Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.REDHAT-RHSA-2006-0257.NASL
HistoryJan 24, 2013 - 12:00 a.m.

RHEL 3 / 4 : RealPlayer (RHSA-2006:0257)

2013-01-2400:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
14
JSON

An updated RealPlayer package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux Extras 3 and 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

RealPlayer is a media player that provides media playback locally and via streaming.

A buffer overflow bug was discovered in the way RealPlayer processes Flash Media (.swf) files. It is possible for a malformed Flash Media file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0323 to this issue.

All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.7 and is not vulnerable to this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2006:0257. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(63831);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-0323");
  script_xref(name:"RHSA", value:"2006:0257");

  script_name(english:"RHEL 3 / 4 : RealPlayer (RHSA-2006:0257)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated RealPlayer package that fixes a buffer overflow bug is now
available for Red Hat Enterprise Linux Extras 3 and 4.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

RealPlayer is a media player that provides media playback locally and
via streaming.

A buffer overflow bug was discovered in the way RealPlayer processes
Flash Media (.swf) files. It is possible for a malformed Flash Media
file to execute arbitrary code as the user running RealPlayer. The
Common Vulnerabilities and Exposures project assigned the name
CVE-2006-0323 to this issue.

All users of RealPlayer are advised to upgrade to this updated
package, which contains RealPlayer version 10.0.7 and is not
vulnerable to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2006-0323.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://rhn.redhat.com/errata/RHSA-2006-0257.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected RealPlayer and / or realplayer packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:RealPlayer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:realplayer");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/03/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

flag = 0;
if (rpm_check(release:"RHEL3", cpu:"i386", reference:"realplayer-10.0.7-0.rhel3.2")) flag++;

if (rpm_check(release:"RHEL4", cpu:"i386", reference:"RealPlayer-10.0.7-2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
redhatenterprise_linuxrealplayerp-cpe:/a:redhat:enterprise_linux:realplayer
redhatenterprise_linux3cpe:/o:redhat:enterprise_linux:3
redhatenterprise_linux4cpe:/o:redhat:enterprise_linux:4

Related

checkpoint_advisories 1
seebug 4
nessus 5
redhat 1
exploitpack 2
openvas 4
gentoo 1
cve 1
prion 1
freebsd 1
securityvulns 2
kaspersky 1
packetstorm 1
cert 1
exploitdb 2
suse 1
checkpoint_advisories
checkpoint_advisories
RealNetworks RealPlayer SWF Flash File Buffer Overflow (CVE-2006-0323)
2010-02-21 00:00:00
seebug
seebug
RealPlayer 10.5 (6.0.12.1040-1348) SWF Buffer Overflow PoC
2007-12-26 00:00:00
RealPlayer <= 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow PoC
2014-07-01 00:00:00
RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities
2014-07-01 00:00:00
nessus
nessus
GLSA-200603-24 : RealPlayer: Buffer overflow vulnerability
2006-03-27 00:00:00
FreeBSD : linux-realplayer -- buffer overrun (25858c37-bdab-11da-b7d4-00123ffe8333)
2006-05-13 00:00:00
Rhapsody SWF File Handling Buffer Overflow
2006-03-24 00:00:00
redhat
redhat
(RHSA-2006:0257) RealPlayer security update
2006-03-22 00:00:00
exploitpack
exploitpack
RealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities
2006-03-23 00:00:00
RealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)
2006-03-28 00:00:00
openvas
openvas
FreeBSD Ports: linux-realplayer
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200603-24 (RealPlayer)
2008-09-24 00:00:00
FreeBSD Ports: linux-realplayer
2008-09-04 00:00:00
gentoo
gentoo
RealPlayer: Buffer overflow vulnerability
2006-03-26 00:00:00
cve
cve
CVE-2006-0323
2006-03-23 23:06:00
prion
prion
Buffer overflow
2006-03-23 23:06:00
freebsd
freebsd
linux-realplayer -- buffer overrun
2006-03-23 00:00:00
securityvulns
securityvulns
[Full-disclosure] Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities
2006-04-11 00:00:00
[Full-disclosure] SUSE Security Announcement: RealPlayer security problems &#40;SUSE-SA:2006:018&#41;
2006-03-23 00:00:00
kaspersky
kaspersky
KLA10310 ACE vulnerability in RealNetworks
2006-03-23 00:00:00
packetstorm
packetstorm
realplayer-swf-PoC.pl.txt
2006-04-01 00:00:00
cert
cert
RealNetworks products vulnerable to buffer overflow via specially crafted flash media file
2006-04-01 00:00:00
exploitdb
exploitdb
RealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)
2006-03-28 00:00:00
RealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities
2006-03-23 00:00:00
suse
suse
remote code execution in RealPlayer
2006-03-23 12:04:47
JSON
Related for REDHAT-RHSA-2006-0257.NASL
checkpoint_advisories1seebug4nessus5redhat1exploitpack2openvas4gentoo1cve1prion1freebsd1securityvulns2kaspersky1packetstorm1cert1exploitdb2suse1