Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)

🗓️ 15 Jan 2006 00:00:00Reported by TenableType

Xine-lib vulnerability in Ubuntu 4.10/5.0

Reporter	Title	Published	Views	Family All 82
FreeBSD	ruby -- vulnerability in the safe level settings	2 Oct 200500:00	–	freebsd
FreeBSD	libxine -- format string vulnerability	8 Oct 200500:00	–	freebsd
Tenable Nessus	GNU WGet < 1.10.2 Buffer Overflow	14 Oct 200500:00	–	nessus
Tenable Nessus	Curl NTLM Buffer Overflow	14 Oct 200500:00	–	nessus
Tenable Nessus	Mac OS X Multiple Vulnerabilities (Security Update 2005-009)	30 Nov 200500:00	–	nessus
Tenable Nessus	Curl < 7.15.1 Multiple Remote Overflows	7 Dec 200500:00	–	nessus
Tenable Nessus	ClamAV < 0.88.1 Multiple Vulnerabilities (deprecated)	18 Aug 200400:00	–	nessus
Tenable Nessus	Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities	12 May 200600:00	–	nessus
Tenable Nessus	Mac OS X Multiple Vulnerabilities (Security Update 2006-003)	12 May 200600:00	–	nessus
Tenable Nessus	CentOS 3 / 4 : ruby (CESA-2005:799)	3 Jul 200600:00	–	nessus

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-196-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20610);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2005-2337", "CVE-2005-2967");
  script_bugtraq_id(15044);
  script_xref(name:"USN", value:"196-1");

  script_name(english:"Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Ulf Harnhammar discovered a format string vulnerability in the CDDB
module's cache file handling in the Xine library, which is used by
packages such as xine-ui, totem-xine, and gxine.

By tricking an user into playing a particular audio CD which has a
specially crafted CDDB entry, a remote attacker could exploit this
vulnerability to execute arbitrary code with the privileges of the
user running the application. Since CDDB servers usually allow anybody
to add and modify information, this exploit does not even require a
particular CDDB server to be selected.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libxine-dev and / or libxine1 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"4.10", pkgname:"libxine-dev", pkgver:"1-rc5-1ubuntu2.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libxine1", pkgver:"1-rc5-1ubuntu2.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libxine-dev", pkgver:"1.0-1ubuntu3.1.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libxine1", pkgver:"1.0-1ubuntu3.1.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxine-dev / libxine1");
}

19 Jan 2021 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 27.5

EPSS0.09676