Lucene search
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.SUSE_AMAROK-5932.NASLHistoryJan 29, 2009 - 12:00 a.m.
openSUSE 10 Security Update : amarok (amarok-5932)
2009-01-2900:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
10
This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. (CVE-2009-0135, CVE-2009-0136)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update amarok-5932.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(35552);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-0135", "CVE-2009-0136");
script_name(english:"openSUSE 10 Security Update : amarok (amarok-5932)");
script_summary(english:"Check for the amarok-5932 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update of amarok fixes several integer overflows and unchecked
memory allocations that can be exploited by malformed Audible digital
audio files. These bugs could be used in a user-assisted attack
scenario to execute arbitrary code remotely. (CVE-2009-0135,
CVE-2009-0136)"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected amarok packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(119, 189);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok-libvisual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok-xine");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok-yauap");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
script_set_attribute(attribute:"patch_publication_date", value:"2009/01/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/29");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE10.3", reference:"amarok-1.4.7-37.6") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"amarok-lang-1.4.7-37.6") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"amarok-libvisual-1.4.7-37.6") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"amarok-xine-1.4.7-37.6") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"amarok-yauap-1.4.7-37.6") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "amarok");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | amarok | p-cpe:/a:novell:opensuse:amarok |
| novell | opensuse | amarok-lang | p-cpe:/a:novell:opensuse:amarok-lang |
| novell | opensuse | amarok-libvisual | p-cpe:/a:novell:opensuse:amarok-libvisual |
| novell | opensuse | amarok-xine | p-cpe:/a:novell:opensuse:amarok-xine |
| novell | opensuse | amarok-yauap | p-cpe:/a:novell:opensuse:amarok-yauap |
| novell | opensuse | 10.3 | cpe:/o:novell:opensuse:10.3 |
Related
nessus
nessus
Ubuntu 7.10 / 8.04 LTS / 8.10 : amarok vulnerabilities (USN-739-1)
2009-04-23 00:00:00
FreeBSD : amarok -- multiple vulnerabilities (6bb6188c-17b2-11de-ae4d-0030843d3802)
2009-03-24 00:00:00
SuSE 10 Security Update : amarok (ZYPP Patch Number 5931)
2011-01-27 00:00:00
openvas
openvas
FreeBSD Ports: amarok
2009-03-31 00:00:00
Debian Security Advisory DSA 1706-1 (amarok)
2009-01-20 00:00:00
Mandrake Security Advisory MDVSA-2009:030 (amarok)
2009-02-02 00:00:00
ubuntu
ubuntu
Amarok vulnerabilities
2009-03-17 00:00:00
freebsd
freebsd
amarok -- multiple vulnerabilities
2009-01-12 00:00:00
gentoo
gentoo
Amarok: User-assisted execution of arbitrary code
2009-03-20 00:00:00
cve
cve
CVE-2009-0135
2009-01-16 18:30:00
CVE-2009-0136
2009-01-16 18:30:00
debiancve
debiancve
CVE-2009-0135
2009-01-16 18:30:00
CVE-2009-0136
2009-01-16 18:30:00
prion
prion
Integer overflow
2009-01-16 18:30:00
Design/Logic Flaw
2009-01-16 18:30:00
ubuntucve
ubuntucve
CVE-2009-0135
2009-01-16 00:00:00
CVE-2009-0136
2009-01-16 00:00:00
redhatcve
redhatcve
CVE-2009-0135
2019-10-04 21:05:45
CVE-2009-0136
2019-10-04 21:05:51
cvelist
cvelist
CVE-2009-0135
2009-01-16 18:00:00
CVE-2009-0136
2009-01-16 18:00:00
Related for SUSE_AMAROK-5932.NASL