Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1255-1.NASL
HistoryNov 10, 2011 - 12:00 a.m.

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libmodplug vulnerabilities (USN-1255-1)

2011-11-1000:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913)

It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2914, CVE-2011-2915).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1255-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(56767);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:27");

  script_cve_id("CVE-2011-2911", "CVE-2011-2912", "CVE-2011-2913", "CVE-2011-2914", "CVE-2011-2915");
  script_bugtraq_id(48979);
  script_xref(name:"USN", value:"1255-1");

  script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libmodplug vulnerabilities (USN-1255-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Hossein Lotfi discovered that libmodplug did not correctly handle
certain malformed media files. If a user or automated system were
tricked into opening a crafted media file, an attacker could cause a
denial of service or possibly execute arbitrary code with privileges
of the user invoking the program. (CVE-2011-2911, CVE-2011-2912,
CVE-2011-2913)

It was discovered that libmodplug did not correctly handle certain
malformed media files. If a user or automated system were tricked into
opening a crafted media file, an attacker could cause a denial of
service or possibly execute arbitrary code with privileges of the user
invoking the program. (CVE-2011-2914, CVE-2011-2915).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1255-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libmodplug0c2 and / or libmodplug1 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmodplug0c2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmodplug1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"libmodplug0c2", pkgver:"1:0.8.7-1ubuntu0.3")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libmodplug1", pkgver:"1:0.8.8.1-1ubuntu1.3")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"libmodplug1", pkgver:"1:0.8.8.1-2ubuntu0.3")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"libmodplug1", pkgver:"1:0.8.8.2-3ubuntu1.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmodplug0c2 / libmodplug1");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibmodplug0c2p-cpe:/a:canonical:ubuntu_linux:libmodplug0c2
canonicalubuntu_linuxlibmodplug1p-cpe:/a:canonical:ubuntu_linux:libmodplug1
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux10.10cpe:/o:canonical:ubuntu_linux:10.10
canonicalubuntu_linux11.04cpe:/o:canonical:ubuntu_linux:11.04
canonicalubuntu_linux11.10cpe:/o:canonical:ubuntu_linux:11.10

Related

nessus 13
securityvulns 2
openvas 20
ubuntu 1
gentoo 2
redhat 1
altlinux 1
oraclelinux 1
centos 1
fedora 3
suse 1
debian 1
osv 1
debiancve 5
cvelist 5
ubuntucve 5
prion 5
cve 5
nessus
nessus
Fedora 14 : libmodplug-0.8.8.4-1.fc14 (2011-10503)
2011-08-17 00:00:00
Fedora 14 : audacious-plugins-2.4.5-4.fc14 (2011-12370)
2011-09-19 00:00:00
Fedora 15 : libmodplug-0.8.8.4-1.fc15 (2011-10544)
2011-08-17 00:00:00
securityvulns
securityvulns
[USN-1255-1] libmodplug vulnerabilities
2011-11-11 00:00:00
libmodplug library multiple security vulnerabilities
2011-11-11 00:00:00
openvas
openvas
CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64
2012-07-30 00:00:00
CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 i386
2011-09-12 00:00:00
CentOS Update for gstreamer-plugins CESA-2011:1264 centos4 x86_64
2012-07-30 00:00:00
ubuntu
ubuntu
libmodplug vulnerabilities
2011-11-09 00:00:00
gentoo
gentoo
Audacious Plugins: User-assisted execution of arbitrary code
2012-03-16 00:00:00
ModPlug: User-assisted execution of arbitrary code
2012-03-16 00:00:00
redhat
redhat
(RHSA-2011:1264) Important: gstreamer-plugins security update
2011-09-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package libmodplug version 0.8.8.4-alt1
2011-09-03 00:00:00
oraclelinux
oraclelinux
gstreamer-plugins security update
2011-09-07 00:00:00
centos
centos
gstreamer security update
2011-09-08 17:33:02
fedora
fedora
[SECURITY] Fedora 16 Update: libmodplug-0.8.8.4-1.fc16
2011-08-22 15:25:03
[SECURITY] Fedora 15 Update: libmodplug-0.8.8.4-1.fc15
2011-08-17 01:20:40
[SECURITY] Fedora 14 Update: libmodplug-0.8.8.4-1.fc14
2011-08-17 00:58:10
suse
suse
libmodplug: Fixed multiple vulnerabilities reported in &lt;= 0.8.8.3 (important)
2011-08-24 21:08:24
debian
debian
[SECURITY] [DSA 2415-1] libmodplug security update
2012-02-22 00:06:11
osv
osv
libmodplug - several
2012-02-21 00:00:00
debiancve
debiancve
CVE-2011-2912
2012-06-07 19:55:00
CVE-2011-2915
2012-06-07 19:55:00
CVE-2011-2913
2012-06-07 19:55:00
cvelist
cvelist
CVE-2011-2912
2012-06-07 19:00:00
CVE-2011-2915
2012-06-07 19:00:00
CVE-2011-2911
2012-06-07 19:00:00
ubuntucve
ubuntucve
CVE-2011-2915
2011-10-06 00:00:00
CVE-2011-2912
2011-10-06 00:00:00
CVE-2011-2913
2011-10-06 00:00:00
prion
prion
Stack overflow
2012-06-07 19:55:00
Memory corruption
2012-06-07 19:55:00
Memory corruption
2012-06-07 19:55:00
cve
cve
CVE-2011-2915
2012-06-07 19:55:00
CVE-2011-2912
2012-06-07 19:55:00
CVE-2011-2913
2012-06-07 19:55:00
JSON
Related for UBUNTU_USN-1255-1.NASL
nessus13securityvulns2openvas20ubuntu1gentoo2redhat1altlinux1oraclelinux1centos1fedora3suse1debian1osv1debiancve5cvelist5ubuntucve5prion5cve5