CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.0%
Multiple buffer overflows were fixed in the XINE decoder libraries, which could be used by attackers to crash players or potentially execute code.
CVE-2006-4799: Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and ‘bad indexes’.
CVE-2006-4800: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update xine-lib-2308.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(27485);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2006-4799", "CVE-2006-4800");
script_name(english:"openSUSE 10 Security Update : xine-lib (xine-lib-2308)");
script_summary(english:"Check for the xine-lib-2308 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Multiple buffer overflows were fixed in the XINE decoder libraries,
which could be used by attackers to crash players or potentially
execute code.
CVE-2006-4799: Buffer overflow in ffmpeg for xine-lib before 1.1.2
might allow context-dependent attackers to execute arbitrary code via
a crafted AVI file and 'bad indexes'.
CVE-2006-4800: Multiple buffer overflows in libavcodec in ffmpeg
before 0.4.9_p20060530 allow remote attackers to cause a denial of
service or possibly execute arbitrary code via multiple unspecified
vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5)
smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)
shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c."
);
script_set_attribute(
attribute:"solution",
value:"Update the affected xine-lib packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
script_set_attribute(attribute:"patch_publication_date", value:"2006/11/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE10.1", reference:"xine-lib-1.1.1-24.10") ) flag++;
if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"xine-lib-32bit-1.1.1-24.10") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine-lib");
}