20140114.NASL", "href": "https://www.tenable.com/plugins/nessus/80672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80672);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2009-0179\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libmikmod (cve_2009_0179_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - libmikmod 3.1.11 through 3.2.0, as used by MikMod and\n possibly other products, allows user-assisted attackers\n to cause a denial of service (application crash) by\n loading an XM file. (CVE-2009-0179)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2009-0179-denial-of-servicedos-vulnerability-in-libmikmod\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.15.4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libmikmod\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libmikmod$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.15.0.4.0\", sru:\"SRU 11.1.15.4.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libmikmod\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libmikmod\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:34:01", "description": "Multiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially crafted music files in various formats\ncould, when played, cause an application using the MikMod library to\ncrash or, potentially, execute arbitrary code. (CVE-2009-3995,\nCVE-2009-3996, CVE-2007-6720)\n\nAll running applications using the MikMod library must be restarted\nfor this update to take effect.", "edition": 23, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : mikmod on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100928_MIKMOD_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60860", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60860);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:19\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-3995\", \"CVE-2009-3996\");\n\n script_name(english:\"Scientific Linux Security Update : mikmod on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially crafted music files in various formats\ncould, when played, cause an application using the MikMod library to\ncrash or, potentially, execute arbitrary code. (CVE-2009-3995,\nCVE-2009-3996, CVE-2007-6720)\n\nAll running applications using the MikMod library must be restarted\nfor this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1009&L=scientific-linux-errata&T=0&P=2024\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da923322\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mikmod and / or mikmod-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"mikmod-3.1.6-23.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"mikmod-devel-3.1.6-23.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"mikmod-3.1.6-33.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mikmod-devel-3.1.6-33.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"mikmod-3.1.6-39.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mikmod-devel-3.1.6-39.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6720", "CVE-2009-0179"], "description": "libmikmod is a library used by the mikmod MOD music file player for UNIX-like systems. Supported file formats include MOD, STM, S3M, MTM, XM, ULT and IT. ", "modified": "2009-08-28T22:01:46", "published": "2009-08-28T22:01:46", "id": "FEDORA:093C110F878", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: libmikmod-3.2.0-5.beta2.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6720", "CVE-2009-0179"], "description": "libmikmod is a library used by the mikmod MOD music file player for UNIX-like systems. Supported file formats include MOD, STM, S3M, MTM, XM, ULT and IT. ", "modified": "2009-08-28T21:59:24", "published": "2009-08-28T21:59:24", "id": "FEDORA:2B3AF10F878", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: libmikmod-3.2.0-4.beta2.fc10", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:20:21", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2010-2971", "CVE-2009-0179", "CVE-2007-6720", "CVE-2010-2546"], "description": "It was discovered that libMikMod incorrectly handled songs with different \nchannel counts. If a user were tricked into opening a crafted song file, \nan attacker could cause a denial of service. (CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed XM \nfiles. If a user were tricked into opening a crafted XM file, an attacker \ncould cause a denial of service. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed \nImpulse Tracker files. If a user were tricked into opening a crafted \nImpulse Tracker file, an attacker could cause a denial of service or \npossibly execute arbitrary code with the privileges of the user invoking \nthe program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed \nUltratracker files. If a user were tricked into opening a crafted \nUltratracker file, an attacker could cause a denial of service or possibly \nexecute arbitrary code with the privileges of the user invoking the \nprogram. (CVE-2009-3996)", "edition": 5, "modified": "2010-09-29T00:00:00", "published": "2010-09-29T00:00:00", "id": "USN-995-1", "href": "https://ubuntu.com/security/notices/USN-995-1", "title": "libMikMod vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:27:00", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0720\n\n\nMikMod is a MOD music file player for Linux, UNIX, and similar operating\nsystems. It supports various file formats including MOD, STM, S3M, MTM, XM,\nULT, and IT.\n\nMultiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially-crafted music files in various formats\ncould, when played, cause an application using the MikMod library to crash\nor, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996,\nCVE-2007-6720)\n\nAll MikMod users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe MikMod library must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029101.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029102.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/029062.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/029063.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/029064.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/029065.html\n\n**Affected packages:**\nmikmod\nmikmod-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0720.html", "edition": 3, "modified": "2010-10-10T23:07:49", "published": "2010-09-29T09:47:44", "href": "http://lists.centos.org/pipermail/centos-announce/2010-September/029062.html", "id": "CESA-2010:0720", "title": "mikmod security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:09", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6720", "CVE-2009-3995", "CVE-2009-3996"], "description": "MikMod is a MOD music file player for Linux, UNIX, and similar operating\nsystems. It supports various file formats including MOD, STM, S3M, MTM, XM,\nULT, and IT.\n\nMultiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially-crafted music files in various formats\ncould, when played, cause an application using the MikMod library to crash\nor, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996,\nCVE-2007-6720)\n\nAll MikMod users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe MikMod library must be restarted for this update to take effect.\n", "modified": "2018-05-26T04:26:17", "published": "2010-09-28T04:00:00", "id": "RHSA-2010:0720", "href": "https://access.redhat.com/errata/RHSA-2010:0720", "type": "redhat", "title": "(RHSA-2010:0720) Moderate: mikmod security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "description": "[3.1.6-39.el5_5.1]\n- fix CVE-2007-6720, CVE-2009-3995,3996 (#617486)", "edition": 4, "modified": "2010-09-28T00:00:00", "published": "2010-09-28T00:00:00", "id": "ELSA-2010-0720", "href": "http://linux.oracle.com/errata/ELSA-2010-0720.html", "title": "mikmod security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}