openSUSE 10 Security Update : xine-lib (xine-lib-2308)

2007-10-17T00:00:00
ID SUSE_XINE-LIB-2308.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
Modified 2020-08-02T00:00:00

Description

Multiple buffer overflows were fixed in the XINE decoder libraries, which could be used by attackers to crash players or potentially execute code.

CVE-2006-4799: Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and

                                        
                                            #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update xine-lib-2308.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(27485);
  script_version ("1.12");
  script_cvs_date("Date: 2019/10/25 13:36:29");

  script_cve_id("CVE-2006-4799", "CVE-2006-4800");

  script_name(english:"openSUSE 10 Security Update : xine-lib (xine-lib-2308)");
  script_summary(english:"Check for the xine-lib-2308 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple buffer overflows were fixed in the XINE decoder libraries,
which could be used by attackers to crash players or potentially
execute code.

CVE-2006-4799: Buffer overflow in ffmpeg for xine-lib before 1.1.2
might allow context-dependent attackers to execute arbitrary code via
a crafted AVI file and 'bad indexes'.

CVE-2006-4800: Multiple buffer overflows in libavcodec in ffmpeg
before 0.4.9_p20060530 allow remote attackers to cause a denial of
service or possibly execute arbitrary code via multiple unspecified
vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5)
smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)
shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xine-lib packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/11/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"xine-lib-1.1.1-24.10") ) flag++;
if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"xine-lib-32bit-1.1.1-24.10") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine-lib");
}