Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_4_LIBMODPLUG-110527.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : libmodplug (openSUSE-SU-2011:0551-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.273

Percentile

96.9%

JSON

specially crafted files could cause a stack overflow in libmodplug (CVE-2011-1761). libmodplug version 0.8.8.3 fixes the problem.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libmodplug-4614.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75901);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-1761");

  script_name(english:"openSUSE Security Update : libmodplug (openSUSE-SU-2011:0551-1)");
  script_summary(english:"Check for the libmodplug-4614 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"specially crafted files could cause a stack overflow in libmodplug
(CVE-2011-1761). libmodplug version 0.8.8.3 fixes the problem."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=691137"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2011-05/msg00057.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libmodplug packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/05/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.4", reference:"libmodplug-debugsource-0.8.8.3-2.12.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libmodplug-devel-0.8.8.3-2.12.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libmodplug0-0.8.8.3-2.12.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libmodplug0-debuginfo-0.8.8.3-2.12.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libmodplug0-32bit-0.8.8.3-2.12.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libmodplug0-debuginfo-32bit-0.8.8.3-2.12.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmodplug-devel / libmodplug0 / libmodplug0-32bit / etc");
}
VendorProductVersionCPE
novellopensuselibmodplug-debugsourcep-cpe:/a:novell:opensuse:libmodplug-debugsource
novellopensuselibmodplug-develp-cpe:/a:novell:opensuse:libmodplug-devel
novellopensuselibmodplug0p-cpe:/a:novell:opensuse:libmodplug0
novellopensuselibmodplug0-32bitp-cpe:/a:novell:opensuse:libmodplug0-32bit
novellopensuselibmodplug0-debuginfop-cpe:/a:novell:opensuse:libmodplug0-debuginfo
novellopensuselibmodplug0-debuginfo-32bitp-cpe:/a:novell:opensuse:libmodplug0-debuginfo-32bit
novellopensuse11.4cpe:/o:novell:opensuse:11.4

Related

debiancve 1
cvelist 1
nessus 7
fedora 4
cve 1
nvd 1
ubuntucve 1
prion 1
openvas 10
ubuntu 1
securityvulns 1
osv 1
suse 1
debian 1
debiancve
debiancve
CVE-2011-1761
2012-06-07 19:55:02
cvelist
cvelist
CVE-2011-1761
2012-06-07 19:00:00
nessus
nessus
Fedora 14 : libmodplug-0.8.8.3-3.fc14 (2011-6931)
2011-05-25 00:00:00
openSUSE Security Update : libmodplug (openSUSE-SU-2011:0551-1)
2014-06-13 00:00:00
Fedora 15 : libmodplug-0.8.8.3-3.fc15 (2011-6995)
2011-05-19 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: libmodplug-0.8.8.3-3.fc15
2011-05-19 05:06:14
[SECURITY] Fedora 14 Update: libmodplug-0.8.8.3-3.fc14
2011-05-25 02:24:12
[SECURITY] Fedora 15 Update: libmodplug-0.8.8.4-1.fc15
2011-08-17 01:20:40
cve
cve
CVE-2011-1761
2012-06-07 19:55:02
nvd
nvd
CVE-2011-1761
2012-06-07 19:55:02
ubuntucve
ubuntucve
CVE-2011-1761
2011-05-05 00:00:00
prion
prion
Stack overflow
2012-06-07 19:55:00
openvas
openvas
Fedora Update for libmodplug FEDORA-2011-6931
2011-06-03 00:00:00
Ubuntu Update for libmodplug USN-1148-1
2011-06-20 00:00:00
Ubuntu: Security Advisory (USN-1148-1)
2011-06-20 00:00:00
ubuntu
ubuntu
libmodplug vulnerabilities
2011-06-13 00:00:00
securityvulns
securityvulns
libmodplug library buffer overflow
2011-04-11 00:00:00
osv
osv
libmodplug - several
2012-02-21 00:00:00
suse
suse
libmodplug: Fixed multiple vulnerabilities reported in <= 0.8.8.3 (important)
2011-08-24 21:08:24
debian
debian
[SECURITY] [DSA 2415-1] libmodplug security update
2012-02-21 23:47:35

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.273

Percentile

96.9%

JSON
Related for SUSE_11_4_LIBMODPLUG-110527.NASL
debiancve1cvelist1nessus7fedora4cve1nvd1ubuntucve1prion1openvas10ubuntu1securityvulns1osv1suse1debian1