Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2010-0999.NASL
HistoryDec 21, 2010 - 12:00 a.m.

RHEL 6 : libvpx (RHSA-2010:0999)

2010-12-2100:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

Updated libvpx packages that fix one security issue are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx (such as Totem), would cause the application to crash or, potentially, execute arbitrary code. (CVE-2010-4203)

All users of libvpx are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using libvpx must be restarted for the changes to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2010:0999. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(51354);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-4203");
  script_bugtraq_id(44771);
  script_xref(name:"RHSA", value:"2010:0999");

  script_name(english:"RHEL 6 : libvpx (RHSA-2010:0999)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated libvpx packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

The libvpx packages provide the VP8 SDK, which allows the encoding and
decoding of the VP8 video codec, commonly used with the WebM
multimedia container file format.

An integer overflow flaw, leading to arbitrary memory writes, was
found in libvpx. An attacker could create a specially crafted video
encoded using the VP8 codec that, when played by a victim with an
application using libvpx (such as Totem), would cause the application
to crash or, potentially, execute arbitrary code. (CVE-2010-4203)

All users of libvpx are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After
installing the update, all applications using libvpx must be restarted
for the changes to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4203"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2010:0999"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvpx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvpx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvpx-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvpx-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/12/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2010:0999";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", reference:"libvpx-0.9.0-8.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", reference:"libvpx-debuginfo-0.9.0-8.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", reference:"libvpx-devel-0.9.0-8.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libvpx-utils-0.9.0-8.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libvpx-utils-0.9.0-8.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libvpx-utils-0.9.0-8.el6_0")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvpx / libvpx-debuginfo / libvpx-devel / libvpx-utils");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxlibvpxp-cpe:/a:redhat:enterprise_linux:libvpx
redhatenterprise_linuxlibvpx-debuginfop-cpe:/a:redhat:enterprise_linux:libvpx-debuginfo
redhatenterprise_linuxlibvpx-develp-cpe:/a:redhat:enterprise_linux:libvpx-devel
redhatenterprise_linuxlibvpx-utilsp-cpe:/a:redhat:enterprise_linux:libvpx-utils
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux6.0cpe:/o:redhat:enterprise_linux:6.0

Related

redhat 1
fedora 3
oraclelinux 2
ubuntu 1
openvas 15
cve 1
nessus 8
veracode 1
securityvulns 2
ubuntucve 1
debiancve 1
gentoo 1
prion 1
redhat
redhat
(RHSA-2010:0999) Moderate: libvpx security update
2010-12-20 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: libvpx-0.9.5-2.fc13
2010-11-29 21:34:05
[SECURITY] Fedora 14 Update: libvpx-0.9.5-2.fc14
2010-11-29 21:32:56
[SECURITY] Fedora 16 Update: libvpx-0.9.7.1-1.fc16
2011-09-09 17:14:56
oraclelinux
oraclelinux
libvpx security update
2011-02-10 00:00:00
libvpx security update
2020-10-06 00:00:00
ubuntu
ubuntu
libvpx vulnerability
2010-11-10 00:00:00
openvas
openvas
Fedora Update for libvpx FEDORA-2010-17876
2010-12-09 00:00:00
Gentoo Security Advisory GLSA 201101-03 (libvpx)
2011-03-09 00:00:00
Ubuntu: Security Advisory (USN-1015-1)
2010-11-23 00:00:00
cve
cve
CVE-2010-4203
2010-11-06 00:00:00
nessus
nessus
Scientific Linux Security Update : libvpx on SL6.x i386/x86_64
2012-08-01 00:00:00
Fedora 14 : libvpx-0.9.5-2.fc14 (2010-17876)
2010-11-30 00:00:00
Oracle Linux 6 : libvpx (ELSA-2010-0999)
2013-07-12 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:55:19
securityvulns
securityvulns
[USN-1015-1] libvpx vulnerability
2010-11-10 00:00:00
libvpx library / Google Chrome buffer overflow
2010-11-10 00:00:00
ubuntucve
ubuntucve
CVE-2010-4203
2010-11-05 00:00:00
debiancve
debiancve
CVE-2010-4203
2010-11-06 00:00:00
gentoo
gentoo
libvpx: User-assisted execution of arbitrary code
2011-01-15 00:00:00
prion
prion
Memory corruption
2010-11-06 00:00:00
JSON
Related for REDHAT-RHSA-2010-0999.NASL
redhat1fedora3oraclelinux2ubuntu1openvas15cve1nessus8veracode1securityvulns2ubuntucve1debiancve1gentoo1prion1