Executive Summary
Summary | |
---|---|
Title | New amarok packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1706 | First vendor Publication | 2009-01-15 |
Vendor | Debian | Last vendor Modification | 2009-01-15 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.4.4-4etch1. Updated packages for sparc and arm will be provided later. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 1.4.10-2. We recommend that you upgrade your amarok packages. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1706 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13902 | |||
Oval ID: | oval:org.mitre.oval:def:13902 | ||
Title: | USN-739-1 -- amarok vulnerabilities | ||
Description: | It was discovered that Amarok did not correctly handle certain malformed tags in Audible Audio files. If a user were tricked into opening a crafted Audible Audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-739-1 CVE-2009-0135 CVE-2009-0136 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.10 Ubuntu 8.04 | Product(s): | amarok |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:030-1 (amarok) File : nvt/mdksa_2009_030_1.nasl |
2009-03-31 | Name : FreeBSD Ports: amarok File : nvt/freebsd_amarok.nasl |
2009-03-31 | Name : Gentoo Security Advisory GLSA 200903-34 (amarok) File : nvt/glsa_200903_34.nasl |
2009-03-20 | Name : Ubuntu USN-735-1 (gst-plugins-base0.10) File : nvt/ubuntu_735_1.nasl |
2009-03-20 | Name : Ubuntu USN-736-1 (gst-plugins-good0.10) File : nvt/ubuntu_736_1.nasl |
2009-03-20 | Name : Ubuntu USN-737-1 (libsoup) File : nvt/ubuntu_737_1.nasl |
2009-03-20 | Name : Ubuntu USN-739-1 (amarok) File : nvt/ubuntu_739_1.nasl |
2009-02-02 | Name : Mandrake Security Advisory MDVSA-2009:030 (amarok) File : nvt/mdksa_2009_030.nasl |
2009-02-02 | Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl |
2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
2009-01-26 | Name : Fedora Core 9 FEDORA-2009-0715 (amarok) File : nvt/fcore_2009_0715.nasl |
2009-01-22 | Name : Amarok Player Multiple Vulnerabilities File : nvt/secpod_amarok_mult_vuln_lin.nasl |
2009-01-20 | Name : Debian Security Advisory DSA 1706-1 (amarok) File : nvt/deb_1706_1.nasl |
2009-01-20 | Name : Fedora Core 10 FEDORA-2009-0550 (amarok) File : nvt/fcore_2009_0550.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53459 | Amarok metadata/audible/audibletag.cpp Audible::Tag::readTag Function Audible... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_amarok-5931.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_amarok-090119.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_amarok-090119.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-030.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-739-1.nasl - Type : ACT_GATHER_INFO |
2009-03-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6bb6188c17b211deae4d0030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-03-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-34.nasl - Type : ACT_GATHER_INFO |
2009-01-29 | Name : The remote openSUSE host is missing a security update. File : suse_amarok-5932.nasl - Type : ACT_GATHER_INFO |
2009-01-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0715.nasl - Type : ACT_GATHER_INFO |
2009-01-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1706.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:08 |
|