Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2009-335.NASL
HistoryDec 21, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2009:335)

2009-12-2100:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.141 Low

EPSS

Percentile

95.7%

JSON

A vulnerability was discovered and corrected in ffmpeg :

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718 (CVE-2008-4610).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides a solution to this vulnerability.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2009:335. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(43362);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2008-4610");
  script_bugtraq_id(34136);
  script_xref(name:"MDVSA", value:"2009:335");

  script_name(english:"Mandriva Linux Security Advisory : ffmpeg (MDVSA-2009:335)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was discovered and corrected in ffmpeg :

MPlayer allows remote attackers to cause a denial of service
(application crash) via (1) a malformed AAC file, as demonstrated by
lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated
by lol-ffplay.ogm, different vectors than CVE-2007-6718
(CVE-2008-4610).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers

This update provides a solution to this vulnerability."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ffmpeg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64avformats51");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64avformats52");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64avutil49");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ffmpeg-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ffmpeg51");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ffmpeg51-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ffmpeg51-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64swscaler0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libavformats51");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libavformats52");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libavutil49");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libffmpeg-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libffmpeg-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libffmpeg51");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libffmpeg51-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libffmpeg51-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libswscaler0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64avformats51-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64avutil49-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ffmpeg51-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libavformats51-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libavutil49-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libffmpeg51-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libffmpeg51-devel-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.4mdv2008.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.0", reference:"ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64avformats52-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64avutil49-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64ffmpeg51-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64swscaler0-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libavformats52-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libavutil49-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libffmpeg-devel-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libffmpeg51-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libswscaler0-0.4.9-3.pre1.14161.1.3mdv2009.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxffmpegp-cpe:/a:mandriva:linux:ffmpeg
mandrivalinuxlib64avformats51p-cpe:/a:mandriva:linux:lib64avformats51
mandrivalinuxlib64avformats52p-cpe:/a:mandriva:linux:lib64avformats52
mandrivalinuxlib64avutil49p-cpe:/a:mandriva:linux:lib64avutil49
mandrivalinuxlib64ffmpeg-develp-cpe:/a:mandriva:linux:lib64ffmpeg-devel
mandrivalinuxlib64ffmpeg-static-develp-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel
mandrivalinuxlib64ffmpeg51p-cpe:/a:mandriva:linux:lib64ffmpeg51
mandrivalinuxlib64ffmpeg51-develp-cpe:/a:mandriva:linux:lib64ffmpeg51-devel
mandrivalinuxlib64ffmpeg51-static-develp-cpe:/a:mandriva:linux:lib64ffmpeg51-static-devel
mandrivalinuxlib64swscaler0p-cpe:/a:mandriva:linux:lib64swscaler0
Rows per page:
1-10 of 211

Related

cve 2
openvas 5
debiancve 2
nvd 2
prion 2
cvelist 2
ubuntucve 3
nessus 3
gentoo 1
ubuntu 1
cve
cve
CVE-2008-4610
2008-10-20 17:59:26
CVE-2007-6718
2022-10-03 16:14:28
openvas
openvas
Mandriva Security Advisory MDVSA-2009:335 (ffmpeg)
2009-12-30 00:00:00
Mandriva Security Advisory MDVSA-2009:335 (ffmpeg)
2009-12-30 00:00:00
Gentoo Security Advisory GLSA 201310-13
2015-09-29 00:00:00
debiancve
debiancve
CVE-2008-4610
2008-10-20 17:59:26
CVE-2007-6718
2022-10-03 16:14:28
nvd
nvd
CVE-2008-4610
2008-10-20 17:59:26
CVE-2007-6718
2008-10-20 17:59:23
prion
prion
Design/Logic Flaw
2008-10-20 17:59:00
Design/Logic Flaw
2008-10-20 17:59:00
cvelist
cvelist
CVE-2008-4610
2008-10-20 17:00:00
CVE-2007-6718
2022-10-03 16:14:28
ubuntucve
ubuntucve
CVE-2008-4610
2008-10-20 00:00:00
CVE-2008-5244
2008-11-25 00:00:00
CVE-2007-6718
2008-10-20 00:00:00
nessus
nessus
GLSA-201310-13 : MPlayer: Multiple vulnerabilities
2013-10-27 00:00:00
Mandrake Linux Security Advisory : mplayer (MDKSA-2007:192)
2007-10-03 00:00:00
Ubuntu 7.10 / 8.04 LTS / 8.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-734-1)
2009-04-23 00:00:00
gentoo
gentoo
MPlayer: Multiple vulnerabilities
2013-10-25 00:00:00
ubuntu
ubuntu
FFmpeg vulnerabilities
2009-03-16 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.141 Low

EPSS

Percentile

95.7%

JSON
Related for MANDRIVA_MDVSA-2009-335.NASL
cve2openvas5debiancve2nvd2prion2cvelist2ubuntucve3nessus3gentoo1ubuntu1