Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2009:272-1 | First vendor Publication | 2009-12-05 |
| Vendor | Mandriva | Last vendor Modification | 2009-12-05 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities has been found and corrected in libmikmod: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720). libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179). This update fixes these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:272-1 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for mikmod CESA-2010:0720 centos5 i386 File : nvt/gb_CESA-2010_0720_mikmod_centos5_i386.nasl |
| 2010-10-01 | Name : CentOS Update for mikmod CESA-2010:0720 centos3 i386 File : nvt/gb_CESA-2010_0720_mikmod_centos3_i386.nasl |
| 2010-10-01 | Name : CentOS Update for mikmod CESA-2010:0720 centos4 i386 File : nvt/gb_CESA-2010_0720_mikmod_centos4_i386.nasl |
| 2010-10-01 | Name : RedHat Update for mikmod RHSA-2010:0720-01 File : nvt/gb_RHSA-2010_0720-01_mikmod.nasl |
| 2010-10-01 | Name : Ubuntu Update for libmikmod vulnerabilities USN-995-1 File : nvt/gb_ubuntu_USN_995_1.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:272-1 (libmikmod) File : nvt/mdksa_2009_272_1.nasl |
| 2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:272 (libmikmod) File : nvt/mdksa_2009_272.nasl |
| 2009-10-13 | Name : SLES10: Security update for libmikmod File : nvt/sles10_libmikmod.nasl |
| 2009-10-10 | Name : SLES9: Security update for libmikmod File : nvt/sles9p5043927.nasl |
| 2009-09-02 | Name : Fedora Core 10 FEDORA-2009-9095 (libmikmod) File : nvt/fcore_2009_9095.nasl |
| 2009-09-02 | Name : Fedora Core 11 FEDORA-2009-9112 (libmikmod) File : nvt/fcore_2009_9112.nasl |
| 2009-03-13 | Name : SuSE Security Summary SUSE-SR:2009:006 File : nvt/suse_sr_2009_006.nasl |
| 2009-01-29 | Name : MikMod Module Player Denial of Service Vulnerability (Linux) File : nvt/secpod_mikmod_dos_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 53456 | libmikmod Malformed XM File Handling DoS |
| 53455 | libmikmod Playback Calculation Weakness MOD File Handling DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libmikmod_20140114.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0720.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100928_mikmod_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0720.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0720.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-995-1.nasl - Type : ACT_GATHER_INFO |
| 2009-10-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-272.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12359.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libmikmod-6034.nasl - Type : ACT_GATHER_INFO |
| 2009-08-31 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9095.nasl - Type : ACT_GATHER_INFO |
| 2009-08-31 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9112.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmikmod-090227.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmikmod-090227.nasl - Type : ACT_GATHER_INFO |
| 2009-03-03 | Name : The remote openSUSE host is missing a security update. File : suse_libmikmod-6033.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:40:51 |
|
| 2013-05-11 00:47:46 |
|
