DATABASE RESOURCES PRICING ABOUT US

{"id": "SECURITYVULNS:DOC:32487", "bulletinFamily": "software", "title": "[SECURITY] [DSA 3355-1] libvdpau security update", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3355-1 security@debian.org\r\nhttps://www.debian.org/security/ Alessandro Ghedini\r\nSeptember 10, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libvdpau\r\nCVE ID : CVE-2015-5198 CVE-2015-5199 CVE-2015-5200\r\nDebian Bug : 797895\r\n\r\nFlorian Weimer of Red Hat Product Security discovered that libvdpau, the\r\nVDPAU wrapper library, did not properly validate environment variables,\r\nallowing local attackers to gain additional privileges.\r\n\r\nFor the oldstable distribution (wheezy), these problems have been fixed\r\nin version 0.4.1-7+deb7u1.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 0.8-3+deb8u1.\r\n\r\nFor the testing distribution (stretch), these problems have been fixed\r\nin version 1.1.1-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 1.1.1-1.\r\n\r\nWe recommend that you upgrade your libvdpau packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJV8UE8AAoJEK+lG9bN5XPLd6YP/R1bGtDqgFix0QlePO4zBfNU\r\nuWkPYYlQNihDd+0m2DnOvKD9m934aeArwoj4hDcu8lwxkX+3TGeFbiHM6fo+kz2P\r\nzVZmBt3K11TUzJ9hQcJNpw0E7JpYfBeBFVTMiFwE1An2JG+GDGwlOY9jq69/n++r\r\n+lk2unQ9e4SF2nynSDfuakU95RpcYBaSUgOjttQrOlh5wQJVldRhyltUBfNcinD6\r\nPlIEF9Hr0PVboFfL6q5W+hGPDElGQAYRn6M2ISz/en3/IADe3r7uJlLwLGcahr5J\r\nI3dejzgGif2eSigidkagsUuevwbotznDcBo58xRMc3R/a7QYI6fVEwaK3s3xCC/V\r\n5wv0aABatKaXO8T/95yKXGJ5O12zqlzIhiup3vWENhh1hqwKy6Tv44Zl21YzigdR\r\nqfloo5poqKhK3vXQVgeaANy6sjTVGFzWQX5Tk1TTDB1Oh4iFMqFBBj0qXYnT9nEt\r\n6n5X4FX/oRAnBmhhsp9YLVZwpZ3QofUE1m33vuMKkjLCAXveXrvdapBqDtnXhXsA\r\nov49RIilPH2xDG4OSWquJG2Ua4nMKPVhZ/St2wQJ5SP2nVZ6fmKv2Mq3IgHjCcMY\r\na/TALnJgn+l/GKE7hm0PlJ+jwMLobtO4uJotoeMgpsZJT9qyVCg5Y50R+fYKe1+2\r\nuGCGEq0U8v5y7asmernY\r\n=YTzO\r\n-----END PGP SIGNATURE-----\r\n\r\n", "published": "2015-09-14T00:00:00", "modified": "2015-09-14T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32487", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:01", "edition": 1, "viewCount": 7, "enchantments": {"score": {"value": 5.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201509-5"]}, {"type": "cve", "idList": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"]}, {"type": "debian", "idList": ["DEBIAN:DLA-306-1:7CD33", "DEBIAN:DSA-3355-1:2DD43"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5198", "DEBIANCVE:CVE-2015-5199", "DEBIANCVE:CVE-2015-5200"]}, {"type": "fedora", "idList": ["FEDORA:95B166030B08", "FEDORA:9A3096193EF1", "FEDORA:B3A0D6058519"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-306.NASL", "DEBIAN_DSA-3355.NASL", "FEDORA_2015-14850.NASL", "FEDORA_2015-14851.NASL", "FEDORA_2015-3CA3F2138B.NASL", "OPENSUSE-2015-576.NASL", "SUSE_SU-2015-1892-1.NASL", "SUSE_SU-2015-1925-1.NASL", "UBUNTU_USN-2729-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310130026", "OPENVAS:1361412562310703355", "OPENVAS:1361412562310806565", "OPENVAS:1361412562310842428", "OPENVAS:1361412562310869958", "OPENVAS:703355"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14673"]}, {"type": "ubuntu", "idList": ["USN-2729-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5198", "UB:CVE-2015-5199", "UB:CVE-2015-5200"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"]}, {"type": "debian", "idList": ["DEBIAN:DLA-306-1:7CD33"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5198"]}, {"type": "fedora", "idList": ["FEDORA:9A3096193EF1"]}, {"type": "nessus", "idList": ["FEDORA_2015-3CA3F2138B.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703355"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14673"]}, {"type": "ubuntu", "idList": ["USN-2729-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5199"]}]}, "exploitation": null, "vulnersScore": 5.7}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"openvas": [{"lastseen": "2019-05-29T18:36:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-02T00:00:00", "type": "openvas", "title": "Fedora Update for libvdpau FEDORA-2015-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310806565", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806565", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvdpau FEDORA-2015-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806565\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-02 07:57:50 +0100 (Mon, 02 Nov 2015)\");\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvdpau FEDORA-2015-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvdpau'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libvdpau on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvdpau\", rpm:\"libvdpau~1.1.1~2.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:54", "description": "Florian Weimer of Red Hat Product\nSecurity discovered that libvdpau, the VDPAU wrapper library, did not properly\nvalidate environment variables, allowing local attackers to gain additional\nprivileges.", "cvss3": {}, "published": "2015-09-10T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3355-1 (libvdpau - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703355", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3355.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3355-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703355\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_name(\"Debian Security Advisory DSA 3355-1 (libvdpau - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-10 00:00:00 +0200 (Thu, 10 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3355.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libvdpau on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution\n(wheezy), these problems have been fixed in version 0.4.1-7+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.8-3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.1.1-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.1-1.\n\nWe recommend that you upgrade your libvdpau packages.\");\n script_tag(name:\"summary\", value:\"Florian Weimer of Red Hat Product\nSecurity discovered that libvdpau, the VDPAU wrapper library, did not properly\nvalidate environment variables, allowing local attackers to gain additional\nprivileges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libvdpau-dev:amd64\", ver:\"0.4.1-7+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvdpau-dev:i386\", ver:\"0.4.1-7+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvdpau-doc\", ver:\"0.4.1-7+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvdpau1:amd64\", ver:\"0.4.1-7+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvdpau1:i386\", ver:\"0.4.1-7+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:52:49", "description": "Florian Weimer of Red Hat Product\nSecurity discovered that libvdpau, the VDPAU wrapper library, did not properly\nvalidate environment variables, allowing local attackers to gain additional\nprivileges.", "cvss3": {}, "published": "2015-09-10T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3355-1 (libvdpau - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703355", "href": "http://plugins.openvas.org/nasl.php?oid=703355", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3355.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3355-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703355);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_name(\"Debian Security Advisory DSA 3355-1 (libvdpau - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-10 00:00:00 +0200 (Thu, 10 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3355.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libvdpau on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), these problems have been fixed in version 0.4.1-7+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.8-3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.1.1-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.1-1.\n\nWe recommend that you upgrade your libvdpau packages.\");\n script_tag(name: \"summary\", value: \"Florian Weimer of Red Hat Product\nSecurity discovered that libvdpau, the VDPAU wrapper library, did not properly\nvalidate environment variables, allowing local attackers to gain additional\nprivileges.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvdpau-dev:amd64\", ver:\"0.4.1-7+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvdpau-dev:i386\", ver:\"0.4.1-7+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvdpau-doc\", ver:\"0.4.1-7+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvdpau1:amd64\", ver:\"0.4.1-7+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvdpau1:i386\", ver:\"0.4.1-7+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-25T00:00:00", "type": "openvas", "title": "Fedora Update for libvdpau FEDORA-2015-14851", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869958", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869958", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvdpau FEDORA-2015-14851\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869958\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-25 07:18:05 +0200 (Fri, 25 Sep 2015)\");\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvdpau FEDORA-2015-14851\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvdpau'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libvdpau on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-14851\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvdpau\", rpm:\"libvdpau~1.1.1~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:24", "description": "Mageia Linux Local Security Checks mgasa-2015-0364", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0364", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130026", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0364.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130026\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:41:40 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0364\");\n script_tag(name:\"insight\", value:\"Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files (CVE-2015-5198, CVE-2015-5199, and CVE-2015-5200).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0364.html\");\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0364\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"libvdpau\", rpm:\"libvdpau~1.1.1~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for libvdpau USN-2729-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842428", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libvdpau USN-2729-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842428\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-04 08:15:25 +0200 (Fri, 04 Sep 2015)\");\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libvdpau USN-2729-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvdpau'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Florian Weimer discovered that libvdpau\nincorrectly handled certain environment variables. A local attacker could possibly\nuse this issue to gain privileges.\");\n script_tag(name:\"affected\", value:\"libvdpau on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2729-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2729-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvdpau1:amd64\", ver:\"0.7-1ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvdpau1:i386\", ver:\"0.7-1ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvdpau1\", ver:\"0.4.1-3ubuntu1.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-03-27T15:07:42", "description": "Update to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-08T00:00:00", "type": "nessus", "title": "Fedora 23 : libvdpau-1.1.1-1.fc23 (2015-14850)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvdpau", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-14850.NASL", "href": "https://www.tenable.com/plugins/nessus/85828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-14850.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85828);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_xref(name:\"FEDORA\", value:\"2015-14850\");\n\n script_name(english:\"Fedora 23 : libvdpau-1.1.1-1.fc23 (2015-14850)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199,\nCVE-2015-5200\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c03c0bdc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvdpau package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvdpau\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"libvdpau-1.1.1-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvdpau\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:10:05", "description": "libvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications.\n\n - CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967)\n\n - CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968)\n\n - CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libvdpau (SUSE-SU-2015:1892-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvdpau-debugsource", "p-cpe:/a:novell:suse_linux:libvdpau1", "p-cpe:/a:novell:suse_linux:libvdpau1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1892-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1892-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86752);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libvdpau (SUSE-SU-2015:1892-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvdpau was updated to use secure_getenv() instead of getenv() for\nseveral variables so it can be more safely used in setuid\napplications.\n\n - CVE-2015-5198: libvdpau: incorrect check for security\n transition (bnc#943967)\n\n - CVE-2015-5199: libvdpau: directory traversal in dlopen\n (bnc#943968)\n\n - CVE-2015-5200: libvdpau: vulnerability in trace\n functionality (bnc#943969)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5198/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5199/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5200/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151892-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ef6d9c8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-788=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-788=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-788=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-788=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvdpau-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvdpau1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvdpau1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libvdpau-debugsource-0.8-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libvdpau1-0.8-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libvdpau1-debuginfo-0.8-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvdpau-debugsource-0.8-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvdpau1-0.8-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvdpau1-32bit-0.8-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvdpau1-debuginfo-0.8-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvdpau1-debuginfo-32bit-0.8-3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvdpau\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:51:57", "description": "libvdpau-1.1.1-2.fc21 - Backport current patches - Switch to new upstream git repository on freedesktop.org ---- Update to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 21 : libvdpau-1.1.1-2.fc21 (2015-3ca3f2138b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvdpau", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-3CA3F2138B.NASL", "href": "https://www.tenable.com/plugins/nessus/89219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-3ca3f2138b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89219);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_xref(name:\"FEDORA\", value:\"2015-3ca3f2138b\");\n\n script_name(english:\"Fedora 21 : libvdpau-1.1.1-2.fc21 (2015-3ca3f2138b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvdpau-1.1.1-2.fc21 - Backport current patches - Switch to new\nupstream git repository on freedesktop.org ---- Update to 1.1.1\nSecurity fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d815e775\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvdpau package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvdpau\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"libvdpau-1.1.1-2.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvdpau\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:07:41", "description": "libvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications.\n\n - CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967)\n\n - CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968)\n\n - CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969)", "cvss3": {"score": null, "vector": null}, "published": "2015-09-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libvdpau (openSUSE-2015-576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvdpau-debugsource", "p-cpe:/a:novell:opensuse:libvdpau-devel", "p-cpe:/a:novell:opensuse:libvdpau-devel-32bit", "p-cpe:/a:novell:opensuse:libvdpau1", "p-cpe:/a:novell:opensuse:libvdpau1-32bit", "p-cpe:/a:novell:opensuse:libvdpau1-debuginfo", "p-cpe:/a:novell:opensuse:libvdpau1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libvdpau_trace1", "p-cpe:/a:novell:opensuse:libvdpau_trace1-32bit", "p-cpe:/a:novell:opensuse:libvdpau_trace1-debuginfo", "p-cpe:/a:novell:opensuse:libvdpau_trace1-debuginfo-32bit", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-576.NASL", "href": "https://www.tenable.com/plugins/nessus/85926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-576.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85926);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n\n script_name(english:\"openSUSE Security Update : libvdpau (openSUSE-2015-576)\");\n script_summary(english:\"Check for the openSUSE-2015-576 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvdpau was updated to use secure_getenv() instead of getenv() for\nseveral variables so it can be more safely used in setuid\napplications.\n\n - CVE-2015-5198: libvdpau: incorrect check for security\n transition (bnc#943967)\n\n - CVE-2015-5199: libvdpau: directory traversal in dlopen\n (bnc#943968)\n\n - CVE-2015-5200: libvdpau: vulnerability in trace\n functionality (bnc#943969)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=943967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=943968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=943969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvdpau packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau_trace1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau_trace1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau_trace1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvdpau_trace1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvdpau-debugsource-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvdpau-devel-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvdpau1-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvdpau1-debuginfo-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvdpau_trace1-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvdpau_trace1-debuginfo-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvdpau-devel-32bit-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvdpau1-32bit-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvdpau1-debuginfo-32bit-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvdpau_trace1-32bit-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvdpau_trace1-debuginfo-32bit-0.6-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvdpau-debugsource-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvdpau-devel-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvdpau1-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvdpau1-debuginfo-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvdpau_trace1-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvdpau_trace1-debuginfo-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvdpau-devel-32bit-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvdpau1-32bit-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvdpau1-debuginfo-32bit-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvdpau_trace1-32bit-0.8-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvdpau_trace1-debuginfo-32bit-0.8-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvdpau-debugsource / libvdpau-devel / libvdpau-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:07:28", "description": "Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.\n\nFor Debian 6 'Squeeze', these problems have been fixed in libvdpau version 0.4.1-2+deb6u1. See DSA 3355-1 for information on other Debian releases.\n\nWe recommend that you upgrade your libvdpau packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-11T00:00:00", "type": "nessus", "title": "Debian DLA-306-1 : libvdpau security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lib32vdpau1", "p-cpe:/a:debian:debian_linux:libvdpau-dev", "p-cpe:/a:debian:debian_linux:libvdpau-doc", "p-cpe:/a:debian:debian_linux:libvdpau1", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-306.NASL", "href": "https://www.tenable.com/plugins/nessus/85897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-306-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85897);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n\n script_name(english:\"Debian DLA-306-1 : libvdpau security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Florian Weimer of Red Hat Product Security discovered that libvdpau,\nthe VDPAU wrapper library, did not properly validate environment\nvariables, allowing local attackers to gain additional privileges.\n\nFor Debian 6 'Squeeze', these problems have been fixed in libvdpau\nversion 0.4.1-2+deb6u1. See DSA 3355-1 for information on other Debian\nreleases.\n\nWe recommend that you upgrade your libvdpau packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/09/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libvdpau\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.debian.org/LTS/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lib32vdpau1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvdpau-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvdpau-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvdpau1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"lib32vdpau1\", reference:\"0.4.1-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvdpau-dev\", reference:\"0.4.1-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvdpau-doc\", reference:\"0.4.1-2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libvdpau1\", reference:\"0.4.1-2+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:07:56", "description": "Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-11T00:00:00", "type": "nessus", "title": "Debian DSA-3355-1 : libvdpau - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libvdpau", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3355.NASL", "href": "https://www.tenable.com/plugins/nessus/85898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3355. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85898);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_xref(name:\"DSA\", value:\"3355\");\n\n script_name(english:\"Debian DSA-3355-1 : libvdpau - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Florian Weimer of Red Hat Product Security discovered that libvdpau,\nthe VDPAU wrapper library, did not properly validate environment\nvariables, allowing local attackers to gain additional privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libvdpau\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libvdpau\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3355\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libvdpau packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 0.4.1-7+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 0.8-3+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvdpau\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libvdpau-dev\", reference:\"0.4.1-7+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvdpau-doc\", reference:\"0.4.1-7+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvdpau1\", reference:\"0.4.1-7+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvdpau-dev\", reference:\"0.8-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvdpau-doc\", reference:\"0.8-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvdpau1\", reference:\"0.8-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvdpau1-dbg\", reference:\"0.8-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:07:14", "description": "Update to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-25T00:00:00", "type": "nessus", "title": "Fedora 22 : libvdpau-1.1.1-1.fc22 (2015-14851)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvdpau", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-14851.NASL", "href": "https://www.tenable.com/plugins/nessus/86128", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-14851.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86128);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_xref(name:\"FEDORA\", value:\"2015-14851\");\n\n script_name(english:\"Fedora 22 : libvdpau-1.1.1-1.fc22 (2015-14851)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199,\nCVE-2015-5200\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1253827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65547785\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvdpau package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvdpau\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"libvdpau-1.1.1-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvdpau\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:07:41", "description": "Florian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-09-04T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : libvdpau vulnerabilities (USN-2729-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libvdpau1", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2729-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2729-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85797);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n script_xref(name:\"USN\", value:\"2729-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : libvdpau vulnerabilities (USN-2729-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Florian Weimer discovered that libvdpau incorrectly handled certain\nenvironment variables. A local attacker could possibly use this issue\nto gain privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2729-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvdpau1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvdpau1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libvdpau1\", pkgver:\"0.4.1-3ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libvdpau1\", pkgver:\"0.7-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libvdpau1\", pkgver:\"0.9-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvdpau1\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:09:34", "description": "libvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications.\n\n - CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967)\n\n - CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968)\n\n - CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-09T00:00:00", "type": "nessus", "title": "SUSE SLED11 Security Update : libvdpau (SUSE-SU-2015:1925-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvdpau1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1925-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1925-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86803);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5198\", \"CVE-2015-5199\", \"CVE-2015-5200\");\n\n script_name(english:\"SUSE SLED11 Security Update : libvdpau (SUSE-SU-2015:1925-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvdpau was updated to use secure_getenv() instead of getenv() for\nseveral variables so it can be more safely used in setuid\napplications.\n\n - CVE-2015-5198: libvdpau: incorrect check for security\n transition (bnc#943967)\n\n - CVE-2015-5199: libvdpau: directory traversal in dlopen\n (bnc#943968)\n\n - CVE-2015-5200: libvdpau: vulnerability in trace\n functionality (bnc#943969)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5198/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5199/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5200/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151925-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?239d11d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-libvdpau-12192=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-libvdpau-12192=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-libvdpau-12192=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-libvdpau-12192=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvdpau1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvdpau1-0.4.1-16.20.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvdpau1-32bit-0.4.1-16.20.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libvdpau1-0.4.1-16.20.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libvdpau1-0.4.1-16.20.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libvdpau1-32bit-0.4.1-16.20.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libvdpau1-0.4.1-16.20.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvdpau\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "description": "Privilege escalation because of incorrect envorionment variables handling.", "edition": 1, "cvss3": {}, "published": "2015-09-14T00:00:00", "title": "libvpau multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "modified": "2015-09-14T00:00:00", "id": "SECURITYVULNS:VULN:14673", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14673", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-10-23T22:22:48", "description": "Package : libvdpau\nVersion : 0.4.1-2+deb6u1\nCVE ID : CVE-2015-5198 CVE-2015-5199 CVE-2015-5200\nDebian Bug : 797895\n\nFlorian Weimer of Red Hat Product Security discovered that libvdpau, the\nVDPAU wrapper library, did not properly validate environment variables,\nallowing local attackers to gain additional privileges.\n\nFor Debian 6 &quot;Squeeze&quot;, these problems have been fixed in libvdpau\nversion 0.4.1-2+deb6u1. See DSA 3355-1 for information on other Debian\nreleases.\n\nWe recommend that you upgrade your libvdpau packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/", "cvss3": {}, "published": "2015-09-10T18:27:17", "type": "debian", "title": "[SECURITY] [DLA 306-1] libvdpau security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2015-09-10T18:27:17", "id": "DEBIAN:DLA-306-1:7CD33", "href": "https://lists.debian.org/debian-lts-announce/2015/09/msg00004.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-17T15:37:56", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3355-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nSeptember 10, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libvdpau\nCVE ID : CVE-2015-5198 CVE-2015-5199 CVE-2015-5200\nDebian Bug : 797895\n\nFlorian Weimer of Red Hat Product Security discovered that libvdpau, the\nVDPAU wrapper library, did not properly validate environment variables,\nallowing local attackers to gain additional privileges.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 0.4.1-7+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.8-3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.1.1-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.1-1.\n\nWe recommend that you upgrade your libvdpau packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-09-10T08:37:16", "type": "debian", "title": "[SECURITY] [DSA 3355-1] libvdpau security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2015-09-10T08:37:16", "id": "DEBIAN:DSA-3355-1:2DD43", "href": "https://lists.debian.org/debian-security-announce/2015/msg00254.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "VDPAU is the Video Decode and Presentation API for UNIX. It provides an interface to video decode acceleration and presentation hardware present in modern GPUs. ", "cvss3": {}, "published": "2015-09-04T19:51:10", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: libvdpau-1.1.1-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2015-09-04T19:51:10", "id": "FEDORA:95B166030B08", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EV3D5SK7GO6BRQ55WYUCRETR274ROGR7/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "VDPAU is the Video Decode and Presentation API for UNIX. It provides an interface to video decode acceleration and presentation hardware present in modern GPUs. ", "cvss3": {}, "published": "2015-09-24T08:36:26", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libvdpau-1.1.1-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2015-09-24T08:36:26", "id": "FEDORA:9A3096193EF1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MRFPHHJCUD3SJQ7XNJ7EEGXXLQBYO66Z/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "VDPAU is the Video Decode and Presentation API for UNIX. It provides an interface to video decode acceleration and presentation hardware present in modern GPUs. ", "cvss3": {}, "published": "2015-11-01T22:24:36", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: libvdpau-1.1.1-2.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2015-11-01T22:24:36", "id": "FEDORA:B3A0D6058519", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QXS7V2SUN5BCDUXAO6KYJVKOCY2CIGUN/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files (CVE-2015-5198, CVE-2015-5199, and CVE-2015-5200). \n", "cvss3": {}, "published": "2015-09-13T21:58:30", "type": "mageia", "title": "Updated libvdpau packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200"], "modified": "2015-09-13T21:58:30", "id": "MGASA-2015-0364", "href": "https://advisories.mageia.org/MGASA-2015-0364.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:36:24", "description": "Florian Weimer discovered that libvdpau incorrectly handled certain \nenvironment variables. A local attacker could possibly use this issue to \ngain privileges.\n", "cvss3": {}, "published": "2015-09-03T00:00:00", "type": "ubuntu", "title": "libvdpau vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5199", "CVE-2015-5200", "CVE-2015-5198"], "modified": "2015-09-03T00:00:00", "id": "USN-2729-1", "href": "https://ubuntu.com/security/notices/USN-2729-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:44", "description": "- CVE-2015-5198 (Local Privilege Escalation)\n\nWhen used in a setuid or setgid application, libvdpau/lib32-libvdpau allows \nlocal users to gain privileges via unspecified vectors, related to the \nVDPAU_DRIVER_PATH environment variable.\n\n- CVE-2015-5199 (Directory Traversal)\n\nDirectory traversal vulnerability in dlopen in libvdpau/lib32/libvdpau allows \nlocal users to gain privileges via the VDPAU_DRIVER environment variable.\n\n- CVE-2015-5200 (Directory Traversal)\n\nThe trace functionality in libvdpau/lib32-libvdpau, when used in a setuid or \nsetgid application, allows local users to write to arbitrary files via \nunspecified vectors.", "edition": 2, "cvss3": {}, "published": "2015-09-12T00:00:00", "type": "archlinux", "title": "libvdpau lib32vdpau: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198", "CVE-2015-5200", "CVE-2015-5199"], "modified": "2015-09-12T00:00:00", "id": "ASA-201509-5", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:48:59", "description": "Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows\nlocal users to gain privileges via the VDPAU_DRIVER environment variable.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5199>\n", "cvss3": {}, "published": "2015-09-01T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5199", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5199"], "modified": "2015-09-01T00:00:00", "id": "UB:CVE-2015-5199", "href": "https://ubuntu.com/security/CVE-2015-5199", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-22T21:48:59", "description": "The trace functionality in libvdpau before 1.1.1, when used in a setuid or\nsetgid application, allows local users to write to arbitrary files via\nunspecified vectors.", "cvss3": {}, "published": "2015-09-01T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5200", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5200"], "modified": "2015-09-01T00:00:00", "id": "UB:CVE-2015-5200", "href": "https://ubuntu.com/security/CVE-2015-5200", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-11-22T21:48:59", "description": "libvdpau before 1.1.1, when used in a setuid or setgid application, allows\nlocal users to gain privileges via unspecified vectors, related to the\nVDPAU_DRIVER_PATH environment variable.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5198>\n", "cvss3": {}, "published": "2015-09-01T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5198", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198"], "modified": "2015-09-01T00:00:00", "id": "UB:CVE-2015-5198", "href": "https://ubuntu.com/security/CVE-2015-5198", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:54:29", "description": "Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.", "cvss3": {}, "published": "2015-09-08T15:59:00", "type": "cve", "title": "CVE-2015-5199", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5199"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/a:libvdpau_project:libvdpau:1.1.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:12.04"], "id": "CVE-2015-5199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5199", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:libvdpau_project:libvdpau:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T12:54:31", "description": "The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.", "cvss3": {}, "published": "2015-09-08T15:59:00", "type": "cve", "title": "CVE-2015-5200", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5200"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:libvdpau_project:libvdpau:1.1.0"], "id": "CVE-2015-5200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5200", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}, "cpe23": ["cpe:2.3:a:libvdpau_project:libvdpau:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T12:54:29", "description": "libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.", "cvss3": {}, "published": "2015-09-08T15:59:00", "type": "cve", "title": "CVE-2015-5198", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:libvdpau_project:libvdpau:1.1.0"], "id": "CVE-2015-5198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5198", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:libvdpau_project:libvdpau:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "debiancve": [{"lastseen": "2022-03-16T07:36:28", "description": "Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.", "cvss3": {}, "published": "2015-09-08T15:59:00", "type": "debiancve", "title": "CVE-2015-5199", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5199"], "modified": "2015-09-08T15:59:00", "id": "DEBIANCVE:CVE-2015-5199", "href": "https://security-tracker.debian.org/tracker/CVE-2015-5199", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-16T07:36:28", "description": "The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.", "cvss3": {}, "published": "2015-09-08T15:59:00", "type": "debiancve", "title": "CVE-2015-5200", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5200"], "modified": "2015-09-08T15:59:00", "id": "DEBIANCVE:CVE-2015-5200", "href": "https://security-tracker.debian.org/tracker/CVE-2015-5200", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-03-16T07:36:28", "description": "libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.", "cvss3": {}, "published": "2015-09-08T15:59:00", "type": "debiancve", "title": "CVE-2015-5198", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5198"], "modified": "2015-09-08T15:59:00", "id": "DEBIANCVE:CVE-2015-5198", "href": "https://security-tracker.debian.org/tracker/CVE-2015-5198", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}