ID OSVDB:27047 Type osvdb Reporter Luigi Auriemma(aluigi@autistici.org) Modified 2006-07-06T07:48:59
Description
Vulnerability Description
A local overflow exists in AdPlug . AdPlug fails to handle specialy crafted U6M files when unpacking them resulting in an heap overflow. A length value read directly in the header of the U6M file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.
Solution Description
Upgrade to version CVS 05 Jul 2006 or higher, as it has been reported to fix this vulnerability.
Short Description
A local overflow exists in AdPlug . AdPlug fails to handle specialy crafted U6M files when unpacking them resulting in an heap overflow. A length value read directly in the header of the U6M file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.
{"enchantments": {"score": {"vector": "NONE", "value": 7.2}, "vulnersScore": 7.2}, "bulletinFamily": "software", "affectedSoftware": [{"name": "AdPlug", "operator": "eq", "version": "2.0"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:27047", "id": "OSVDB:27047", "title": "AdPlug u6m.cpp U6M File Unpacking Overflow", "history": [], "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:23", "edition": 1, "hash": "7b39a94ba3da12292c8f80036a5d34b5565132986c9233621ab761c982eb1b9b", "objectVersion": "1.2", "reporter": "Luigi Auriemma(aluigi@autistici.org)", "description": "## Vulnerability Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted U6M files when unpacking them resulting in an heap overflow. A length value read directly in the header of the U6M file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## Solution Description\nUpgrade to version CVS 05 Jul 2006 or higher, as it has been reported to fix this vulnerability.\n## Short Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted U6M files when unpacking them resulting in an heap overflow. A length value read directly in the header of the U6M file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://adplug.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml)\n[Secunia Advisory ID:21869](https://secuniaresearch.flexerasoftware.com/advisories/21869/)\n[Secunia Advisory ID:21295](https://secuniaresearch.flexerasoftware.com/advisories/21295/)\n[Secunia Advisory ID:20972](https://secuniaresearch.flexerasoftware.com/advisories/20972/)\n[Secunia Advisory ID:21238](https://secuniaresearch.flexerasoftware.com/advisories/21238/)\n[Related OSVDB ID: 27042](https://vulners.com/osvdb/OSVDB:27042)\n[Related OSVDB ID: 27046](https://vulners.com/osvdb/OSVDB:27046)\n[Related OSVDB ID: 27044](https://vulners.com/osvdb/OSVDB:27044)\n[Related OSVDB ID: 27043](https://vulners.com/osvdb/OSVDB:27043)\n[Related OSVDB ID: 27045](https://vulners.com/osvdb/OSVDB:27045)\nOther Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html\n[CVE-2006-3582](https://vulners.com/cve/CVE-2006-3582)\n", "modified": "2006-07-06T07:48:59", "viewCount": 0, "published": "2006-07-06T07:48:59", "cvelist": ["CVE-2006-3582"], "hashmap": [{"key": "affectedSoftware", "hash": "33019074e3d6c7114c9add33ce770dd9"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "b890bdff6a14183db4259a0448935770"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "b0a52844124e08686dd0330b06ab98b3"}, {"key": "href", "hash": "439fc4c78eb6c79e130ad0d1e1692a73"}, {"key": "modified", "hash": "d9526dd98fe527acd9f5ca30b1c858c4"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "d9526dd98fe527acd9f5ca30b1c858c4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "2155716932a7db74a347d98b88a5de75"}, {"key": "title", "hash": "9fdea088006108ab3b95a9956d9da427"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}]}
{"cve": [{"lastseen": "2018-10-19T11:35:59", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/27677", "http://adplug.cvs.sourceforge.net/adplug/adplug/src/cff.cpp?r1=1.16&r2=1.17", "http://www.securityfocus.com/archive/1/439432/100/100/threaded", "http://www.securityfocus.com/bid/18859", "http://security.gentoo.org/glsa/glsa-200607-13.xml", "https://exchange.xforce.ibmcloud.com/vulnerabilities/27670", "http://www.vupen.com/english/advisories/2006/2697", "http://aluigi.altervista.org/adv/adplugbof-adv.txt", "http://security.gentoo.org/glsa/glsa-200609-06.xml"], "description": "Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files.", "edition": 3, "reporter": "NVD", "published": "2006-07-13T15:05:00", "title": "CVE-2006-3582", "type": "cve", "enchantments": {"score": {"modified": "2018-10-19T11:35:59", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2006-3582"], "scanner": [], "modified": "2018-10-18T12:48:04", "cpe": ["cpe:/a:audacious_media_player_team:adplug:2.0"], "id": "CVE-2006-3582", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3582", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:23", "references": [], "edition": 1, "description": "## Vulnerability Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted MTK files when unpacking them resulting in an heap overflow. A length value read directly in the header of the MTK file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## Solution Description\nUpgrade to version CVS (2006-07-05) or higher, as it has been reported to fix this vulnerability.\n## Short Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted MTK files when unpacking them resulting in an heap overflow. A length value read directly in the header of the MTK file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://adplug.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml)\n[Secunia Advisory ID:21869](https://secuniaresearch.flexerasoftware.com/advisories/21869/)\n[Secunia Advisory ID:21295](https://secuniaresearch.flexerasoftware.com/advisories/21295/)\n[Secunia Advisory ID:20972](https://secuniaresearch.flexerasoftware.com/advisories/20972/)\n[Secunia Advisory ID:21238](https://secuniaresearch.flexerasoftware.com/advisories/21238/)\n[Related OSVDB ID: 27042](https://vulners.com/osvdb/OSVDB:27042)\n[Related OSVDB ID: 27047](https://vulners.com/osvdb/OSVDB:27047)\n[Related OSVDB ID: 27046](https://vulners.com/osvdb/OSVDB:27046)\n[Related OSVDB ID: 27044](https://vulners.com/osvdb/OSVDB:27044)\n[Related OSVDB ID: 27045](https://vulners.com/osvdb/OSVDB:27045)\nOther Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html\n[CVE-2006-3582](https://vulners.com/cve/CVE-2006-3582)\n", "reporter": "Luigi Auriemma(aluigi@autistici.org)", "published": "2006-07-06T07:48:59", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "AdPlug mtk.cpp MTK File Unpacking Overflow", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [{"name": "AdPlug", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2006-3582"], "modified": "2006-07-06T07:48:59", "href": "https://vulners.com/osvdb/OSVDB:27043", "id": "OSVDB:27043", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "references": [], "edition": 1, "description": "## Vulnerability Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted CFF files when unpacking them resulting in an heap overflow. A length value read directly in the header of the CFF file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the CFF file allowing for the execution of arbitrary code.\n## Solution Description\nUpgrade to version CVS (2006-07-05) or higher, as it has been reported to fix this vulnerability.\n## Short Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted CFF files when unpacking them resulting in an heap overflow. A length value read directly in the header of the CFF file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the CFF file allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://adplug.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml)\n[Secunia Advisory ID:21869](https://secuniaresearch.flexerasoftware.com/advisories/21869/)\n[Secunia Advisory ID:21295](https://secuniaresearch.flexerasoftware.com/advisories/21295/)\n[Secunia Advisory ID:20972](https://secuniaresearch.flexerasoftware.com/advisories/20972/)\n[Secunia Advisory ID:21238](https://secuniaresearch.flexerasoftware.com/advisories/21238/)\n[Related OSVDB ID: 27047](https://vulners.com/osvdb/OSVDB:27047)\n[Related OSVDB ID: 27046](https://vulners.com/osvdb/OSVDB:27046)\n[Related OSVDB ID: 27044](https://vulners.com/osvdb/OSVDB:27044)\n[Related OSVDB ID: 27043](https://vulners.com/osvdb/OSVDB:27043)\n[Related OSVDB ID: 27045](https://vulners.com/osvdb/OSVDB:27045)\nOther Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html\n[CVE-2006-3582](https://vulners.com/cve/CVE-2006-3582)\n", "reporter": "Luigi Auriemma(aluigi@autistici.org)", "published": "2006-07-06T07:48:59", "title": "AdPlug cff.cpp CFF File Unpacking Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "AdPlug", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2006-3582"], "modified": "2006-07-06T07:48:59", "href": "https://vulners.com/osvdb/OSVDB:27042", "id": "OSVDB:27042", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "references": [], "edition": 1, "description": "## Vulnerability Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted DMO files when unpacking them resulting in an heap overflow. A length value read directly in the header of the DMO file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## Solution Description\nUpgrade to version CVS 05 Jul 2006 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA local overflow exists in AdPlug . AdPlug fails to handle specialy crafted DMO files when unpacking them resulting in an heap overflow. A length value read directly in the header of the DMO file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the file allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://adplug.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200607-13.xml)\n[Secunia Advisory ID:21869](https://secuniaresearch.flexerasoftware.com/advisories/21869/)\n[Secunia Advisory ID:21295](https://secuniaresearch.flexerasoftware.com/advisories/21295/)\n[Secunia Advisory ID:20972](https://secuniaresearch.flexerasoftware.com/advisories/20972/)\n[Secunia Advisory ID:21238](https://secuniaresearch.flexerasoftware.com/advisories/21238/)\n[Related OSVDB ID: 27042](https://vulners.com/osvdb/OSVDB:27042)\n[Related OSVDB ID: 27047](https://vulners.com/osvdb/OSVDB:27047)\n[Related OSVDB ID: 27046](https://vulners.com/osvdb/OSVDB:27046)\n[Related OSVDB ID: 27043](https://vulners.com/osvdb/OSVDB:27043)\n[Related OSVDB ID: 27045](https://vulners.com/osvdb/OSVDB:27045)\nOther Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html\n[CVE-2006-3582](https://vulners.com/cve/CVE-2006-3582)\n", "reporter": "Luigi Auriemma(aluigi@autistici.org)", "published": "2006-07-06T07:48:59", "title": "AdPlug dmo.cpp DMO File Unpacking Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "AdPlug", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2006-3582"], "modified": "2006-07-06T07:48:59", "href": "https://vulners.com/osvdb/OSVDB:27044", "id": "OSVDB:27044", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:33:48", "references": ["https://security.gentoo.org/glsa/200607-13", "http://www.securityfocus.com/archive/1/439432/30/0/threaded"], "pluginID": "22142", "description": "The remote host is affected by the vulnerability described in GLSA-200607-13 (Audacious: Multiple heap and buffer overflows)\n\n Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows.\n Impact :\n\n An attacker can entice a user to load a specially crafted media file, resulting in a crash or possible execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2006-08-04T00:00:00", "title": "GLSA-200607-13 : Audacious: Multiple heap and buffer overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:audacious"], "id": "GENTOO_GLSA-200607-13.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22142", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200607-13.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22142);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2006-3581\", \"CVE-2006-3582\");\n script_xref(name:\"GLSA\", value:\"200607-13\");\n\n script_name(english:\"GLSA-200607-13 : Audacious: Multiple heap and buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200607-13\n(Audacious: Multiple heap and buffer overflows)\n\n Luigi Auriemma has found that the adplug library fails to verify the\n size of the destination buffers in the unpacking instructions,\n resulting in various possible heap and buffer overflows.\n \nImpact :\n\n An attacker can entice a user to load a specially crafted media file,\n resulting in a crash or possible execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/archive/1/439432/30/0/threaded\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200607-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Audacious users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/audacious-1.1.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:audacious\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/04\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-sound/audacious\", unaffected:make_list(\"ge 1.1.0\"), vulnerable:make_list(\"lt 1.1.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Audacious\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:04", "references": ["https://security.gentoo.org/glsa/200609-06", "http://www.securityfocus.com/archive/1/439432/30/0/threaded"], "pluginID": "22351", "description": "The remote host is affected by the vulnerability described in GLSA-200609-06 (AdPlug: Multiple vulnerabilities)\n\n AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M.\n Impact :\n\n By enticing a user to load a specially crafted file, an attacker could execute arbitrary code with the privileges of the user running AdPlug.\n Workaround :\n\n There are no known workarounds at this time.", "edition": 5, "reporter": "Tenable", "published": "2006-09-15T00:00:00", "title": "GLSA-200609-06 : AdPlug: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adplug"], "id": "GENTOO_GLSA-200609-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200609-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22351);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2006-3581\", \"CVE-2006-3582\");\n script_xref(name:\"GLSA\", value:\"200609-06\");\n\n script_name(english:\"GLSA-200609-06 : AdPlug: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200609-06\n(AdPlug: Multiple vulnerabilities)\n\n AdPlug is vulnerable to buffer and heap overflows when processing the\n following types of files: CFF, MTK, DMO, U6M, DTM, and S3M.\n \nImpact :\n\n By enticing a user to load a specially crafted file, an attacker could\n execute arbitrary code with the privileges of the user running AdPlug.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/archive/1/439432/30/0/threaded\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200609-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All AdPlug users should update to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/adplug-2.0.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adplug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/adplug\", unaffected:make_list(\"ge 2.0.1\"), vulnerable:make_list(\"lt 2.0.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"AdPlug\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:13", "references": [], "pluginID": "57850", "description": "The remote host is missing updates announced in\nadvisory GLSA 200607-13.", "edition": 2, "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Gentoo Security Advisory GLSA 200607-13 (audacious)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57850", "id": "OPENVAS:57850", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The adplug library included in Audacious is vulnerable to various overflows\nthat could result in the execution of arbitrary code.\";\ntag_solution = \"All Audacious users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/audacious-1.1.0'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200607-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=139957\nhttp://www.securityfocus.com/archive/1/439432/30/0/threaded\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200607-13.\";\n\n \n\nif(description)\n{\n script_id(57850);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-3581\", \"CVE-2006-3582\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200607-13 (audacious)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-sound/audacious\", unaffected: make_list(\"ge 1.1.0\"), vulnerable: make_list(\"lt 1.1.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:00", "references": [], "pluginID": "57884", "description": "The remote host is missing updates announced in\nadvisory GLSA 200609-06.", "edition": 2, "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Gentoo Security Advisory GLSA 200609-06 (adplug)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57884", "id": "OPENVAS:57884", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple heap and buffer overflows exist in AdPlug.\";\ntag_solution = \"All AdPlug users should update to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/adplug-2.0.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200609-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=139593\nhttp://www.securityfocus.com/archive/1/439432/30/0/threaded\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200609-06.\";\n\n \n\nif(description)\n{\n script_id(57884);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-3581\", \"CVE-2006-3582\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200609-06 (adplug)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/adplug\", unaffected: make_list(\"ge 2.0.1\"), vulnerable: make_list(\"lt 2.0.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:05", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=139957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3582", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3581", "http://www.securityfocus.com/archive/1/439432/30/0/threaded"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.1.0", "packageName": "media-sound/audacious", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nAudacious is a media player that has been forked from Beep Media Player. \n\n### Description\n\nLuigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. \n\n### Impact\n\nAn attacker can entice a user to load a specially crafted media file, resulting in a crash or possible execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Audacious users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/audacious-1.1.0\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2006-07-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "Audacious: Multiple heap and buffer overflows", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "modified": "2006-07-29T00:00:00", "id": "GLSA-200607-13", "href": "https://security.gentoo.org/glsa/200607-13", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:53", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3582", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3581", "http://www.securityfocus.com/archive/1/439432/30/0/threaded", "https://bugs.gentoo.org/show_bug.cgi?id=139593"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.0.1", "packageName": "media-libs/adplug", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nAdPlug is a free, cross-platform, and hardware-independent AdLib sound player library. \n\n### Description\n\nAdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. \n\n### Impact\n\nBy enticing a user to load a specially crafted file, an attacker could execute arbitrary code with the privileges of the user running AdPlug. \n\n### Workaround\n\nThere are no known workarounds at this time. \n\n### Resolution\n\nAll AdPlug users should update to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/adplug-2.0.1\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2006-09-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "AdPlug: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3581", "CVE-2006-3582"], "modified": "2006-09-12T00:00:00", "id": "GLSA-200609-06", "href": "https://security.gentoo.org/glsa/200609-06", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
