Lucene search
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2009-0271.NASLHistoryFeb 09, 2009 - 12:00 a.m.
RHEL 5 : gstreamer-plugins-good (RHSA-2009:0271)
2009-02-0900:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
Updated gstreamer-plugins-good packages that fix several security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, GStreamer plug-ins of good quality released under the LGPL license.
Multiple heap buffer overflows and an array indexing error were found in the GStreamer’s QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim.
(CVE-2009-0386, CVE-2009-0387, CVE-2009-0397)
All users of gstreamer-plugins-good are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as totem or rhythmbox) must be restarted for the changes to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2009:0271. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(35617);
script_version("1.26");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-0386", "CVE-2009-0387", "CVE-2009-0397");
script_bugtraq_id(33405);
script_xref(name:"RHSA", value:"2009:0271");
script_name(english:"RHEL 5 : gstreamer-plugins-good (RHSA-2009:0271)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated gstreamer-plugins-good packages that fix several security
issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
GStreamer is a streaming media framework, based on graphs of filters
which operate on media data. GStreamer Good Plug-ins is a collection
of well-supported, GStreamer plug-ins of good quality released under
the LGPL license.
Multiple heap buffer overflows and an array indexing error were found
in the GStreamer's QuickTime media file format decoding plugin. An
attacker could create a carefully-crafted QuickTime media .mov file
that would cause an application using GStreamer to crash or,
potentially, execute arbitrary code if played by a victim.
(CVE-2009-0386, CVE-2009-0387, CVE-2009-0397)
All users of gstreamer-plugins-good are advised to upgrade to these
updated packages, which contain backported patches to correct these
issues. After installing the update, all applications using GStreamer
(such as totem or rhythmbox) must be restarted for the changes to take
effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-0386"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-0387"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-0397"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2009:0271"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected gstreamer-plugins-good and / or
gstreamer-plugins-good-devel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/02");
script_set_attribute(attribute:"patch_publication_date", value:"2009/02/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/09");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2009:0271";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"gstreamer-plugins-good-0.10.9-1.el5_3.1")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"gstreamer-plugins-good-0.10.9-1.el5_3.1")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"gstreamer-plugins-good-0.10.9-1.el5_3.1")) flag++;
if (rpm_check(release:"RHEL5", reference:"gstreamer-plugins-good-devel-0.10.9-1.el5_3.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gstreamer-plugins-good / gstreamer-plugins-good-devel");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | gstreamer-plugins-good | p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good |
| redhat | enterprise_linux | gstreamer-plugins-good-devel | p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-devel |
| redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
| redhat | enterprise_linux | 5.3 | cpe:/o:redhat:enterprise_linux:5.3 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397
access.redhat.com/errata/RHSA-2009:0271
access.redhat.com/security/cve/cve-2009-0386
access.redhat.com/security/cve/cve-2009-0387
access.redhat.com/security/cve/cve-2009-0397
Related
nessus
nessus
Oracle Linux 5 : gstreamer-plugins-good (ELSA-2009-0271)
2013-07-12 00:00:00
osv
osv
gst-plugins-bad0.10 - multiple vulnerabilities
2009-03-02 00:00:00
debian
debian
oraclelinux
oraclelinux
gstreamer-plugins-good security update
2009-02-06 00:00:00
gstreamer-plugins security update
2009-02-06 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:035 (gstreamer0.10-plugins-good)
2009-02-13 00:00:00
Debian: Security Advisory (DSA-1729-1)
2009-03-07 00:00:00
Oracle: Security Advisory (ELSA-2009-0271)
2015-10-08 00:00:00
redhat
redhat
(RHSA-2009:0271) Important: gstreamer-plugins-good security update
2009-02-06 00:00:00
(RHSA-2009:0270) Important: gstreamer-plugins security update
2009-02-06 00:00:00
freebsd
freebsd
gstreamer-plugins-good -- multiple memory overflows
2009-01-22 00:00:00
ubuntu
ubuntu
GStreamer Good Plugins vulnerabilities
2009-03-16 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: gstreamer-plugins-good-0.10.13-1.fc10
2009-02-24 20:57:18
[SECURITY] Fedora 9 Update: gstreamer-plugins-good-0.10.8-10.fc9
2009-02-24 20:42:05
gentoo
gentoo
GStreamer plug-ins: User-assisted execution of arbitrary code
2009-07-12 00:00:00
prion
prion
Design/Logic Flaw
2009-02-02 19:30:00
Heap overflow
2009-02-03 11:30:00
Heap overflow
2009-02-02 19:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:05
Arbitrary Code Execution
2020-04-10 00:31:06
Arbitrary Code Execution
2020-04-10 00:31:05
ubuntucve
ubuntucve
cve
cve
centos
centos
gstreamer security update
2009-02-06 14:59:06
Related for REDHAT-RHSA-2009-0271.NASL