Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)
2009-10-13T00:00:00
ID MANDRIVA_MDVSA-2009-272.NASL Type nessus Reporter Tenable Modified 2018-07-19T00:00:00
Description
Multiple vulnerabilities has been found and corrected in libmikmod :
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
#%NASL_MIN_LEVEL 70103
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2009:272.
# The text itself is copyright (C) Mandriva S.A.
#
include("compat.inc");
if (description)
{
script_id(42097);
script_version("1.13");
script_cvs_date("Date: 2018/07/19 20:59:16");
script_cve_id("CVE-2007-6720", "CVE-2009-0179");
script_bugtraq_id(33235, 33240);
script_xref(name:"MDVSA", value:"2009:272-1");
script_name(english:"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities has been found and corrected in libmikmod :
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
possibly other products, relies on the channel count of the last
loaded song, rather than the currently playing song, for certain
playback calculations, which allows user-assisted attackers to cause a
denial of service (application crash) by loading multiple songs (aka
MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mikmod-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mikmod2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmikmod-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmikmod2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mikmod-devel-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64mikmod2-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmikmod-devel-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libmikmod2-3.1.11a-8.1mdv2008.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "MANDRIVA_MDVSA-2009-272.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)", "description": "Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "published": "2009-10-13T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=42097", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "type": "nessus", "lastseen": "2018-08-02T08:05:07", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "edition": 1, "enchantments": {}, "hash": "9fc348f92f7fc4c85cf0850cefec3b635673a1d31f3884c8795bb9a41b827653", "hashmap": [{"hash": "812d0b51d670eeba70014c07acbeab1b", "key": "cvelist"}, {"hash": "49380fff50b48314b9377f6515b4174c", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26fc40b8686206ae6963c459c53a8ff2", "key": "title"}, {"hash": "ea36a38cfad96a89e2614f339f909549", "key": "pluginID"}, {"hash": "eda6b6cbd16377d59756673c52e7be00", "key": "modified"}, {"hash": "45b9bb6781d7d0bd48686d24ecd57756", "key": "href"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "ddca62dcc15ed77d339ae90bcf0f3da3", "key": "published"}, {"hash": "c7d612ca916ddb1463aee9ee0a3ddaf9", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=42097", "id": "MANDRIVA_MDVSA-2009-272.NASL", "lastseen": "2016-09-26T17:25:16", "modified": "2016-05-17T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "42097", "published": "2009-10-13T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:272. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42097);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/17 17:02:54 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"MDVSA\", value:\"2009:272-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause a\ndenial of service (application crash) by loading multiple songs (aka\nMOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:lib64mikmod2", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libmikmod2", "p-cpe:/a:mandriva:linux:libmikmod-devel", "p-cpe:/a:mandriva:linux:lib64mikmod-devel"], "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "9b278a79c53289a5f1344a51998f54928ff0c596174a4456d55c8774e2d93dab", "hashmap": [{"hash": "812d0b51d670eeba70014c07acbeab1b", "key": "cvelist"}, {"hash": "49380fff50b48314b9377f6515b4174c", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26fc40b8686206ae6963c459c53a8ff2", "key": "title"}, {"hash": "ea36a38cfad96a89e2614f339f909549", "key": "pluginID"}, {"hash": "eda6b6cbd16377d59756673c52e7be00", "key": "modified"}, {"hash": "45b9bb6781d7d0bd48686d24ecd57756", "key": "href"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "ddca62dcc15ed77d339ae90bcf0f3da3", "key": "published"}, {"hash": "c7d612ca916ddb1463aee9ee0a3ddaf9", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "9c97d0b8285d496599a47108b2f9e490", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=42097", "id": "MANDRIVA_MDVSA-2009-272.NASL", "lastseen": "2017-10-29T13:40:30", "modified": "2016-05-17T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "42097", "published": "2009-10-13T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:272. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42097);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/17 17:02:54 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"MDVSA\", value:\"2009:272-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause a\ndenial of service (application crash) by loading multiple songs (aka\nMOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:40:30"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "9c97d0b8285d496599a47108b2f9e490"}, {"key": "cvelist", "hash": "812d0b51d670eeba70014c07acbeab1b"}, {"key": "cvss", "hash": "3873c836ae45fd496c2b40bae50467ed"}, {"key": "description", "hash": "49380fff50b48314b9377f6515b4174c"}, {"key": "href", "hash": "45b9bb6781d7d0bd48686d24ecd57756"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "526837706681051344a466f9e51ac982"}, {"key": "pluginID", "hash": "ea36a38cfad96a89e2614f339f909549"}, {"key": "published", "hash": "ddca62dcc15ed77d339ae90bcf0f3da3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "13319b5f9c94881584035e25b62e7836"}, {"key": "title", "hash": "26fc40b8686206ae6963c459c53a8ff2"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "a2eefbbbd562368750e320bdae7c19d65494166d0e7051ae461b86b4edeb1172", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:272. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42097);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"MDVSA\", value:\"2009:272-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in libmikmod :\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause a\ndenial of service (application crash) by loading multiple songs (aka\nMOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64mikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod-devel-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmikmod2-3.1.11a-8.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "42097", "cpe": ["p-cpe:/a:mandriva:linux:lib64mikmod2", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libmikmod2", "p-cpe:/a:mandriva:linux:libmikmod-devel", "p-cpe:/a:mandriva:linux:lib64mikmod-devel"]}
{"result": {"cve": [{"lastseen": "2016-09-03T11:59:18", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=479833", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339", "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01312.html", "http://www.securityfocus.com/bid/33240", "http://openwall.com/lists/oss-security/2009/01/13/2", "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01305.html", "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"], "edition": 1, "description": "libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.", "reporter": "NVD", "published": "2009-01-20T11:30:00", "title": "CVE-2009-0179", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T11:59:18", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0179"], "scanner": [], "cpe": ["cpe:/a:igno_saitz:libmikmod:3.1.11-5", "cpe:/a:igno_saitz:libmikmod:3.1.11-3", "cpe:/a:igno_saitz:libmikmod:3.1.12", "cpe:/a:igno_saitz:libmikmod:3.1.9-6", "cpe:/a:igno_saitz:libmikmod:3.1.10-2", "cpe:/a:igno_saitz:libmikmod:3.1.11-6", "cpe:/a:igno_saitz:libmikmod:3.1.9-3", "cpe:/a:igno_saitz:libmikmod:3.1.9-5", "cpe:/a:igno_saitz:libmikmod:3.1.10-4", "cpe:/a:igno_saitz:libmikmod:3.1.11-2", "cpe:/a:igno_saitz:libmikmod:3.1.10-1", "cpe:/a:igno_saitz:libmikmod:3.1.11-1", "cpe:/a:igno_saitz:libmikmod:3.1.11-4", "cpe:/a:igno_saitz:libmikmod:3.1.9-2", "cpe:/a:igno_saitz:libmikmod:3.2.0", "cpe:/a:igno_saitz:libmikmod:3.1.10-3", "cpe:/a:igno_saitz:libmikmod:3.1.9-1", "cpe:/a:igno_saitz:libmikmod:3.1.9-4", "cpe:/a:igno_saitz:libmikmod:3.1.10-5"], "modified": "2009-09-02T01:20:21", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0179", "id": "CVE-2009-0179", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:52:14", "references": ["http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01312.html", "http://openwall.com/lists/oss-security/2009/01/13/2", "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01305.html", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422021", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519", "https://bugzilla.redhat.com/show_bug.cgi?id=479829", "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html", "http://www.securityfocus.com/bid/33235"], "description": "libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.", "edition": 2, "reporter": "NVD", "published": "2009-01-20T11:30:00", "title": "CVE-2007-6720", "type": "cve", "enchantments": {"score": {"modified": "2017-04-18T15:52:14", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-6720"], "scanner": [], "modified": "2016-10-03T21:59:01", "cpe": ["cpe:/a:igno_saitz:libmikmod:3.1.11-5", "cpe:/a:igno_saitz:libmikmod:3.1.11-3", "cpe:/a:igno_saitz:libmikmod:3.1.12", "cpe:/a:igno_saitz:libmikmod:3.1.9-6", "cpe:/a:igno_saitz:libmikmod:3.1.10-2", "cpe:/a:igno_saitz:libmikmod:3.1.11-6", "cpe:/a:igno_saitz:libmikmod:3.1.9-3", "cpe:/a:igno_saitz:libmikmod:3.1.9-5", "cpe:/a:igno_saitz:libmikmod:3.1.10-4", "cpe:/a:igno_saitz:libmikmod:3.1.11-2", "cpe:/a:igno_saitz:libmikmod:3.1.10-1", "cpe:/a:igno_saitz:libmikmod:3.1.11-1", "cpe:/a:igno_saitz:libmikmod:3.1.11-4", "cpe:/a:igno_saitz:libmikmod:3.1.9-2", "cpe:/a:igno_saitz:libmikmod:3.2.0", "cpe:/a:igno_saitz:libmikmod:3.1.10-3", "cpe:/a:igno_saitz:libmikmod:3.1.9-1", "cpe:/a:igno_saitz:libmikmod:3.1.9-4", "cpe:/a:igno_saitz:libmikmod:3.1.10-5"], "id": "CVE-2007-6720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6720", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:14:10", "references": ["http://secunia.com/advisories/33485", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519"], "pluginID": "900443", "description": "This host is installed with MikMod Module Player and is prone to\n Denial of Service vulnerability.", "edition": 1, "reporter": "Copyright (C) 2009 SecPod", "published": "2009-01-29T00:00:00", "title": "MikMod Module Player Denial of Service Vulnerability (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179"], "modified": "2017-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900443", "id": "OPENVAS:900443", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_mikmod_dos_vuln.nasl 5055 2017-01-20 14:08:39Z teissa $\n#\n# MikMod Module Player Denial of Service Vulnerability (Linux)\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker crash the application to cause\n denial-of-service condition.\n\n Impact level: Application\";\n\ntag_affected = \"MikMod Module Player version 3.1.11 to 3.2.0 on Linux.\";\ntag_insight = \"- libmikmod library using a global variable to keep track of the number of\n channels can be exploited to crash an application using the library by\n loading a module with more channels than the currently playing module.\n - Error when processing the header of certain XM files which can be\n exploited to crash an application using the library via a specially\n crafted XM file.\";\ntag_solution = \"Apply Patch,\n http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=31.xm-header.patch;att=1;bug=476339\";\ntag_summary = \"This host is installed with MikMod Module Player and is prone to\n Denial of Service vulnerability.\";\n\nif(description)\n{\n script_id(900443);\n script_version(\"$Revision: 5055 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-20 15:08:39 +0100 (Fri, 20 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-29 15:16:47 +0100 (Thu, 29 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-0179\");\n script_bugtraq_id(33235);\n script_name(\"MikMod Module Player Denial of Service Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/33485\");\n script_xref(name : \"URL\" , value : \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_mikmod_detect.nasl\");\n script_require_keys(\"MikMod/Linux/Ver\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nmikmodVer = get_kb_item(\"MikMod/Linux/Ver\");\nif(mikmodVer != NULL)\n{\n #Grep for MikMod version 3.1.11 to 3.2.0\n if(version_in_range(version:mikmodVer, test_version:\"3.1.11\",\n test_version2:\"3.2.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:39", "references": ["http://secunia.com/advisories/33485", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519"], "pluginID": "1361412562310900443", "description": "This host is installed with MikMod Module Player and is prone to\n Denial of Service vulnerability.", "edition": 1, "reporter": "Copyright (C) 2009 SecPod", "published": "2009-01-29T00:00:00", "title": "MikMod Module Player Denial of Service Vulnerability (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900443", "id": "OPENVAS:1361412562310900443", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_mikmod_dos_vuln.nasl 9350 2018-04-06 07:03:33Z cfischer $\n#\n# MikMod Module Player Denial of Service Vulnerability (Linux)\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker crash the application to cause\n denial-of-service condition.\n\n Impact level: Application\";\n\ntag_affected = \"MikMod Module Player version 3.1.11 to 3.2.0 on Linux.\";\ntag_insight = \"- libmikmod library using a global variable to keep track of the number of\n channels can be exploited to crash an application using the library by\n loading a module with more channels than the currently playing module.\n - Error when processing the header of certain XM files which can be\n exploited to crash an application using the library via a specially\n crafted XM file.\";\ntag_solution = \"Apply Patch,\n http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=31.xm-header.patch;att=1;bug=476339\";\ntag_summary = \"This host is installed with MikMod Module Player and is prone to\n Denial of Service vulnerability.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900443\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-29 15:16:47 +0100 (Thu, 29 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-0179\");\n script_bugtraq_id(33235);\n script_name(\"MikMod Module Player Denial of Service Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/33485\");\n script_xref(name : \"URL\" , value : \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_mikmod_detect.nasl\");\n script_require_keys(\"MikMod/Linux/Ver\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nmikmodVer = get_kb_item(\"MikMod/Linux/Ver\");\nif(mikmodVer != NULL)\n{\n #Grep for MikMod version 3.1.11 to 3.2.0\n if(version_in_range(version:mikmodVer, test_version:\"3.1.11\",\n test_version2:\"3.2.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:32", "references": [], "pluginID": "66029", "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-19T00:00:00", "title": "Mandrake Security Advisory MDVSA-2009:272 (libmikmod)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66029", "id": "OPENVAS:66029", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_272.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:272 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libmikmod:\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause\na denial of service (application crash) by loading multiple songs\n(aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nAffected: 2008.1, 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:272\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.\";\n\n \n\nif(description)\n{\n script_id(66029);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:272 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod2\", rpm:\"libmikmod2~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod2\", rpm:\"lib64mikmod2~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod3\", rpm:\"libmikmod3~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod3\", rpm:\"lib64mikmod3~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod3\", rpm:\"libmikmod3~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod3\", rpm:\"lib64mikmod3~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:15", "references": [], "pluginID": "65874", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES10: Security update for libmikmod", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65874", "id": "OPENVAS:65874", "sourceData": "#\n#VID slesp2-libmikmod-6034\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libmikmod\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65874);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0179\", \"CVE-2007-6720\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for libmikmod\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.1.11~14.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:25", "references": [], "pluginID": "66407", "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272-1.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Mandriva Security Advisory MDVSA-2009:272-1 (libmikmod)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66407", "id": "OPENVAS:66407", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_272_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:272-1 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libmikmod:\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause\na denial of service (application crash) by loading multiple songs\n(aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:272-1\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272-1.\";\n\n \n\nif(description)\n{\n script_id(66407);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:272-1 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod2\", rpm:\"libmikmod2~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod2\", rpm:\"lib64mikmod2~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:18", "references": [], "pluginID": "65537", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5043927 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "title": "SLES9: Security update for libmikmod", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65537", "id": "OPENVAS:65537", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5043927.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for libmikmod\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libmikmod\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5043927 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65537);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-0179\", \"CVE-2007-6720\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for libmikmod\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.1.10~662.5\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:18", "references": [], "pluginID": "136141256231066407", "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272-1.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:272-1 (libmikmod)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066407", "id": "OPENVAS:136141256231066407", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_272_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:272-1 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libmikmod:\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause\na denial of service (application crash) by loading multiple songs\n(aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:272-1\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66407\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:272-1 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod2\", rpm:\"libmikmod2~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod2\", rpm:\"lib64mikmod2~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.1.11a~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:36", "references": [], "pluginID": "136141256231066029", "description": "The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-19T00:00:00", "title": "Mandrake Security Advisory MDVSA-2009:272 (libmikmod)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066029", "id": "OPENVAS:136141256231066029", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_272.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:272 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libmikmod:\n\nlibmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and\npossibly other products, relies on the channel count of the last\nloaded song, rather than the currently playing song, for certain\nplayback calculations, which allows user-assisted attackers to cause\na denial of service (application crash) by loading multiple songs\n(aka MOD files) with different numbers of channels (CVE-2007-6720).\n\nlibmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other\nproducts, allows user-assisted attackers to cause a denial of service\n(application crash) by loading an XM file (CVE-2009-0179).\n\nThis update fixes these vulnerabilities.\n\nAffected: 2008.1, 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:272\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory MDVSA-2009:272.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66029\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:272 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod2\", rpm:\"libmikmod2~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod2\", rpm:\"lib64mikmod2~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.1.11a~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod3\", rpm:\"libmikmod3~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod3\", rpm:\"lib64mikmod3~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.2.0~0.beta2.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod3\", rpm:\"libmikmod3~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod3\", rpm:\"lib64mikmod3~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64mikmod-devel\", rpm:\"lib64mikmod-devel~3.2.0~0.beta2.2.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:03", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=479833", "https://bugzilla.redhat.com/show_bug.cgi?id=479829"], "pluginID": "64738", "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9112.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Fedora Core 11 FEDORA-2009-9112 (libmikmod)", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64738", "id": "OPENVAS:64738", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9112.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9112 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Aug 28 2009 Jindrich Novy 3.2.0-5.beta2\n- fix CVE-2007-6720 (#479829)\n- fix CVE-2009-0179 (#479833)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libmikmod' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9112\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9112.\";\n\n\n\nif(description)\n{\n script_id(64738);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-9112 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479829\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479833\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-debuginfo\", rpm:\"libmikmod-debuginfo~3.2.0~5.beta2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:16", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=479833", "https://bugzilla.redhat.com/show_bug.cgi?id=479829"], "pluginID": "136141256231064737", "description": "The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9095.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9095 (libmikmod)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064737", "id": "OPENVAS:136141256231064737", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9095.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9095 (libmikmod)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Aug 28 2009 Jindrich Novy 3.2.0-4.beta2\n- fix CVE-2007-6720 (#479829)\n- fix CVE-2009-0179 (#479833)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libmikmod' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9095\";\ntag_summary = \"The remote host is missing an update to libmikmod\nannounced via advisory FEDORA-2009-9095.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64737\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-9095 (libmikmod)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479833\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479829\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libmikmod\", rpm:\"libmikmod~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-devel\", rpm:\"libmikmod-devel~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libmikmod-debuginfo\", rpm:\"libmikmod-debuginfo~3.2.0~4.beta2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2017-10-29T13:41:35", "references": ["https://blogs.oracle.com/sunsecurity/entry/cve_2009_0179_denial_of", "http://www.nessus.org/u?b5f8def1"], "pluginID": "80672", "edition": 2, "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. (CVE-2009-0179)", "reporter": "Tenable", "published": "2015-01-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : libmikmod (cve_2009_0179_denial_of)", "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179"], "cpe": ["p-cpe:/a:oracle:solaris:libmikmod", "cpe:/o:oracle:solaris:11.1"], "modified": "2015-01-19T00:00:00", "id": "SOLARIS11_LIBMIKMOD_20140114.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80672);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:17:51 $\");\n\n script_cve_id(\"CVE-2009-0179\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libmikmod (cve_2009_0179_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - libmikmod 3.1.11 through 3.2.0, as used by MikMod and\n possibly other products, allows user-assisted attackers\n to cause a denial of service (application crash) by\n loading an XM file. (CVE-2009-0179)\"\n );\n # http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5f8def1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/entry/cve_2009_0179_denial_of\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.15.4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libmikmod\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libmikmod$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.15.0.4.0\", sru:\"SRU 11.1.15.4.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libmikmod\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libmikmod\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:37:50", "references": ["http://support.novell.com/security/cve/CVE-2007-6720.html", "http://support.novell.com/security/cve/CVE-2009-0179.html"], "pluginID": "41282", "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod. (CVE-2009-0179, CVE-2007-6720)", "edition": 2, "reporter": "Tenable", "published": "2009-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "SuSE9 Security Update : libmikmod (YOU Patch Number 12359)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2012-04-23T00:00:00", "id": "SUSE9_12359.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41282", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41282);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:14:43 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"SuSE9 Security Update : libmikmod (YOU Patch Number 12359)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod. (CVE-2009-0179,\nCVE-2007-6720)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0179.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12359.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libmikmod-3.1.10-662.5\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libmikmod-32bit-9-200902271558\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:44:26", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=479833", "http://www.nessus.org/u?7b1d9419", "https://bugzilla.redhat.com/show_bug.cgi?id=479829"], "pluginID": "40810", "edition": 2, "description": "- Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-5.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "reporter": "Tenable", "published": "2009-08-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 11 : libmikmod-3.2.0-5.beta2.fc11 (2009-9112)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cpe": ["p-cpe:/a:fedoraproject:fedora:libmikmod", "cpe:/o:fedoraproject:fedora:11"], "modified": "2016-05-11T00:00:00", "id": "FEDORA_2009-9112.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40810", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-9112.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40810);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:16:07 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"FEDORA\", value:\"2009-9112\");\n\n script_name(english:\"Fedora 11 : libmikmod-3.2.0-5.beta2.fc11 (2009-9112)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com>\n 3.2.0-5.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479833\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028582.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b1d9419\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"libmikmod-3.2.0-5.beta2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:40:14", "references": [], "pluginID": "35759", "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720).", "edition": 2, "reporter": "Tenable", "published": "2009-03-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "openSUSE 10 Security Update : libmikmod (libmikmod-6033)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:libmikmod", "p-cpe:/a:novell:opensuse:libmikmod-devel", "p-cpe:/a:novell:opensuse:libmikmod-32bit"], "modified": "2014-06-13T00:00:00", "id": "SUSE_LIBMIKMOD-6033.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35759", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmikmod-6033.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35759);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:11:36 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"openSUSE 10 Security Update : libmikmod (libmikmod-6033)\");\n script_summary(english:\"Check for the libmikmod-6033 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libmikmod-3.1.11a-34.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libmikmod-devel-3.1.11a-34.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11a-34.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod / libmikmod-32bit / libmikmod-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:42:41", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=479833", "http://www.nessus.org/u?61f910a3", "https://bugzilla.redhat.com/show_bug.cgi?id=479829"], "pluginID": "40809", "edition": 2, "description": "- Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-4.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "reporter": "Tenable", "published": "2009-08-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 10 : libmikmod-3.2.0-4.beta2.fc10 (2009-9095)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:libmikmod"], "modified": "2016-05-11T00:00:00", "id": "FEDORA_2009-9095.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40809", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-9095.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40809);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:16:07 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n script_bugtraq_id(33235, 33240);\n script_xref(name:\"FEDORA\", value:\"2009-9095\");\n\n script_name(english:\"Fedora 10 : libmikmod-3.2.0-4.beta2.fc10 (2009-9095)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com>\n 3.2.0-4.beta2\n\n - fix CVE-2007-6720 (#479829)\n\n - fix CVE-2009-0179 (#479833)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479833\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028575.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61f910a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"libmikmod-3.2.0-4.beta2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:39:34", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=468760"], "pluginID": "40257", "edition": 2, "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720).", "reporter": "Tenable", "published": "2009-07-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "openSUSE Security Update : libmikmod (libmikmod-570)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libmikmod", "p-cpe:/a:novell:opensuse:libmikmod-devel", "p-cpe:/a:novell:opensuse:libmikmod-32bit"], "modified": "2014-06-13T00:00:00", "id": "SUSE_11_1_LIBMIKMOD-090227.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40257", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmikmod-570.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40257);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:49:35 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"openSUSE Security Update : libmikmod (libmikmod-570)\");\n script_summary(english:\"Check for the libmikmod-570 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=468760\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmikmod-3.1.11a-71.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libmikmod-devel-3.1.11a-71.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11a-71.56.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod / libmikmod-32bit / libmikmod-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:41:19", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=468760"], "pluginID": "40025", "edition": 2, "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720).", "reporter": "Tenable", "published": "2009-07-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "openSUSE Security Update : libmikmod (libmikmod-570)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:libmikmod", "p-cpe:/a:novell:opensuse:libmikmod-devel", "p-cpe:/a:novell:opensuse:libmikmod-32bit"], "modified": "2014-06-13T00:00:00", "id": "SUSE_11_0_LIBMIKMOD-090227.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmikmod-570.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40025);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:38:14 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"openSUSE Security Update : libmikmod (libmikmod-570)\");\n script_summary(english:\"Check for the libmikmod-570 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod (CVE-2009-0179,\nCVE-2007-6720).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=468760\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmikmod-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libmikmod-3.1.11a-84.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libmikmod-devel-3.1.11a-84.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11a-84.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod / libmikmod-32bit / libmikmod-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:41:10", "references": ["http://support.novell.com/security/cve/CVE-2007-6720.html", "http://support.novell.com/security/cve/CVE-2009-0179.html"], "pluginID": "41545", "description": "Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod. (CVE-2009-0179 / CVE-2007-6720)", "edition": 2, "reporter": "Tenable", "published": "2009-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "SuSE 10 Security Update : libmikmod (ZYPP Patch Number 6034)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0179", "CVE-2007-6720"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2012-05-17T00:00:00", "id": "SUSE_LIBMIKMOD-6034.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41545", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41545);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:12:38 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\");\n\n script_name(english:\"SuSE 10 Security Update : libmikmod (ZYPP Patch Number 6034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XM files or playing mod files with varying number of\nchannels could crash applications using libmikmod. (CVE-2009-0179 /\nCVE-2007-6720)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0179.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6034.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libmikmod-3.1.11-14.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11-14.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libmikmod-3.1.11-14.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libmikmod-32bit-3.1.11-14.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-10T16:57:48", "references": [], "pluginID": "49764", "description": "It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service.\n(CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed XM files. If a user were tricked into opening a crafted XM file, an attacker could cause a denial of service. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. If a user were tricked into opening a crafted Impulse Tracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. If a user were tricked into opening a crafted Ultratracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3996).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-10-06T00:00:00", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 : libmikmod vulnerabilities (USN-995-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2009-3997", "CVE-2010-2971", "CVE-2009-0179", "CVE-2007-6720", "CVE-2010-2546"], "modified": "2018-08-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmikmod2", "p-cpe:/a:canonical:ubuntu_linux:libmikmod2-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-995-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49764", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-995-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49764);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-0179\", \"CVE-2009-3995\", \"CVE-2009-3996\", \"CVE-2009-3997\", \"CVE-2010-2546\", \"CVE-2010-2971\");\n script_bugtraq_id(33235, 33240, 37374, 41917, 42464);\n script_xref(name:\"USN\", value:\"995-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 : libmikmod vulnerabilities (USN-995-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libMikMod incorrectly handled songs with\ndifferent channel counts. If a user were tricked into opening a\ncrafted song file, an attacker could cause a denial of service.\n(CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nXM files. If a user were tricked into opening a crafted XM file, an\nattacker could cause a denial of service. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nImpulse Tracker files. If a user were tricked into opening a crafted\nImpulse Tracker file, an attacker could cause a denial of service or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed\nUltratracker files. If a user were tricked into opening a crafted\nUltratracker file, an attacker could cause a denial of service or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2009-3996).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmikmod2 and / or libmikmod2-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmikmod2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmikmod2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libmikmod2\", pkgver:\"3.1.11-6ubuntu3.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libmikmod2-dev\", pkgver:\"3.1.11-a-6ubuntu3.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libmikmod2\", pkgver:\"3.1.11-6ubuntu3.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libmikmod2-dev\", pkgver:\"3.1.11-a-6ubuntu3.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libmikmod2\", pkgver:\"3.1.11-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libmikmod2-dev\", pkgver:\"3.1.11-a-6ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmikmod2 / libmikmod2-dev\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:43:42", "references": ["http://www.nessus.org/u?4c0dfd6d"], "pluginID": "60860", "edition": 2, "description": "Multiple input validation flaws, resulting in buffer overflows, were discovered in MikMod. Specially crafted music files in various formats could, when played, cause an application using the MikMod library to crash or, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996, CVE-2007-6720)\n\nAll running applications using the MikMod library must be restarted for this update to take effect.", "reporter": "Tenable", "published": "2012-08-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "Scientific Linux Security Update : mikmod on SL3.x, SL4.x, SL5.x i386/x86_64", "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "modified": "2014-08-16T00:00:00", "id": "SL_20100928_MIKMOD_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60860);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:42:09 $\");\n\n script_cve_id(\"CVE-2007-6720\", \"CVE-2009-3995\", \"CVE-2009-3996\");\n\n script_name(english:\"Scientific Linux Security Update : mikmod on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially crafted music files in various formats\ncould, when played, cause an application using the MikMod library to\ncrash or, potentially, execute arbitrary code. (CVE-2009-3995,\nCVE-2009-3996, CVE-2007-6720)\n\nAll running applications using the MikMod library must be restarted\nfor this update to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1009&L=scientific-linux-errata&T=0&P=2024\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c0dfd6d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mikmod and / or mikmod-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"mikmod-3.1.6-23.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"mikmod-devel-3.1.6-23.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"mikmod-3.1.6-33.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mikmod-devel-3.1.6-33.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"mikmod-3.1.6-39.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mikmod-devel-3.1.6-39.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-03-29T18:18:39", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3995", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6720", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2971", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2546", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0179", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3996"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3.1.11-6ubuntu3.8.04.1", "arch": "noarch", "packageName": "libmikmod2", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "3.1.11-6ubuntu4.1", "arch": "noarch", "packageName": "libmikmod2", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3.1.11-6ubuntu3.9.04.1", "arch": "noarch", "packageName": "libmikmod2", "packageFilename": "UNKNOWN", "operator": "lt"}], "description": "It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. (CVE-2007-6720)\n\nIt was discovered that libMikMod incorrectly handled certain malformed XM files. If a user were tricked into opening a crafted XM file, an attacker could cause a denial of service. (CVE-2009-0179)\n\nIt was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. If a user were tricked into opening a crafted Impulse Tracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)\n\nIt was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. If a user were tricked into opening a crafted Ultratracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3996)", "edition": 1, "reporter": "Ubuntu", "published": "2010-09-29T00:00:00", "title": "libMikMod vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2010-2971", "CVE-2009-0179", "CVE-2007-6720", "CVE-2010-2546"], "modified": "2010-09-29T00:00:00", "href": "https://usn.ubuntu.com/995-1/", "id": "USN-995-1", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2016-09-04T11:16:46", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "ia64", "packageFilename": "mikmod-3.1.6-39.el5_5.1.ia64.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageFilename": "mikmod-3.1.6-39.el5_5.1.i386.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageFilename": "mikmod-3.1.6-39.el5_5.1.i386.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.i386.rpm", "packageName": "mikmod-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "i386", "packageFilename": "mikmod-devel-3.1.6-23.el3.i386.rpm", "packageName": "mikmod-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "src", "packageFilename": "mikmod-3.1.6-33.el4_8.1.src.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "src", "packageFilename": "mikmod-3.1.6-33.el4_8.1.src.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "src", "packageFilename": "mikmod-3.1.6-33.el4_8.1.src.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "x86_64", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.x86_64.rpm", "packageName": "mikmod-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "i386", "packageFilename": "mikmod-3.1.6-23.el3.i386.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "i386", "packageFilename": "mikmod-3.1.6-23.el3.i386.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "ia64", "packageFilename": "mikmod-3.1.6-33.el4_8.1.ia64.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "x86_64", "packageFilename": "mikmod-devel-3.1.6-23.el3.x86_64.rpm", "packageName": "mikmod-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "x86_64", "packageFilename": "mikmod-3.1.6-23.el3.x86_64.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "src", "packageFilename": "mikmod-3.1.6-39.el5_5.1.src.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "src", "packageFilename": "mikmod-3.1.6-39.el5_5.1.src.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "src", "packageFilename": "mikmod-3.1.6-39.el5_5.1.src.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "x86_64", "packageFilename": "mikmod-3.1.6-39.el5_5.1.x86_64.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "ia64", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.ia64.rpm", "packageName": "mikmod-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageFilename": "mikmod-3.1.6-33.el4_8.1.i386.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageFilename": "mikmod-3.1.6-33.el4_8.1.i386.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageFilename": "mikmod-3.1.6-33.el4_8.1.i386.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "ia64", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.ia64.rpm", "packageName": "mikmod-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.i386.rpm", "packageName": "mikmod-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.i386.rpm", "packageName": "mikmod-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "src", "packageFilename": "mikmod-3.1.6-23.el3.src.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "src", "packageFilename": "mikmod-3.1.6-23.el3.src.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "x86_64", "packageFilename": "mikmod-3.1.6-33.el4_8.1.x86_64.rpm", "packageName": "mikmod", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "x86_64", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.x86_64.rpm", "packageName": "mikmod-devel", "operator": "lt"}], "description": "[3.1.6-39.el5_5.1]\n- fix CVE-2007-6720, CVE-2009-3995,3996 (#617486)", "edition": 1, "reporter": "Oracle", "published": "2010-09-28T00:00:00", "title": "mikmod security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "oraclelinux", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "modified": "2010-09-28T00:00:00", "id": "ELSA-2010-0720", "href": "http://linux.oracle.com/errata/ELSA-2010-0720.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-05-27T21:43:31", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "src", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "ia64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "ia64", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "x86_64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "x86_64", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "ppc", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "ppc", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "ppc64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "s390", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "s390", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "s390x", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "s390x", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "x86_64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "src", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "ppc", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "ppc", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "ppc64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "ppc64", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "s390", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "s390", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "s390x", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "s390x", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "x86_64", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "ia64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "ia64", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.ia64.rpm", "operator": "lt"}], "description": "MikMod is a MOD music file player for Linux, UNIX, and similar operating\nsystems. It supports various file formats including MOD, STM, S3M, MTM, XM,\nULT, and IT.\n\nMultiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially-crafted music files in various formats\ncould, when played, cause an application using the MikMod library to crash\nor, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996,\nCVE-2007-6720)\n\nAll MikMod users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe MikMod library must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2010-09-28T04:00:00", "type": "redhat", "title": "(RHSA-2010:0720) Moderate: mikmod security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-6720", "CVE-2009-3995", "CVE-2009-3996"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2010:0720", "href": "https://access.redhat.com/errata/RHSA-2010:0720", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:51", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0720.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "x86_64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "any", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-23.el3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "any", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-23.el3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "x86_64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-23.el3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "x86_64", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "any", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "any", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "i386", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-23.el3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "i386", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-23.el3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "i386", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-23.el3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "any", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "any", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.1.6-23.el3", "arch": "x86_64", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-23.el3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "i386", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-33.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.1.6-33.el4_8.1", "arch": "x86_64", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-33.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "i386", "packageName": "mikmod", "packageFilename": "mikmod-3.1.6-39.el5_5.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.1.6-39.el5_5.1", "arch": "x86_64", "packageName": "mikmod-devel", "packageFilename": "mikmod-devel-3.1.6-39.el5_5.1.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0720\n\n\nMikMod is a MOD music file player for Linux, UNIX, and similar operating\nsystems. It supports various file formats including MOD, STM, S3M, MTM, XM,\nULT, and IT.\n\nMultiple input validation flaws, resulting in buffer overflows, were\ndiscovered in MikMod. Specially-crafted music files in various formats\ncould, when played, cause an application using the MikMod library to crash\nor, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996,\nCVE-2007-6720)\n\nAll MikMod users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe MikMod library must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017063.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017064.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/017024.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/017025.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/017026.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/017027.html\n\n**Affected packages:**\nmikmod\nmikmod-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0720.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-09-29T05:47:44", "title": "mikmod security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3995", "CVE-2009-3996", "CVE-2007-6720"], "modified": "2010-10-10T19:07:49", "href": "http://lists.centos.org/pipermail/centos-announce/2010-September/017024.html", "id": "CESA-2010:0720", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}
