Executive Summary

Informations
NameMDVSA-2009:128-1First vendor Publication2009-12-03
VendorMandrivaLast vendor Modification2009-12-03
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple security vulnerabilities has been identified and fixed in libmodplug:

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow (CVE-2009-1438).

Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name (CVE-2009-1513).

The updated packages have been patched to prevent this.

Update:

Packages for 2008.0 are being provided due to extended support for Corporate products.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:128-1

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application4

OpenVAS Exploits

DateDescription
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:128-1 (libmodplug)
File : nvt/mdksa_2009_128_1.nasl
2009-08-17Name : Debian Security Advisory DSA 1850-1 (libmodplug)
File : nvt/deb_1850_1.nasl
2009-08-17Name : Debian Security Advisory DSA 1851-1 (gst-plugins-bad0.10)
File : nvt/deb_1851_1.nasl
2009-07-29Name : Gentoo Security Advisory GLSA 200907-07 (libmodplug gst-plugins-bad)
File : nvt/glsa_200907_07.nasl
2009-07-06Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-06-09Name : Mandrake Security Advisory MDVSA-2009:128 (libmodplug)
File : nvt/mdksa_2009_128.nasl
2009-06-05Name : Ubuntu USN-771-1 (libmodplug)
File : nvt/ubuntu_771_1.nasl
2009-05-05Name : Fedora Core 9 FEDORA-2009-4064 (libmodplug)
File : nvt/fcore_2009_4064.nasl
2009-05-05Name : Fedora Core 10 FEDORA-2009-4068 (libmodplug)
File : nvt/fcore_2009_4068.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
54109libmodplug src/load_pat.c PATinst() Function Overflow
53801libmodplug src/load_med.cpp CSoundFile::ReadMed() Function MED File Handling ...

Nessus® Vulnerability Scanner

DateDescription
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1850.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1851.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote SuSE system is missing the security patch gstreamer010-plugins-bad...
File : suse_gstreamer010-plugins-bad-6251.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for gstreamer-0_10-plugins...
File : suse_11_1_gstreamer-0_10-plugins-bad-090514.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for gstreamer-0_10-plugins...
File : suse_11_0_gstreamer-0_10-plugins-bad-090515.nasl - Type : ACT_GATHER_INFO
2009-07-13Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200907-07.nasl - Type : ACT_GATHER_INFO
2009-06-05Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-128.nasl - Type : ACT_GATHER_INFO
2009-05-08Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-771-1.nasl - Type : ACT_GATHER_INFO
2009-04-28Name : The remote Fedora host is missing a security update.
File : fedora_2009-4064.nasl - Type : ACT_GATHER_INFO
2009-04-28Name : The remote Fedora host is missing a security update.
File : fedora_2009-4068.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:40:20
  • Multiple Updates