Executive Summary
Summary | |
---|---|
Title | New gst-plugins-bad0.10 packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1851 | First vendor Publication | 2009-08-06 |
Vendor | Debian | Last vendor Modification | 2009-08-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name. For the stable distribution (lenny), this problem has been fixed in version 0.10.7-2+lenny2. For the oldstable distribution (etch), this problem has been fixed in version 0.10.3-3.1+etch3. For the testing distribution (squeeze) and the unstable distribution (sid), gst-plugins-bad0.10 links against libmodplug. We recommend that you upgrade your gst-plugins-bad0.10 packages. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1851 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13584 | |||
Oval ID: | oval:org.mitre.oval:def:13584 | ||
Title: | DSA-1851-1 gst-plugins-bad0.10 -- integer overflow | ||
Description: | It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name. For the stable distribution, this problem has been fixed in version 0.10.7-2+lenny2. For the oldstable distribution, this problem has been fixed in version 0.10.3-3.1+etch3. For the testing distribution and the unstable distribution , gst-plugins-bad0.10 links against libmodplug. We recommend that you upgrade your gst-plugins-bad0.10 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1851-1 CVE-2009-1438 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | gst-plugins-bad0.10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8279 | |||
Oval ID: | oval:org.mitre.oval:def:8279 | ||
Title: | DSA-1851 gst-plugins-bad0.10 -- integer overflow | ||
Description: | It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1851 CVE-2009-1438 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | gst-plugins-bad0.10 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:128-1 (libmodplug) File : nvt/mdksa_2009_128_1.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1850-1 (libmodplug) File : nvt/deb_1850_1.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1851-1 (gst-plugins-bad0.10) File : nvt/deb_1851_1.nasl |
2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-07 (libmodplug gst-plugins-bad) File : nvt/glsa_200907_07.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-06-09 | Name : Mandrake Security Advisory MDVSA-2009:128 (libmodplug) File : nvt/mdksa_2009_128.nasl |
2009-06-05 | Name : Ubuntu USN-771-1 (libmodplug) File : nvt/ubuntu_771_1.nasl |
2009-05-05 | Name : Fedora Core 9 FEDORA-2009-4064 (libmodplug) File : nvt/fcore_2009_4064.nasl |
2009-05-05 | Name : Fedora Core 10 FEDORA-2009-4068 (libmodplug) File : nvt/fcore_2009_4068.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53801 | libmodplug src/load_med.cpp CSoundFile::ReadMed() Function MED File Handling ... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1850.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1851.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_gstreamer010-plugins-bad-6251.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_gstreamer-0_10-plugins-bad-090515.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gstreamer-0_10-plugins-bad-090514.nasl - Type : ACT_GATHER_INFO |
2009-07-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200907-07.nasl - Type : ACT_GATHER_INFO |
2009-06-05 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-128.nasl - Type : ACT_GATHER_INFO |
2009-05-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-771-1.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-4064.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-4068.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:41 |
|