Lucene search
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6815-1.NASLHistoryJun 06, 2024 - 12:00 a.m.
Ubuntu 24.04 LTS : AOM vulnerability (USN-6815-1)
2024-06-0600:00:00
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
remote attacker
denial of service
arbitrary code
malformed media files
ubuntu 24.04 lts
vulnerability
usn-6815-1
tenable scanner
10 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6815-1 advisory.
Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6815-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(200176);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/06");
script_cve_id("CVE-2024-5171");
script_xref(name:"USN", value:"6815-1");
script_name(english:"Ubuntu 24.04 LTS : AOM vulnerability (USN-6815-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the
USN-6815-1 advisory.
Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application
using AOM opened a specially crafted file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code.
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6815-1");
script_set_attribute(attribute:"solution", value:
"Update the affected aom-tools, libaom-dev and / or libaom3 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-5171");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/06/05");
script_set_attribute(attribute:"patch_publication_date", value:"2024/06/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:aom-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libaom-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libaom3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('24.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 24.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '24.04', 'pkgname': 'aom-tools', 'pkgver': '3.8.2-2ubuntu0.1'},
{'osver': '24.04', 'pkgname': 'libaom-dev', 'pkgver': '3.8.2-2ubuntu0.1'},
{'osver': '24.04', 'pkgname': 'libaom3', 'pkgver': '3.8.2-2ubuntu0.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aom-tools / libaom-dev / libaom3');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | aom-tools | p-cpe:/a:canonical:ubuntu_linux:aom-tools |
| canonical | ubuntu_linux | libaom-dev | p-cpe:/a:canonical:ubuntu_linux:libaom-dev |
| canonical | ubuntu_linux | libaom3 | p-cpe:/a:canonical:ubuntu_linux:libaom3 |
| canonical | ubuntu_linux | 24.04 | cpe:/o:canonical:ubuntu_linux:24.04:-:lts |
Related
ubuntu
ubuntu
AOM vulnerability
2024-06-06 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0220)
2024-06-17 00:00:00
Ubuntu: Security Advisory (USN-6815-1)
2024-06-07 00:00:00
openSUSE: Security Advisory for libaom (SUSE-SU-2024:2056-1)
2024-06-19 00:00:00
cvelist
cvelist
CVE-2024-5171 heap buffer overflow in libaom
2024-06-05 19:11:12
veracode
veracode
Integer Overflow
2024-06-06 07:52:11
debiancve
debiancve
CVE-2024-5171
2024-06-05 20:15:13
mageia
mageia
Updated aom packages fix security vulnerability
2024-06-14 20:30:25
nessus
nessus
SUSE SLES15 Security Update : libaom (SUSE-SU-2024:2030-1)
2024-06-15 00:00:00
nvd
nvd
CVE-2024-5171
2024-06-05 20:15:13
redhatcve
redhatcve
CVE-2024-5171
2024-06-14 13:43:31
cve
cve
CVE-2024-5171
2024-06-05 20:15:13
osv
osv
aom vulnerability
2024-06-06 18:12:41
vulnrichment
vulnrichment
CVE-2024-5171 heap buffer overflow in libaom
2024-06-05 19:11:12
ubuntucve
ubuntucve
CVE-2024-5197
2024-06-03 00:00:00
CVE-2024-5171
2024-06-04 00:00:00
10 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for UBUNTU_USN-6815-1.NASL