Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20100928_MIKMOD_ON_SL3_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : mikmod on SL3.x, SL4.x, SL5.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

Multiple input validation flaws, resulting in buffer overflows, were discovered in MikMod. Specially crafted music files in various formats could, when played, cause an application using the MikMod library to crash or, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996, CVE-2007-6720)

All running applications using the MikMod library must be restarted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60860);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-6720", "CVE-2009-3995", "CVE-2009-3996");

  script_name(english:"Scientific Linux Security Update : mikmod on SL3.x, SL4.x, SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple input validation flaws, resulting in buffer overflows, were
discovered in MikMod. Specially crafted music files in various formats
could, when played, cause an application using the MikMod library to
crash or, potentially, execute arbitrary code. (CVE-2009-3995,
CVE-2009-3996, CVE-2007-6720)

All running applications using the MikMod library must be restarted
for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1009&L=scientific-linux-errata&T=0&P=2024
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?da923322"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mikmod and / or mikmod-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL3", reference:"mikmod-3.1.6-23.el3")) flag++;
if (rpm_check(release:"SL3", reference:"mikmod-devel-3.1.6-23.el3")) flag++;

if (rpm_check(release:"SL4", reference:"mikmod-3.1.6-33.el4_8.1")) flag++;
if (rpm_check(release:"SL4", reference:"mikmod-devel-3.1.6-33.el4_8.1")) flag++;

if (rpm_check(release:"SL5", reference:"mikmod-3.1.6-39.el5_5.1")) flag++;
if (rpm_check(release:"SL5", reference:"mikmod-devel-3.1.6-39.el5_5.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

openvas 37
centos 1
redhat 1
oraclelinux 1
altlinux 1
nessus 24
securityvulns 7
debian 2
ubuntucve 5
fedora 4
ubuntu 1
seebug 1
prion 5
debiancve 5
cve 5
cvelist 5
veracode 1
osv 1
openvas
openvas
CentOS Update for mikmod CESA-2010:0720 centos5 i386
2011-08-09 00:00:00
CentOS Update for mikmod CESA-2010:0720 centos5 i386
2011-08-09 00:00:00
RedHat Update for mikmod RHSA-2010:0720-01
2010-10-01 00:00:00
centos
centos
mikmod security update
2010-09-29 09:47:44
redhat
redhat
(RHSA-2010:0720) Moderate: mikmod security update
2010-09-28 00:00:00
oraclelinux
oraclelinux
mikmod security update
2010-09-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package libmikmod version 3.1.11-alt0.8
2010-08-26 00:00:00
nessus
nessus
openSUSE Security Update : libmikmod (openSUSE-SU-2010:0209-1)
2010-05-05 00:00:00
openSUSE Security Update : libmikmod (openSUSE-SU-2010:0209-1)
2010-05-05 00:00:00
SuSE 10 Security Update : libmikmod (ZYPP Patch Number 7004)
2010-10-11 00:00:00
securityvulns
securityvulns
Secunia Research: libmikmod Module Parsing Vulnerabilities
2010-02-08 00:00:00
libmikmod multiple buffer overflows
2010-08-14 00:00:00
Nullsoft WinAmp multiple security vulnerabilities
2009-12-17 00:00:00
debian
debian
[SECURITY] [DSA 2071-1] New libmikmod packages fix several vulnerabilities
2010-07-14 20:14:26
[SECURITY] [DSA 2081-1] New libmikmod packages fix arbitrary code execution
2010-08-01 19:11:22
ubuntucve
ubuntucve
CVE-2009-3996
2009-12-18 00:00:00
CVE-2007-6720
2009-01-20 00:00:00
CVE-2009-3995
2009-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: libmikmod-3.2.0-11.beta2.fc13
2010-09-09 01:12:11
[SECURITY] Fedora 14 Update: libmikmod-3.2.0-11.beta2.fc14
2010-09-08 04:36:46
[SECURITY] Fedora 10 Update: libmikmod-3.2.0-4.beta2.fc10
2009-08-28 21:59:24
ubuntu
ubuntu
libMikMod vulnerabilities
2010-09-29 00:00:00
seebug
seebug
Winamp模块解码器插件多个缓冲区溢出漏洞
2009-12-18 00:00:00
prion
prion
Code injection
2009-01-20 16:30:00
Heap overflow
2009-12-18 19:30:00
Heap overflow
2009-12-18 18:30:00
debiancve
debiancve
CVE-2007-6720
2009-01-20 16:30:00
CVE-2009-3996
2009-12-18 19:30:00
CVE-2009-3995
2009-12-18 18:30:00
cve
cve
CVE-2007-6720
2009-01-20 16:30:00
CVE-2009-3996
2009-12-18 19:30:00
CVE-2009-3995
2009-12-18 18:30:00
cvelist
cvelist
CVE-2007-6720
2009-01-20 16:00:00
CVE-2009-3996
2009-12-18 19:00:00
CVE-2009-3995
2009-12-18 18:00:00
veracode
veracode
Buffer Overflow
2023-12-28 11:41:06
osv
osv
libmikmod - arbitrary code execution
2010-08-01 00:00:00
JSON
Related for SL_20100928_MIKMOD_ON_SL3_X.NASL
openvas37centos1redhat1oraclelinux1altlinux1nessus24securityvulns7debian2ubuntucve5fedora4ubuntu1seebug1prion5debiancve5cve5cvelist5veracode1osv1