Search...

Fedora Update for libsndfile FEDORA-2015-0660

2015-01-22T00:00:00

ID OPENVAS:1361412562310868941
Type openvas
Reporter Copyright (C) 2015 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for libsndfile FEDORA-2015-0660
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.868941");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2015-01-22 05:43:38 +0100 (Thu, 22 Jan 2015)");
  script_cve_id("CVE-2014-9496");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Fedora Update for libsndfile FEDORA-2015-0660");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'libsndfile'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"libsndfile on Fedora 21");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2015-0660");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148432.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC21");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC21")
{

  if ((res = isrpmvuln(pkg:"libsndfile", rpm:"libsndfile~1.0.25~14.fc21", rls:"FC21")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310868941", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for libsndfile FEDORA-2015-0660", "description": "The remote host is missing an update for the ", "published": "2015-01-22T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868941", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148432.html", "2015-0660"], "cvelist": ["CVE-2014-9496"], "lastseen": "2019-05-29T18:36:25", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201602-8", "ASA-201602-9"]}, {"type": "cve", "idList": ["CVE-2014-9496"]}, {"type": "debian", "idList": ["DEBIAN:DLA-356-1:234BE", "DEBIAN:DLA-928-1:3CC62", "DEBIAN:DSA-4430-1:E38A2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9496"]}, {"type": "fedora", "idList": ["FEDORA:050A660EFBB8", "FEDORA:35CC060D00B3"]}, {"type": "gentoo", "idList": ["GLSA-201612-03"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-356.NASL", "EULEROS_SA-2019-2037.NASL", "EULEROS_SA-2019-2208.NASL", "EULEROS_SA-2019-2513.NASL", "GENTOO_GLSA-201612-03.NASL", "MANDRIVA_MDVSA-2015-024.NASL", "MANDRIVA_MDVSA-2015-149.NASL", "OPENSUSE-2015-18.NASL", "SLACKWARE_SSA_2016-039-02.NASL", "SUSE_11_LIBSNDFILE-150123.NASL", "UBUNTU_USN-2832-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704430", "OPENVAS:1361412562310842555", "OPENVAS:1361412562310868939", "OPENVAS:1361412562310890928", "OPENVAS:1361412562311220192037", "OPENVAS:1361412562311220192208", "OPENVAS:1361412562311220192513"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31623", "SECURITYVULNS:VULN:14219"]}, {"type": "slackware", "idList": ["SSA-2016-039-02"]}, {"type": "ubuntu", "idList": ["USN-2832-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9496"]}]}, "score": {"value": 6.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201602-9"]}, {"type": "cve", "idList": ["CVE-2014-9496"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4430-1:E38A2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9496"]}, {"type": "fedora", "idList": ["FEDORA:050A660EFBB8"]}, {"type": "nessus", "idList": ["OPENSUSE-2015-18.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842555", "OPENVAS:1361412562311220192513"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31623"]}, {"type": "slackware", "idList": ["SSA-2016-039-02"]}, {"type": "ubuntu", "idList": ["USN-2832-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9496"]}]}, "exploitation": null, "vulnersScore": 6.9}, "pluginID": "1361412562310868941", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsndfile FEDORA-2015-0660\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868941\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-22 05:43:38 +0100 (Thu, 22 Jan 2015)\");\n script_cve_id(\"CVE-2014-9496\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libsndfile FEDORA-2015-0660\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsndfile'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libsndfile on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-0660\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148432.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.25~14.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"openvas": [{"lastseen": "2020-01-27T18:38:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2019-2037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192037", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2037\");\n script_version(\"2020-01-23T12:31:35+0000\");\n script_cve_id(\"CVE-2014-9496\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:31:35 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:31:35 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2019-2037)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2037\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2037\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libsndfile' package(s) announced via the EulerOS-SA-2019-2037 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.(CVE-2014-9496)\");\n\n script_tag(name:\"affected\", value:\"'libsndfile' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.25~10.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for libsndfile FEDORA-2015-0611", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868939", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsndfile FEDORA-2015-0611\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868939\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-21 05:46:41 +0100 (Wed, 21 Jan 2015)\");\n script_cve_id(\"CVE-2014-9496\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libsndfile FEDORA-2015-0611\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsndfile'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libsndfile on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-0611\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148331.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.25~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for libsndfile USN-2832-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842555", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842555", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libsndfile USN-2832-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842555\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 10:56:12 +0100 (Tue, 08 Dec 2015)\");\n script_cve_id(\"CVE-2014-9496\", \"CVE-2014-9756\", \"CVE-2015-7805\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libsndfile USN-2832-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsndfile'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that libsndfile incorrectly\nhandled memory when parsing malformed files. A remote attacker could use this issue\nto cause libsndfile to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496)\n\nJoshua Rogers discovered that libsndfile incorrectly handled division when\nparsing malformed files. A remote attacker could use this issue to cause\nlibsndfile to crash, resulting in a denial of service. (CVE-2014-9756)\n\nMarco Romano discovered that libsndfile incorrectly handled certain\nmalformed AIFF files. A remote attacker could use this issue to cause\nlibsndfile to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-7805)\");\n script_tag(name:\"affected\", value:\"libsndfile on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2832-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2832-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsndfile1:amd64\", ver:\"1.0.25-9.1ubuntu0.15.04.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libsndfile1:i386\", ver:\"1.0.25-9.1ubuntu0.15.04.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsndfile1:amd64\", ver:\"1.0.25-7ubuntu2.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libsndfile1:i386\", ver:\"1.0.25-7ubuntu2.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsndfile1\", ver:\"1.0.25-4ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsndfile1:amd64\", ver:\"1.0.25-9.1ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libsndfile1:i386\", ver:\"1.0.25-9.1ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4430-1 (wpa - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2019-9497", "CVE-2019-9495", "CVE-2019-9499", "CVE-2019-9494", "CVE-2019-9498"], "modified": "2019-04-26T00:00:00", "id": "OPENVAS:1361412562310704430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704430", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704430\");\n script_version(\"2019-04-26T08:24:31+0000\");\n script_cve_id(\"CVE-2014-9496\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-26 08:24:31 +0000 (Fri, 26 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-13 02:00:11 +0000 (Sat, 13 Apr 2019)\");\n script_name(\"Debian Security Advisory DSA 4430-1 (wpa - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4430.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4430-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa'\n package(s) announced via the DSA-4430-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found\nmultiple vulnerabilities in the WPA implementation found in wpa_supplication\n(station) and hostapd (access point). These vulnerability are also collectively\nknown as Dragonblood\n.\n\nCVE-2019-9495\nCache-based side-channel attack against the EAP-pwd implementation: an\nattacker able to run unprivileged code on the target machine (including for\nexample javascript code in a browser on a smartphone) during the handshake\ncould deduce enough information to discover the password in a dictionary\nattack.\n\nCVE-2019-9497\nReflection attack against EAP-pwd server implementation: a lack of\nvalidation of received scalar and elements value in the EAP-pwd-Commit\nmessages could result in attacks that would be able to complete EAP-pwd\nauthentication exchange without the attacker having to know the password.\nThis does not result in the attacker being able to derive the session key,\ncomplete the following key exchange and access the network.\n\nCVE-2019-9498\nEAP-pwd server missing commit validation for scalar/element: hostapd\ndoesn't validate values received in the EAP-pwd-Commit message, so an\nattacker could use a specially crafted commit message to manipulate the\nexchange in order for hostapd to derive a session key from a limited set of\npossible values. This could result in an attacker being able to complete\nauthentication and gain access to the network.\n\nCVE-2019-9499\nEAP-pwd peer missing commit validation for scalar/element: wpa_supplicant\ndoesn't validate values received in the EAP-pwd-Commit message, so an\nattacker could use a specially crafted commit message to manipulate the\nexchange in order for wpa_supplicant to derive a session key from a limited\nset of possible values. This could result in an attacker being able to\ncomplete authentication and operate as a rogue AP.\n\nNote that the Dragonblood moniker also applies to\nCVE-2019-9494 and CVE-2014-9496\nwhich are vulnerabilities in the SAE protocol in WPA3. SAE is not\nenabled in Debian stretch builds of wpa, which is thus not vulnerable by default.\n\nDue to the complexity of the backporting process, the fix for these\nvulnerabilities are partial. Users are advised to use strong passwords to\nprevent dictionary attacks or use a 2.7-based version from stretch-backports\n(version above 2:2.7+git20190128+0c1e29f-4).\");\n\n script_tag(name:\"affected\", value:\"'wpa' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u3.\n\nWe recommend that you upgrade your wpa packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hostapd\", ver:\"2:2.4-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wpagui\", ver:\"2:2.4-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2:2.4-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:09:34", "description": "Multiple vulnerabilities were found in libsndfile, a popular library\nfor reading/writing audio files.\n\nCVE-2017-7585\n\nIn libsndfile before 1.0.28, an error in the ", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libsndfile (DLA-928-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2017-7741", "CVE-2014-9756", "CVE-2017-7586", "CVE-2015-7805", "CVE-2017-7742", "CVE-2017-7585"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890928", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890928", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890928\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2014-9496\", \"CVE-2014-9756\", \"CVE-2015-7805\", \"CVE-2017-7585\", \"CVE-2017-7586\", \"CVE-2017-7741\", \"CVE-2017-7742\");\n script_name(\"Debian LTS: Security Advisory for libsndfile (DLA-928-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00047.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"libsndfile on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.0.25-9.1+deb7u1.\n\nWe recommend that you upgrade your libsndfile packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in libsndfile, a popular library\nfor reading/writing audio files.\n\nCVE-2017-7585\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()'\nfunction (flac.c) can be exploited to cause a stack-based buffer\noverflow via a specially crafted FLAC file.\n\nCVE-2017-7586\n\nIn libsndfile before 1.0.28, an error in the 'header_read()'\nfunction (common.c) when handling ID3 tags can be exploited to\ncause a stack-based buffer overflow via a specially crafted FLAC\nfile.\n\nCVE-2017-7741\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()'\nfunction (flac.c) can be exploited to cause a segmentation\nviolation (with write memory access) via a specially crafted FLAC\nfile during a resample attempt, a similar issue to CVE-2017-7585.\n\nCVE-2017-7742\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()'\nfunction (flac.c) can be exploited to cause a segmentation\nviolation (with read memory access) via a specially crafted FLAC\nfile during a resample attempt, a similar issue to\nCVE-2017-7585.\n\nCVE-2014-9496\n\nThe sd2_parse_rsrc_fork function in sd2.c in libsndfile allows\nattackers to have unspecified impact via vectors related to a (1)\nmap offset or (2) rsrc marker, which triggers an out-of-bounds\nread.\n\nCVE-2014-9756\n\nThe psf_fwrite function in file_io.c in libsndfile allows\nattackers to cause a denial of service (divide-by-zero error and\napplication crash) via unspecified vectors related to the\nheadindex variable.\n\nCVE-2015-7805\n\nHeap-based buffer overflow in libsndfile 1.0.25 allows remote\nattackers to have unspecified impact via the headindex value in\nthe header in an AIFF file.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libsndfile1\", ver:\"1.0.25-9.1+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsndfile1-dev\", ver:\"1.0.25-9.1+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sndfile-programs\", ver:\"1.0.25-9.1+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2019-2513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2017-8363", "CVE-2017-7741", "CVE-2017-8362", "CVE-2014-9756", "CVE-2017-16942", "CVE-2017-12562", "CVE-2017-7586", "CVE-2017-6892", "CVE-2017-14634", "CVE-2017-7742", "CVE-2017-8361", "CVE-2017-8365", "CVE-2017-7585"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192513", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2513\");\n script_version(\"2020-01-23T13:02:44+0000\");\n script_cve_id(\"CVE-2014-9496\", \"CVE-2014-9756\", \"CVE-2017-12562\", \"CVE-2017-14634\", \"CVE-2017-16942\", \"CVE-2017-6892\", \"CVE-2017-7586\", \"CVE-2017-7741\", \"CVE-2017-7742\", \"CVE-2017-8361\", \"CVE-2017-8362\", \"CVE-2017-8363\", \"CVE-2017-8365\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:02:44 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:02:44 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2019-2513)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2513\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2513\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libsndfile' package(s) announced via the EulerOS-SA-2019-2513 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In libsndfile before 1.0.28, an error in the 'header_read()' function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.(CVE-2017-7586)\n\nHeap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2017-12562)\n\nIn libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-16942)\n\nIn libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-14634)\n\nThe psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.(CVE-2014-9756)\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7741)\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7742)\n\nIn libsndfile version 1.0.28, an error in the 'aiff_read_chanmap()' function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.(CVE-2017-6892)\n\nThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.(CVE-2017-8361)\n\nThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.(CVE-2017-8362)\n\nThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.(CVE-2017-8363)\n\nThe i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.(CVE-2017-8365)\n\nThe sd2_parse_rsrc_fo ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libsndfile' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.25~10.h11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:39:16", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2019-2208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14246", "CVE-2014-9496", "CVE-2017-8363", "CVE-2017-7741", "CVE-2017-8362", "CVE-2017-14245", "CVE-2014-9756", "CVE-2017-17457", "CVE-2017-16942", "CVE-2017-17456", "CVE-2017-7586", "CVE-2017-6892", "CVE-2017-14634", "CVE-2017-7742", "CVE-2017-8361", "CVE-2017-8365", "CVE-2017-7585"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220192208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192208", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2208\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2014-9496\", \"CVE-2014-9756\", \"CVE-2017-14245\", \"CVE-2017-14246\", \"CVE-2017-14634\", \"CVE-2017-16942\", \"CVE-2017-17456\", \"CVE-2017-17457\", \"CVE-2017-6892\", \"CVE-2017-7585\", \"CVE-2017-7586\", \"CVE-2017-7741\", \"CVE-2017-7742\", \"CVE-2017-8361\", \"CVE-2017-8362\", \"CVE-2017-8363\", \"CVE-2017-8365\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:39:01 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2019-2208)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2208\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2208\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libsndfile' package(s) announced via the EulerOS-SA-2019-2208 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In libsndfile version 1.0.28, an error in the 'aiff_read_chanmap()' function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.(CVE-2017-6892)\n\nThe sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.(CVE-2014-9496)\n\nThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.(CVE-2017-8361)\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7741)\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7742)\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.(CVE-2017-7585)\n\nAn out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(CVE-2017-14246)\n\nAn out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(CVE-2017-14245)\n\nThe function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246.(CVE-2017-17457)\n\nThe function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245.(CVE-2017-17456)\n\nIn libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-14634)\n\nThe psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.(CVE-2014-9756) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libsndfile' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.25~10.h9.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T15:27:48", "description": "The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.", "cvss3": {}, "published": "2015-01-16T16:59:00", "type": "cve", "title": "CVE-2014-9496", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496"], "modified": "2020-11-20T17:34:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:oracle:solaris:11.2", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:opensuse:opensuse:13.2"], "id": "CVE-2014-9496", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9496", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T12:47:11", "description": "Updated libsndfile packages fix security vulnerabilities :\n\nlibsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user-supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service (CVE-2014-9496).\n\nlibsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-16T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libsndfile (MDVSA-2015:024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64sndfile-devel", "p-cpe:/a:mandriva:linux:lib64sndfile-static-devel", "p-cpe:/a:mandriva:linux:lib64sndfile1", "p-cpe:/a:mandriva:linux:libsndfile-progs", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2015-024.NASL", "href": "https://www.tenable.com/plugins/nessus/80561", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:024. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80561);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9496\");\n script_bugtraq_id(71796);\n script_xref(name:\"MDVSA\", value:\"2015:024\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libsndfile (MDVSA-2015:024)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libsndfile packages fix security vulnerabilities :\n\nlibsndfile contains multiple buffer-overflow vulnerabilities in\nsrc/sd2.c because it fails to properly bounds-check user-supplied\ninput, which may allow an attacker to execute arbitrary code or cause\na denial of service (CVE-2014-9496).\n\nlibsndfile contains a divide-by-zero error in src/file_io.c which may\nallow an attacker to cause a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0015.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sndfile-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sndfile-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sndfile1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsndfile-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64sndfile-devel-1.0.25-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64sndfile-static-devel-1.0.25-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64sndfile1-1.0.25-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"libsndfile-progs-1.0.25-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:19:33", "description": "According to the version of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.(CVE-2014-9496)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libsndfile (EulerOS-SA-2019-2037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsndfile", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2037.NASL", "href": "https://www.tenable.com/plugins/nessus/129230", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129230);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/01\");\n\n script_cve_id(\n \"CVE-2014-9496\"\n );\n script_bugtraq_id(\n 71796\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libsndfile (EulerOS-SA-2019-2037)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libsndfile package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The sd2_parse_rsrc_fork function in sd2.c in libsndfile\n allows attackers to have unspecified impact via vectors\n related to a (1) map offset or (2) rsrc marker, which\n triggers an out-of-bounds read.(CVE-2014-9496)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2037\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4735b15d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsndfile package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9496\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsndfile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsndfile-1.0.25-10.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsndfile\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:14", "description": "Changes in libsndfile: two buffer read overflows in sd2_parse_rsrc_fork() (CVE-2014-9496, bnc#911796): backported upstream fix patches", "cvss3": {"score": null, "vector": null}, "published": "2015-01-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libsndfile (openSUSE-SU-2015:0041-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsndfile-debugsource", "p-cpe:/a:novell:opensuse:libsndfile-devel", "p-cpe:/a:novell:opensuse:libsndfile-progs", "p-cpe:/a:novell:opensuse:libsndfile-progs-debuginfo", "p-cpe:/a:novell:opensuse:libsndfile-progs-debugsource", "p-cpe:/a:novell:opensuse:libsndfile1", "p-cpe:/a:novell:opensuse:libsndfile1-32bit", "p-cpe:/a:novell:opensuse:libsndfile1-debuginfo", "p-cpe:/a:novell:opensuse:libsndfile1-debuginfo-32bit", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-18.NASL", "href": "https://www.tenable.com/plugins/nessus/80543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-18.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80543);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9496\");\n\n script_name(english:\"openSUSE Security Update : libsndfile (openSUSE-SU-2015:0041-1)\");\n script_summary(english:\"Check for the openSUSE-2015-18 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in libsndfile: two buffer read overflows in\nsd2_parse_rsrc_fork() (CVE-2014-9496, bnc#911796): backported upstream\nfix patches\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-01/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsndfile packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile-progs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile-progs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsndfile1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsndfile-debugsource-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsndfile-devel-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsndfile-progs-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsndfile-progs-debuginfo-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsndfile-progs-debugsource-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsndfile1-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsndfile1-debuginfo-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsndfile1-32bit-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsndfile1-debuginfo-32bit-1.0.25-17.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsndfile-debugsource-1.0.25-19.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsndfile-devel-1.0.25-19.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsndfile-progs-1.0.25-19.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsndfile-progs-debuginfo-1.0.25-19.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsndfile-progs-debugsource-1.0.25-19.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsndfile1-1.0.25-19.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsndfile1-debuginfo-1.0.25-19.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsndfile1-32bit-1.0.25-19.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsndfile1-debuginfo-32bit-1.0.25-19.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsndfile-progs / libsndfile-progs-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:08", "description": "This update for libsndfile fixes two buffer read overflows in sd2_parse_rsrc_fork(). (CVE-2014-9496, bsc#911796)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-29T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : libsndfile (SAT Patch Number 10221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libsndfile", "p-cpe:/a:novell:suse_linux:11:libsndfile-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBSNDFILE-150123.NASL", "href": "https://www.tenable.com/plugins/nessus/81078", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81078);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9496\");\n\n script_name(english:\"SuSE 11.3 Security Update : libsndfile (SAT Patch Number 10221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libsndfile fixes two buffer read overflows in\nsd2_parse_rsrc_fork(). (CVE-2014-9496, bsc#911796)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=911796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9496.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10221.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsndfile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsndfile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libsndfile-1.0.20-2.6.5\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsndfile-1.0.20-2.6.5\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsndfile-32bit-1.0.20-2.6.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libsndfile-1.0.20-2.6.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libsndfile-32bit-1.0.20-2.6.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libsndfile-32bit-1.0.20-2.6.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:12:08", "description": "Updated libsndfile packages fix security vulnerabilities :\n\nlibsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user-supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service (CVE-2014-9496).\n\nlibsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libsndfile (MDVSA-2015:149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64sndfile-devel", "p-cpe:/a:mandriva:linux:lib64sndfile-static-devel", "p-cpe:/a:mandriva:linux:lib64sndfile1", "p-cpe:/a:mandriva:linux:libsndfile-progs", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-149.NASL", "href": "https://www.tenable.com/plugins/nessus/82402", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:149. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82402);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9496\");\n script_xref(name:\"MDVSA\", value:\"2015:149\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libsndfile (MDVSA-2015:149)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libsndfile packages fix security vulnerabilities :\n\nlibsndfile contains multiple buffer-overflow vulnerabilities in\nsrc/sd2.c because it fails to properly bounds-check user-supplied\ninput, which may allow an attacker to execute arbitrary code or cause\na denial of service (CVE-2014-9496).\n\nlibsndfile contains a divide-by-zero error in src/file_io.c which may\nallow an attacker to cause a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0015.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sndfile-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sndfile-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sndfile1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsndfile-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64sndfile-devel-1.0.25-4.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64sndfile-static-devel-1.0.25-4.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64sndfile1-1.0.25-4.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"libsndfile-progs-1.0.25-4.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:04", "description": "The remote host is affected by the vulnerability described in GLSA-201612-03 (libsndfile: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2016-12-05T00:00:00", "type": "nessus", "title": "GLSA-201612-03 : libsndfile: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2015-7805"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:libsndfile", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201612-03.NASL", "href": "https://www.tenable.com/plugins/nessus/95518", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95518);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9496\", \"CVE-2015-7805\");\n script_xref(name:\"GLSA\", value:\"201612-03\");\n\n script_name(english:\"GLSA-201612-03 : libsndfile: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-03\n(libsndfile: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libsndfile. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file,\n possibly resulting in the execution of arbitrary code with the privileges\n of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libsndfile users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libsndfile-1.0.26'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libsndfile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libsndfile\", unaffected:make_list(\"ge 1.0.26\"), vulnerable:make_list(\"lt 1.0.26\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsndfile\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:43:27", "description": "New libsndfile packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-02-09T00:00:00", "type": "nessus", "title": "Slackware 13.37 / 14.0 / 14.1 / current : libsndfile (SSA:2016-039-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:libsndfile", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2016-039-02.NASL", "href": "https://www.tenable.com/plugins/nessus/88626", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-039-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88626);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9496\", \"CVE-2014-9756\", \"CVE-2015-7805\");\n script_xref(name:\"SSA\", value:\"2016-039-02\");\n\n script_name(english:\"Slackware 13.37 / 14.0 / 14.1 / current : libsndfile (SSA:2016-039-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libsndfile packages are available for Slackware 13.37, 14.0,\n14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458383\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d0b680c6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsndfile package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libsndfile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.37\", pkgname:\"libsndfile\", pkgver:\"1.0.26\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"libsndfile\", pkgver:\"1.0.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"libsndfile\", pkgver:\"1.0.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"libsndfile\", pkgver:\"1.0.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"libsndfile\", pkgver:\"1.0.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"libsndfile\", pkgver:\"1.0.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libsndfile\", pkgver:\"1.0.26\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libsndfile\", pkgver:\"1.0.26\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:44:04", "description": "It was discovered that libsndfile incorrectly handled memory when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-9496)\n\nJoshua Rogers discovered that libsndfile incorrectly handled division when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service.\n(CVE-2014-9756)\n\nMarco Romano discovered that libsndfile incorrectly handled certain malformed AIFF files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7805).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-08T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libsndfile vulnerabilities (USN-2832-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libsndfile1", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2832-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2832-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87239);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9496\", \"CVE-2014-9756\", \"CVE-2015-7805\");\n script_xref(name:\"USN\", value:\"2832-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libsndfile vulnerabilities (USN-2832-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libsndfile incorrectly handled memory when\nparsing malformed files. A remote attacker could use this issue to\ncause libsndfile to crash, resulting in a denial of service. This\nissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-9496)\n\nJoshua Rogers discovered that libsndfile incorrectly handled division\nwhen parsing malformed files. A remote attacker could use this issue\nto cause libsndfile to crash, resulting in a denial of service.\n(CVE-2014-9756)\n\nMarco Romano discovered that libsndfile incorrectly handled certain\nmalformed AIFF files. A remote attacker could use this issue to cause\nlibsndfile to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-7805).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2832-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsndfile1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsndfile1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libsndfile1\", pkgver:\"1.0.25-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libsndfile1\", pkgver:\"1.0.25-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libsndfile1\", pkgver:\"1.0.25-9.1ubuntu0.15.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libsndfile1\", pkgver:\"1.0.25-9.1ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsndfile1\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:44:05", "description": "CVE-2014-9496\n\nThe sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.\n\nCVE-2014-9756\n\nThe psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.\n\nCVE-2015-7805\n\nHeap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-01T00:00:00", "type": "nessus", "title": "Debian DLA-356-1 : libsndfile security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libsndfile1", "p-cpe:/a:debian:debian_linux:libsndfile1-dev", "p-cpe:/a:debian:debian_linux:sndfile-programs", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-356.NASL", "href": "https://www.tenable.com/plugins/nessus/87111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-356-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87111);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9496\", \"CVE-2014-9756\", \"CVE-2015-7805\");\n script_bugtraq_id(71796);\n\n script_name(english:\"Debian DLA-356-1 : libsndfile security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-9496\n\nThe sd2_parse_rsrc_fork function in sd2.c in libsndfile allows\nattackers to have unspecified impact via vectors related to a (1) map\noffset or (2) rsrc marker, which triggers an out-of-bounds read.\n\nCVE-2014-9756\n\nThe psf_fwrite function in file_io.c in libsndfile allows attackers to\ncause a denial of service (divide-by-zero error and application crash)\nvia unspecified vectors related to the headindex variable.\n\nCVE-2015-7805\n\nHeap-based buffer overflow in libsndfile 1.0.25 allows remote\nattackers to have unspecified impact via the headindex value in the\nheader in an AIFF file.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/11/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libsndfile\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsndfile1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsndfile1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sndfile-programs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libsndfile1\", reference:\"1.0.21-3+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsndfile1-dev\", reference:\"1.0.21-3+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"sndfile-programs\", reference:\"1.0.21-3+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:28:57", "description": "Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as 'Dragonblood'.\n\n - CVE-2019-9495 Cache-based side-channel attack against the EAP-pwd implementation: an attacker able to run unprivileged code on the target machine (including for example JavaScript code in a browser on a smartphone) during the handshake could deduce enough information to discover the password in a dictionary attack.\n\n - CVE-2019-9497 Reflection attack against EAP-pwd server implementation:\n a lack of validation of received scalar and elements value in the EAP-pwd-Commit messages could result in attacks that would be able to complete EAP-pwd authentication exchange without the attacker having to know the password. This does not result in the attacker being able to derive the session key, complete the following key exchange and access the network.\n\n - CVE-2019-9498 EAP-pwd server missing commit validation for scalar/element: hostapd doesn't validate values received in the EAP-pwd-Commit message, so an attacker could use a specially crafted commit message to manipulate the exchange in order for hostapd to derive a session key from a limited set of possible values. This could result in an attacker being able to complete authentication and gain access to the network.\n\n - CVE-2019-9499 EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant doesn't validate values received in the EAP-pwd-Commit message, so an attacker could use a specially crafted commit message to manipulate the exchange in order for wpa_supplicant to derive a session key from a limited set of possible values. This could result in an attacker being able to complete authentication and operate as a rogue AP.\n\nNote that the Dragonblood moniker also applies to CVE-2019-9494 and CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3.\nSAE is not enabled in Debian stretch builds of wpa, which is thus not vulnerable by default.\n\nDue to the complexity of the backporting process, the fix for these vulnerabilities are partial. Users are advised to use strong passwords to prevent dictionary attacks or use a 2.7-based version from stretch-backports (version above 2:2.7+git20190128+0c1e29f-4).", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-15T00:00:00", "type": "nessus", "title": "Debian DSA-4430-1 : wpa - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wpa", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4430.NASL", "href": "https://www.tenable.com/plugins/nessus/124038", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4430. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124038);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n script_xref(name:\"DSA\", value:\"4430\");\n\n script_name(english:\"Debian DSA-4430-1 : wpa - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven)\nfound multiple vulnerabilities in the WPA implementation found in\nwpa_supplication (station) and hostapd (access point). These\nvulnerability are also collectively known as 'Dragonblood'.\n\n - CVE-2019-9495\n Cache-based side-channel attack against the EAP-pwd\n implementation: an attacker able to run unprivileged\n code on the target machine (including for example\n JavaScript code in a browser on a smartphone) during the\n handshake could deduce enough information to discover\n the password in a dictionary attack.\n\n - CVE-2019-9497\n Reflection attack against EAP-pwd server implementation:\n a lack of validation of received scalar and elements\n value in the EAP-pwd-Commit messages could result in\n attacks that would be able to complete EAP-pwd\n authentication exchange without the attacker having to\n know the password. This does not result in the attacker\n being able to derive the session key, complete the\n following key exchange and access the network.\n\n - CVE-2019-9498\n EAP-pwd server missing commit validation for\n scalar/element: hostapd doesn't validate values received\n in the EAP-pwd-Commit message, so an attacker could use\n a specially crafted commit message to manipulate the\n exchange in order for hostapd to derive a session key\n from a limited set of possible values. This could result\n in an attacker being able to complete authentication and\n gain access to the network.\n\n - CVE-2019-9499\n EAP-pwd peer missing commit validation for\n scalar/element: wpa_supplicant doesn't validate values\n received in the EAP-pwd-Commit message, so an attacker\n could use a specially crafted commit message to\n manipulate the exchange in order for wpa_supplicant to\n derive a session key from a limited set of possible\n values. This could result in an attacker being able to\n complete authentication and operate as a rogue AP.\n\nNote that the Dragonblood moniker also applies to CVE-2019-9494 and\nCVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3.\nSAE is not enabled in Debian stretch builds of wpa, which is thus not\nvulnerable by default.\n\nDue to the complexity of the backporting process, the fix for these\nvulnerabilities are partial. Users are advised to use strong passwords\nto prevent dictionary attacks or use a 2.7-based version from\nstretch-backports (version above 2:2.7+git20190128+0c1e29f-4).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-9495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-9497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-9498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-9499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-9494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4430\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wpa packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2:2.4-1+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hostapd\", reference:\"2:2.4-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpagui\", reference:\"2:2.4-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant\", reference:\"2:2.4-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant-udeb\", reference:\"2:2.4-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:45:24", "description": "Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files.\n\nCVE-2017-7585\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.\n\nCVE-2017-7586\n\nIn libsndfile before 1.0.28, an error in the 'header_read()' function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.\nCVE-2017-7741\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2017-7742\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2014-9496\n\nThe sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.\n\nCVE-2014-9756\n\nThe psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.\nCVE-2015-7805\n\nHeap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.0.25-9.1+deb7u1.\n\nWe recommend that you upgrade your libsndfile packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "Debian DLA-928-1 : libsndfile security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805", "CVE-2017-7585", "CVE-2017-7586", "CVE-2017-7741", "CVE-2017-7742"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libsndfile1", "p-cpe:/a:debian:debian_linux:libsndfile1-dev", "p-cpe:/a:debian:debian_linux:sndfile-programs", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-928.NASL", "href": "https://www.tenable.com/plugins/nessus/99739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-928-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99739);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7805\", \"CVE-2017-7585\", \"CVE-2017-7586\", \"CVE-2017-7741\", \"CVE-2017-7742\");\n\n script_name(english:\"Debian DLA-928-1 : libsndfile security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in libsndfile, a popular library\nfor reading/writing audio files.\n\nCVE-2017-7585\n\nIn libsndfile before 1.0.28, an error in the 'flac_buffer_copy()'\nfunction (flac.c) can be exploited to cause a stack-based buffer\noverflow via a specially crafted FLAC file.\n\nCVE-2017-7586\n\nIn libsndfile before 1.0.28, an error in the 'header_read()' function\n(common.c) when handling ID3 tags can be exploited to cause a\nstack-based buffer overflow via a specially crafted FLAC file.\nCVE-2017-7741\n\nIn libsndfile before 1.0.28, an error in the\n'flac_buffer_copy()' function (flac.c) can be exploited to\ncause a segmentation violation (with write memory access)\nvia a specially crafted FLAC file during a resample attempt,\na similar issue to CVE-2017-7585. CVE-2017-7742\n\nIn libsndfile before 1.0.28, an error in the\n'flac_buffer_copy()' function (flac.c) can be exploited to\ncause a segmentation violation (with read memory access) via\na specially crafted FLAC file during a resample attempt, a\nsimilar issue to CVE-2017-7585. CVE-2014-9496\n\nThe sd2_parse_rsrc_fork function in sd2.c in libsndfile\nallows attackers to have unspecified impact via vectors\nrelated to a (1) map offset or (2) rsrc marker, which\ntriggers an out-of-bounds read.\n\nCVE-2014-9756\n\nThe psf_fwrite function in file_io.c in libsndfile allows attackers to\ncause a denial of service (divide-by-zero error and application crash)\nvia unspecified vectors related to the headindex variable.\nCVE-2015-7805\n\nHeap-based buffer overflow in libsndfile 1.0.25 allows\nremote attackers to have unspecified impact via the\nheadindex value in the header in an AIFF file.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.0.25-9.1+deb7u1.\n\nWe recommend that you upgrade your libsndfile packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00047.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libsndfile\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsndfile1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsndfile1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sndfile-programs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libsndfile1\", reference:\"1.0.25-9.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsndfile1-dev\", reference:\"1.0.25-9.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"sndfile-programs\", reference:\"1.0.25-9.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-26T17:13:15", "description": "According to the versions of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In libsndfile before 1.0.28, an error in the 'header_read()' function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.(CVE-2017-7586)\n\n - Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2017-12562)\n\n - In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-16942)\n\n - In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-14634)\n\n - The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.(CVE-2014-9756)\n\n - In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7741)\n\n - In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7742)\n\n - In libsndfile version 1.0.28, an error in the 'aiff_read_chanmap()' function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.(CVE-2017-6892)\n\n - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.(CVE-2017-8361)\n\n - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.(CVE-2017-8362)\n\n - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.(CVE-2017-8363)\n\n - The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.(CVE-2017-8365)\n\n - The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.(CVE-2014-9496)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libsndfile (EulerOS-SA-2019-2513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2017-12562", "CVE-2017-14634", "CVE-2017-16942", "CVE-2017-6892", "CVE-2017-7585", "CVE-2017-7586", "CVE-2017-7741", "CVE-2017-7742", "CVE-2017-8361", "CVE-2017-8362", "CVE-2017-8363", "CVE-2017-8365"], "modified": "2021-01-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsndfile", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2513.NASL", "href": "https://www.tenable.com/plugins/nessus/131666", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131666);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/29\");\n\n script_cve_id(\n \"CVE-2014-9496\",\n \"CVE-2014-9756\",\n \"CVE-2017-12562\",\n \"CVE-2017-14634\",\n \"CVE-2017-16942\",\n \"CVE-2017-6892\",\n \"CVE-2017-7586\",\n \"CVE-2017-7741\",\n \"CVE-2017-7742\",\n \"CVE-2017-8361\",\n \"CVE-2017-8362\",\n \"CVE-2017-8363\",\n \"CVE-2017-8365\"\n );\n script_bugtraq_id(\n 71796\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libsndfile (EulerOS-SA-2019-2513)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libsndfile package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In libsndfile before 1.0.28, an error in the\n 'header_read()' function (common.c) when handling ID3\n tags can be exploited to cause a stack-based buffer\n overflow via a specially crafted FLAC\n file.(CVE-2017-7586)\n\n - Heap-based Buffer Overflow in the psf_binheader_writef\n function in common.c in libsndfile through 1.0.28\n allows remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact.(CVE-2017-12562)\n\n - In libsndfile 1.0.25 (fixed in 1.0.26), a\n divide-by-zero error exists in the function\n wav_w64_read_fmt_chunk() in wav_w64.c, which may lead\n to DoS when playing a crafted audio\n file.(CVE-2017-16942)\n\n - In libsndfile 1.0.28, a divide-by-zero error exists in\n the function double64_init() in double64.c, which may\n lead to DoS when playing a crafted audio\n file.(CVE-2017-14634)\n\n - The psf_fwrite function in file_io.c in libsndfile\n allows attackers to cause a denial of service\n (divide-by-zero error and application crash) via\n unspecified vectors related to the headindex\n variable.(CVE-2014-9756)\n\n - In libsndfile before 1.0.28, an error in the\n 'flac_buffer_copy()' function (flac.c) can be exploited\n to cause a segmentation violation (with write memory\n access) via a specially crafted FLAC file during a\n resample attempt, a similar issue to\n CVE-2017-7585.(CVE-2017-7741)\n\n - In libsndfile before 1.0.28, an error in the\n 'flac_buffer_copy()' function (flac.c) can be exploited\n to cause a segmentation violation (with read memory\n access) via a specially crafted FLAC file during a\n resample attempt, a similar issue to\n CVE-2017-7585.(CVE-2017-7742)\n\n - In libsndfile version 1.0.28, an error in the\n 'aiff_read_chanmap()' function (aiff.c) can be\n exploited to cause an out-of-bounds read memory access\n via a specially crafted AIFF file.(CVE-2017-6892)\n\n - The flac_buffer_copy function in flac.c in libsndfile\n 1.0.28 allows remote attackers to cause a denial of\n service (buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted\n audio file.(CVE-2017-8361)\n\n - The flac_buffer_copy function in flac.c in libsndfile\n 1.0.28 allows remote attackers to cause a denial of\n service (invalid read and application crash) via a\n crafted audio file.(CVE-2017-8362)\n\n - The flac_buffer_copy function in flac.c in libsndfile\n 1.0.28 allows remote attackers to cause a denial of\n service (heap-based buffer over-read and application\n crash) via a crafted audio file.(CVE-2017-8363)\n\n - The i2les_array function in pcm.c in libsndfile 1.0.28\n allows remote attackers to cause a denial of service\n (buffer over-read and application crash) via a crafted\n audio file.(CVE-2017-8365)\n\n - The sd2_parse_rsrc_fork function in sd2.c in libsndfile\n allows attackers to have unspecified impact via vectors\n related to a (1) map offset or (2) rsrc marker, which\n triggers an out-of-bounds read.(CVE-2014-9496)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2513\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b80e01d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsndfile packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12562\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsndfile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsndfile-1.0.25-10.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsndfile\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-26T17:10:05", "description": "According to the versions of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In libsndfile version 1.0.28, an error in the 'aiff_read_chanmap()' function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.(CVE-2017-6892)\n\n - The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.(CVE-2014-9496)\n\n - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.(CVE-2017-8361)\n\n - In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7741)\n\n - In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.(CVE-2017-7742)\n\n - In libsndfile before 1.0.28, an error in the 'flac_buffer_copy()' function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.(CVE-2017-7585)\n\n - An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(CVE-2017-14246)\n\n - An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(CVE-2017-14245)\n\n - The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246.(CVE-2017-17457)\n\n - The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245.(CVE-2017-17456)\n\n - In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-14634)\n\n - The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.(CVE-2014-9756)\n\n - In libsndfile before 1.0.28, an error in the 'header_read()' function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.(CVE-2017-7586)\n\n - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.(CVE-2017-8362)\n\n - The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.(CVE-2017-8363)\n\n - The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.(CVE-2017-8365)\n\n - In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.(CVE-2017-16942)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : libsndfile (EulerOS-SA-2019-2208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2017-14245", "CVE-2017-14246", "CVE-2017-14634", "CVE-2017-16942", "CVE-2017-17456", "CVE-2017-17457", "CVE-2017-6892", "CVE-2017-7585", "CVE-2017-7586", "CVE-2017-7741", "CVE-2017-7742", "CVE-2017-8361", "CVE-2017-8362", "CVE-2017-8363", "CVE-2017-8365"], "modified": "2021-01-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsndfile", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2208.NASL", "href": "https://www.tenable.com/plugins/nessus/130670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130670);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/29\");\n\n script_cve_id(\n \"CVE-2014-9496\",\n \"CVE-2014-9756\",\n \"CVE-2017-14245\",\n \"CVE-2017-14246\",\n \"CVE-2017-14634\",\n \"CVE-2017-16942\",\n \"CVE-2017-17456\",\n \"CVE-2017-17457\",\n \"CVE-2017-6892\",\n \"CVE-2017-7585\",\n \"CVE-2017-7586\",\n \"CVE-2017-7741\",\n \"CVE-2017-7742\",\n \"CVE-2017-8361\",\n \"CVE-2017-8362\",\n \"CVE-2017-8363\",\n \"CVE-2017-8365\"\n );\n script_bugtraq_id(\n 71796\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libsndfile (EulerOS-SA-2019-2208)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libsndfile package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In libsndfile version 1.0.28, an error in the\n 'aiff_read_chanmap()' function (aiff.c) can be\n exploited to cause an out-of-bounds read memory access\n via a specially crafted AIFF file.(CVE-2017-6892)\n\n - The sd2_parse_rsrc_fork function in sd2.c in libsndfile\n allows attackers to have unspecified impact via vectors\n related to a (1) map offset or (2) rsrc marker, which\n triggers an out-of-bounds read.(CVE-2014-9496)\n\n - The flac_buffer_copy function in flac.c in libsndfile\n 1.0.28 allows remote attackers to cause a denial of\n service (buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted\n audio file.(CVE-2017-8361)\n\n - In libsndfile before 1.0.28, an error in the\n 'flac_buffer_copy()' function (flac.c) can be exploited\n to cause a segmentation violation (with write memory\n access) via a specially crafted FLAC file during a\n resample attempt, a similar issue to\n CVE-2017-7585.(CVE-2017-7741)\n\n - In libsndfile before 1.0.28, an error in the\n 'flac_buffer_copy()' function (flac.c) can be exploited\n to cause a segmentation violation (with read memory\n access) via a specially crafted FLAC file during a\n resample attempt, a similar issue to\n CVE-2017-7585.(CVE-2017-7742)\n\n - In libsndfile before 1.0.28, an error in the\n 'flac_buffer_copy()' function (flac.c) can be exploited\n to cause a stack-based buffer overflow via a specially\n crafted FLAC file.(CVE-2017-7585)\n\n - An out of bounds read in the function d2ulaw_array() in\n ulaw.c of libsndfile 1.0.28 may lead to a remote DoS\n attack or information disclosure, related to\n mishandling of the NAN and INFINITY floating-point\n values.(CVE-2017-14246)\n\n - An out of bounds read in the function d2alaw_array() in\n alaw.c of libsndfile 1.0.28 may lead to a remote DoS\n attack or information disclosure, related to\n mishandling of the NAN and INFINITY floating-point\n values.(CVE-2017-14245)\n\n - The function d2ulaw_array() in ulaw.c of libsndfile\n 1.0.29pre1 may lead to a remote DoS attack (SEGV on\n unknown address 0x000000000000), a different\n vulnerability than CVE-2017-14246.(CVE-2017-17457)\n\n - The function d2alaw_array() in alaw.c of libsndfile\n 1.0.29pre1 may lead to a remote DoS attack (SEGV on\n unknown address 0x000000000000), a different\n vulnerability than CVE-2017-14245.(CVE-2017-17456)\n\n - In libsndfile 1.0.28, a divide-by-zero error exists in\n the function double64_init() in double64.c, which may\n lead to DoS when playing a crafted audio\n file.(CVE-2017-14634)\n\n - The psf_fwrite function in file_io.c in libsndfile\n allows attackers to cause a denial of service\n (divide-by-zero error and application crash) via\n unspecified vectors related to the headindex\n variable.(CVE-2014-9756)\n\n - In libsndfile before 1.0.28, an error in the\n 'header_read()' function (common.c) when handling ID3\n tags can be exploited to cause a stack-based buffer\n overflow via a specially crafted FLAC\n file.(CVE-2017-7586)\n\n - The flac_buffer_copy function in flac.c in libsndfile\n 1.0.28 allows remote attackers to cause a denial of\n service (invalid read and application crash) via a\n crafted audio file.(CVE-2017-8362)\n\n - The flac_buffer_copy function in flac.c in libsndfile\n 1.0.28 allows remote attackers to cause a denial of\n service (heap-based buffer over-read and application\n crash) via a crafted audio file.(CVE-2017-8363)\n\n - The i2les_array function in pcm.c in libsndfile 1.0.28\n allows remote attackers to cause a denial of service\n (buffer over-read and application crash) via a crafted\n audio file.(CVE-2017-8365)\n\n - In libsndfile 1.0.25 (fixed in 1.0.26), a\n divide-by-zero error exists in the function\n wav_w64_read_fmt_chunk() in wav_w64.c, which may lead\n to DoS when playing a crafted audio\n file.(CVE-2017-16942)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2208\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e665082\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsndfile packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8361\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsndfile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsndfile-1.0.25-10.h9.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsndfile\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated libsndfile packages fix security vulnerabilities: libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service (CVE-2014-9496). libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service. \n", "cvss3": {}, "published": "2015-01-08T12:36:22", "type": "mageia", "title": "Updated libsndfile packages fix CVE-2014-9496\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496"], "modified": "2015-01-08T12:36:22", "id": "MGASA-2015-0015", "href": "https://advisories.mageia.org/MGASA-2015-0015.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "libsndfile is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and 64-bit floating point WAV files and a number of compressed formats. It compiles and runs on *nix, MacOS, and Win32. ", "edition": 2, "cvss3": {}, "published": "2015-01-20T21:00:03", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: libsndfile-1.0.25-9.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496"], "modified": "2015-01-20T21:00:03", "id": "FEDORA:35CC060D00B3", "href": "", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "libsndfile is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and 64-bit floating point WAV files and a number of compressed formats. It compiles and runs on *nix, MacOS, and Win32. ", "edition": 2, "cvss3": {}, "published": "2015-01-21T23:05:58", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: libsndfile-1.0.25-14.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496"], "modified": "2015-01-21T23:05:58", "id": "FEDORA:050A660EFBB8", "href": "", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "description": "sd2_parse_rsrc_fork() out-of band read and devision by zero.", "edition": 1, "cvss3": {}, "published": "2015-01-19T00:00:00", "title": "libsndfile out-of-bounds read", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2015-01-19T00:00:00", "id": "SECURITYVULNS:VULN:14219", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14219", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:56", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:024\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : libsndfile\r\n Date : January 15, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated libsndfile packages fix security vulnerabilities:\r\n \r\n libsndfile contains multiple buffer-overflow vulnerabilities in\r\n src/sd2.c because it fails to properly bounds-check user supplied\r\n input, which may allow an attacker to execute arbitrary code or cause\r\n a denial of service (CVE-2014-9496).\r\n \r\n libsndfile contains a divide-by-zero error in src/file_io.c which\r\n may allow an attacker to cause a denial of service.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496\r\n http://advisories.mageia.org/MGASA-2015-0015.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 363b090ade387feaab18151d55caa071 mbs1/x86_64/lib64sndfile1-1.0.25-3.1.mbs1.x86_64.rpm\r\n 348de9ce8c0fa39a0f2ee0035ade2e42 mbs1/x86_64/lib64sndfile-devel-1.0.25-3.1.mbs1.x86_64.rpm\r\n 7bf33321207a0342ba7e96909887ca5f mbs1/x86_64/lib64sndfile-static-devel-1.0.25-3.1.mbs1.x86_64.rpm\r\n 1c47175145597f183be3e1cbaa5ddb46 mbs1/x86_64/libsndfile-progs-1.0.25-3.1.mbs1.x86_64.rpm \r\n 8e3eb94db10a5ddbfc88424849bd8c17 mbs1/SRPMS/libsndfile-1.0.25-3.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUt8QXmqjQ0CJFipgRAh+LAJ0aBMlVXjeKGq0ek0e3NWnVAJqX2ACgy1rZ\r\nzVqA1Ewf9jyxNI34Cmou9HI=\r\n=BI5b\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-01-19T00:00:00", "title": "[ MDVSA-2015:024 ] libsndfile", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-9496"], "modified": "2015-01-19T00:00:00", "id": "SECURITYVULNS:DOC:31623", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31623", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:50:30", "description": "The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to\nhave unspecified impact via vectors related to a (1) map offset or (2) rsrc\nmarker, which triggers an out-of-bounds read.\n\n#### Bugs\n\n * <https://github.com/erikd/libsndfile/issues/93>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774162>\n", "cvss3": {}, "published": "2015-01-16T00:00:00", "type": "ubuntucve", "title": "CVE-2014-9496", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496"], "modified": "2015-01-16T00:00:00", "id": "UB:CVE-2014-9496", "href": "https://ubuntu.com/security/CVE-2014-9496", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:50:01", "description": "The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.", "cvss3": {}, "published": "2015-01-16T16:59:00", "type": "debiancve", "title": "CVE-2014-9496", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496"], "modified": "2015-01-16T16:59:00", "id": "DEBIANCVE:CVE-2014-9496", "href": "https://security-tracker.debian.org/tracker/CVE-2014-9496", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:06:14", "description": "### Background\n\nlibsndfile is a C library for reading and writing files containing sampled sound. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libsndfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libsndfile-1.0.26\"", "cvss3": {}, "published": "2016-12-03T00:00:00", "type": "gentoo", "title": "libsndfile: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496", "CVE-2015-7805"], "modified": "2016-12-03T00:00:00", "id": "GLSA-201612-03", "href": "https://security.gentoo.org/glsa/201612-03", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2021-07-28T14:47:07", "description": "New libsndfile packages are available for Slackware 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/flac-1.3.1-i486-1_slack14.1.txz: Upgraded.\n This update is needed by the latest version of libsndfile.\npatches/packages/libsndfile-1.0.26-i486-1_slack14.1.txz: Upgraded.\n This release fixes security issues which may allow attackers to cause\n a denial of service, or possibly execute arbitrary code.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9756\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7805\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libsndfile-1.0.26-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libsndfile-1.0.26-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libsndfile-1.0.26-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libsndfile-1.0.26-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libsndfile-1.0.26-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libsndfile-1.0.26-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libsndfile-1.0.26-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libsndfile-1.0.26-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.37 package:\n70dc94408249576926e3b5ba2a5430a6 libsndfile-1.0.26-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n3630ea222b36917bcb6c7f5c5a50ca61 libsndfile-1.0.26-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\na1444976de780af4526d128430ce1acb libsndfile-1.0.26-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n1176788490e501c306e909ce1059e731 libsndfile-1.0.26-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n7ded54ad7fde158dc088e122371d4cfa libsndfile-1.0.26-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n3021e9eaf9081c66099575c9fa5dbf44 libsndfile-1.0.26-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nbdb21f513021f6660fdca1f485d79ea6 l/libsndfile-1.0.26-i586-1.txz\n\nSlackware x86_64 -current package:\n16e5de5b07c277b3ae49c763a8adeb0b l/libsndfile-1.0.26-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libsndfile-1.0.26-i486-1_slack14.1.txz\n\nPlease note that you'll need the new flac package as well.", "cvss3": {}, "published": "2016-02-08T23:39:02", "type": "slackware", "title": "[slackware-security] libsndfile", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"], "modified": "2016-02-08T23:39:02", "id": "SSA-2016-039-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458383", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:49", "description": "- CVE-2014-9496 (unspecified impact) \nThe sd2_parse_rsrc_fork function in sd2.c in lib32-libsndfile allows\nattackers to have unspecified impact via vectors related to a (1) map offset\nor (2) rsrc marker, which triggers an out-of-bounds read.\n\n- CVE-2014-9756 (denial of service) \nThe psf_fwrite function in file_io.c in lib32-libsndfile allows attackers to\ncause a denial of service (divide-by-zero error and application crash) via\nunspecified vectors related to the headindex variable.\n\n- CVE-2015-7805 (unspecified impact) \nHeap-based buffer overflow in lib32-libsndfile 1.0.25 allows remote\nattackers to have unspecified impact via the headindex value in the header\nin an AIFF file.", "edition": 2, "cvss3": {}, "published": "2016-02-06T00:00:00", "type": "archlinux", "title": "lib32-libsndfile: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"], "modified": "2016-02-06T00:00:00", "id": "ASA-201602-9", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:48", "description": "- CVE-2014-9496 (unspecified impact) \nThe sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to\nhave unspecified impact via vectors related to a (1) map offset or (2) rsrc\nmarker, which triggers an out-of-bounds read.\n\n- CVE-2014-9756 (denial of service) \nThe psf_fwrite function in file_io.c in libsndfile allows attackers to cause\na denial of service (divide-by-zero error and application crash) via\nunspecified vectors related to the headindex variable.\n\n- CVE-2015-7805 (unspecified impact) \nHeap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to\nhave unspecified impact via the headindex value in the header in an AIFF\nfile.", "edition": 2, "cvss3": {}, "published": "2016-02-06T00:00:00", "type": "archlinux", "title": "libsndfile: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"], "modified": "2016-02-06T00:00:00", "id": "ASA-201602-8", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-12-13T04:45:35", "description": "Package : libsndfile\nVersion : 1.0.21-3+squeeze2\nCVE ID : CVE-2014-9496 CVE-2014-9756 CVE-2015-7805\nDebian Bug : 774162 804445 804447\n\nCVE-2014-9496\n\n The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows\n attackers to have unspecified impact via vectors related to a (1) map\n offset or (2) rsrc marker, which triggers an out-of-bounds read.\n\nCVE-2014-9756\n\n The psf_fwrite function in file_io.c in libsndfile allows attackers to\n cause a denial of service (divide-by-zero error and application crash)\n via unspecified vectors related to the headindex variable.\n\nCVE-2015-7805\n\n Heap-based buffer overflow in libsndfile 1.0.25 allows remote\n attackers to have unspecified impact via the headindex value in the\n header in an AIFF file.", "cvss3": {}, "published": "2015-11-30T13:40:13", "type": "debian", "title": "[SECURITY] [DLA 356-1] libsndfile security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805"], "modified": "2015-11-30T13:40:13", "id": "DEBIAN:DLA-356-1:234BE", "href": "https://lists.debian.org/debian-lts-announce/2015/11/msg00017.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T00:08:34", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4430-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nApril 10, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpa\nCVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499\nDebian Bug : 926801\n\nMathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found\nmultiple vulnerabilities in the WPA implementation found in wpa_supplication\n(station) and hostapd (access point). These vulnerability are also collectively\nknown as "Dragonblood".\n\nCVE-2019-9495\n\n Cache-based side-channel attack against the EAP-pwd implementation: an\n attacker able to run unprivileged code on the target machine (including for\n example javascript code in a browser on a smartphone) during the handshake\n could deduce enough information to discover the password in a dictionary\n attack.\n\nCVE-2019-9497\n\n Reflection attack against EAP-pwd server implementation: a lack of\n validation of received scalar and elements value in the EAP-pwd-Commit\n messages could result in attacks that would be able to complete EAP-pwd\n authentication exchange without the attacker having to know the password.\n This does not result in the attacker being able to derive the session key,\n complete the following key exchange and access the network.\n\nCVE-2019-9498\n\n EAP-pwd server missing commit validation for scalar/element: hostapd\n doesn't validate values received in the EAP-pwd-Commit message, so an\n attacker could use a specially crafted commit message to manipulate the\n exchange in order for hostapd to derive a session key from a limited set of\n possible values. This could result in an attacker being able to complete\n authentication and gain access to the network.\n\nCVE-2019-9499\n\n EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant\n doesn't validate values received in the EAP-pwd-Commit message, so an\n attacker could use a specially crafted commit message to manipulate the\n exchange in order for wpa_supplicant to derive a session key from a limited\n set of possible values. This could result in an attacker being able to\n complete authentication and operate as a rogue AP.\n\nNote that the Dragonblood moniker also applies to CVE-2019-9494 and\nCVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not\nenabled in Debian stretch builds of wpa, which is thus not vulnerable by default.\n\nDue to the complexity of the backporting process, the fix for these\nvulnerabilities are partial. Users are advised to use strong passwords to\nprevent dictionary attacks or use a 2.7-based version from stretch-backports\n(version above 2:2.7+git20190128+0c1e29f-4).\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u3.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-11T06:12:24", "type": "debian", "title": "[SECURITY] [DSA 4430-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2019-04-11T06:12:24", "id": "DEBIAN:DSA-4430-1:E38A2", "href": "https://lists.debian.org/debian-security-announce/2019/msg00074.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-05T04:56:56", "description": "Package : libsndfile\nVersion : 1.0.25-9.1+deb7u1\nCVE ID : CVE-2015-7805 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 \n CVE-2017-7742\nDebian Bug : 860255\n\nMultiple vulnerabilities were found in libsndfile, a popular library\nfor reading/writing audio files.\n\nCVE-2017-7585\n\n In libsndfile before 1.0.28, an error in the "flac_buffer_copy()"\n function (flac.c) can be exploited to cause a stack-based buffer\n overflow via a specially crafted FLAC file.\n\nCVE-2017-7586\n\n In libsndfile before 1.0.28, an error in the "header_read()"\n function (common.c) when handling ID3 tags can be exploited to\n cause a stack-based buffer overflow via a specially crafted FLAC\n file.\n \nCVE-2017-7741\n\n In libsndfile before 1.0.28, an error in the "flac_buffer_copy()"\n function (flac.c) can be exploited to cause a segmentation\n violation (with write memory access) via a specially crafted FLAC\n file during a resample attempt, a similar issue to CVE-2017-7585.\n \nCVE-2017-7742\n\n In libsndfile before 1.0.28, an error in the "flac_buffer_copy()"\n function (flac.c) can be exploited to cause a segmentation\n violation (with read memory access) via a specially crafted FLAC\n file during a resample attempt, a similar issue to\n CVE-2017-7585.\n \nCVE-2014-9496\n\n The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows\n attackers to have unspecified impact via vectors related to a (1)\n map offset or (2) rsrc marker, which triggers an out-of-bounds\n read.\n\nCVE-2014-9756\n\n The psf_fwrite function in file_io.c in libsndfile allows\n attackers to cause a denial of service (divide-by-zero error and\n application crash) via unspecified vectors related to the\n headindex variable.\n \nCVE-2015-7805\n\n Heap-based buffer overflow in libsndfile 1.0.25 allows remote\n attackers to have unspecified impact via the headindex value in\n the header in an AIFF file.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.0.25-9.1+deb7u1.\n\nWe recommend that you upgrade your libsndfile packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-29T19:32:36", "type": "debian", "title": "[SECURITY] [DLA 928-1] libsndfile security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9496", "CVE-2014-9756", "CVE-2015-7805", "CVE-2017-7585", "CVE-2017-7586", "CVE-2017-7741", "CVE-2017-7742"], "modified": "2017-04-29T19:32:36", "id": "DEBIAN:DLA-928-1:3CC62", "href": "https://lists.debian.org/debian-lts-announce/2017/04/msg00047.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:32:50", "description": "It was discovered that libsndfile incorrectly handled memory when parsing \nmalformed files. A remote attacker could use this issue to cause \nlibsndfile to crash, resulting in a denial of service. This issue only \napplied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496)\n\nJoshua Rogers discovered that libsndfile incorrectly handled division when \nparsing malformed files. A remote attacker could use this issue to cause \nlibsndfile to crash, resulting in a denial of service. (CVE-2014-9756)\n\nMarco Romano discovered that libsndfile incorrectly handled certain \nmalformed AIFF files. A remote attacker could use this issue to cause \nlibsndfile to crash, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2015-7805)\n", "cvss3": {}, "published": "2015-12-07T00:00:00", "type": "ubuntu", "title": "libsndfile vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9756", "CVE-2015-7805", "CVE-2014-9496"], "modified": "2015-12-07T00:00:00", "id": "USN-2832-1", "href": "https://ubuntu.com/security/notices/USN-2832-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}