Lucene search
Copyright (C) 2014 Greenbone AGOPENVAS:1361412562310702973HistoryJul 06, 2014 - 12:00 a.m.
Debian: Security Advisory (DSA-2973-1)
2014-07-0600:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
8
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.232 Low
EPSS
Percentile
96.6%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.702973");
script_cve_id("CVE-2013-1868", "CVE-2013-1954", "CVE-2013-4388");
script_tag(name:"creation_date", value:"2014-07-06 22:00:00 +0000 (Sun, 06 Jul 2014)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("Debian: Security Advisory (DSA-2973-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB7");
script_xref(name:"Advisory-ID", value:"DSA-2973-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2014/DSA-2973-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2973");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'vlc' package(s) announced via the DSA-2973-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Multiple buffer overflows have been found in the VideoLAN media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code.
For the stable distribution (wheezy), these problems have been fixed in version 2.0.3-5+deb7u1.
For the testing distribution (jessie), these problems have been fixed in version 2.1.0-1.
For the unstable distribution (sid), these problems have been fixed in version 2.1.0-1.
We recommend that you upgrade your vlc packages.");
script_tag(name:"affected", value:"'vlc' package(s) on Debian 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB7") {
if(!isnull(res = isdpkgvuln(pkg:"libvlc-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libvlc5", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libvlccore-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libvlccore5", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-data", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-dbg", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-nox", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-plugin-fluidsynth", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-plugin-jack", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-plugin-notify", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-plugin-pulse", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-plugin-sdl", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-plugin-svg", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"vlc-plugin-zvbi", ver:"2.0.3-5+deb7u1", rls:"DEB7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
debian
debian
[SECURITY] [DSA 2973-1] vlc security update
2014-07-07 21:38:12
osv
osv
vlc - security update
2014-07-07 00:00:00
securityvulns
securityvulns
Videolan vlc multiple security vulnerabilities
2014-07-28 00:00:00
[SECURITY] [DSA 2973-1] vlc security update
2014-07-28 00:00:00
nessus
nessus
Debian DSA-2973-1 : vlc - security update
2014-07-09 00:00:00
VLC < 2.0.6 ASF Demuxer Buffer Overflow
2013-04-25 00:00:00
VLC < 2.0.8 Multiple Vulnerabilities
2020-07-24 00:00:00
openvas
openvas
Debian Security Advisory DSA 2973-1 (vlc - security update)
2014-07-07 00:00:00
VLC Media Player mp4a Denial of Service Vulnerability - Windows
2013-10-22 00:00:00
VLC Media Player mp4a Denial of Service Vulnerability - Mac OS X
2013-10-22 00:00:00
debiancve
debiancve
mageia
mageia
Updated live555, vlc & mplayer packages fix several issues
2014-07-26 16:06:27
nvd
nvd
cvelist
cvelist
ubuntucve
ubuntucve
cve
cve
prion
prion
Buffer overflow
2013-10-11 22:55:00
Buffer overflow
2013-07-10 19:55:00
Out-of-bounds
2013-07-10 19:55:00
gentoo
gentoo
VLC: Multiple vulnerabilities
2014-11-05 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.232 Low
EPSS
Percentile
96.6%
Related for OPENVAS:1361412562310702973