Executive Summary
Summary | |
---|---|
Title | speex security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0235 | First vendor Publication | 2008-04-16 |
Vendor | RedHat | Last vendor Modification | 2008-04-16 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated speex packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Speex is a patent-free compression format designed especially for speech. The Speex package contains a library for handling Speex files and sample encoder and decoder implementations using this library. The Speex library was found to not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. (CVE-2008-1686) All users of speex are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 441239 - CVE-2008-1686 speex, libfishsound: insufficient boundary checks |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0235.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10026 | |||
Oval ID: | oval:org.mitre.oval:def:10026 | ||
Title: | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | ||
Description: | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1686 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17457 | |||
Oval ID: | oval:org.mitre.oval:def:17457 | ||
Title: | USN-611-2 -- vorbis-tools vulnerability | ||
Description: | USN-611-1 fixed a vulnerability in Speex. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-611-2 CVE-2008-1686 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | vorbis-tools |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17553 | |||
Oval ID: | oval:org.mitre.oval:def:17553 | ||
Title: | USN-611-1 -- speex vulnerability | ||
Description: | It was discovered that Speex did not properly validate its input when processing Speex file headers. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-611-1 CVE-2008-1686 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | speex |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17732 | |||
Oval ID: | oval:org.mitre.oval:def:17732 | ||
Title: | USN-611-3 -- gst-plugins-good0.10 vulnerability | ||
Description: | USN-611-1 fixed a vulnerability in Speex. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-611-3 CVE-2008-1686 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | gst-plugins-good0.10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18615 | |||
Oval ID: | oval:org.mitre.oval:def:18615 | ||
Title: | DSA-1584-1 libfishsound - integer overflow | ||
Description: | It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1584-1 CVE-2008-1686 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libfishsound |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20293 | |||
Oval ID: | oval:org.mitre.oval:def:20293 | ||
Title: | DSA-1585-1 speex - integer overflow | ||
Description: | It was discovered that speex, the Speex codec command line tools, did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1585-1 CVE-2008-1686 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | speex |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22410 | |||
Oval ID: | oval:org.mitre.oval:def:22410 | ||
Title: | ELSA-2008:0235: speex security update (Important) | ||
Description: | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0235-01 CVE-2008-1686 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | speex |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7912 | |||
Oval ID: | oval:org.mitre.oval:def:7912 | ||
Title: | DSA-1585 speex -- integer overflow | ||
Description: | It was discovered that speex, the Speex codec command line tools, did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1585 CVE-2008-1686 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | speex |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8197 | |||
Oval ID: | oval:org.mitre.oval:def:8197 | ||
Title: | DSA-1584 libfishsound -- buffer overflow | ||
Description: | It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1584 CVE-2008-1686 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libfishsound |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for gstreamer-plugins-good MDVSA-2008:092 (gstreamer-plugins... File : nvt/gb_mandriva_MDVSA_2008_092.nasl |
2009-04-09 | Name : Mandriva Update for vorbis-tools MDVSA-2008:093 (vorbis-tools) File : nvt/gb_mandriva_MDVSA_2008_093.nasl |
2009-04-09 | Name : Mandriva Update for speex MDVSA-2008:094 (speex) File : nvt/gb_mandriva_MDVSA_2008_094.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:124 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_124.nasl |
2009-03-23 | Name : Ubuntu Update for xine-lib vulnerabilities USN-635-1 File : nvt/gb_ubuntu_USN_635_1.nasl |
2009-03-23 | Name : Ubuntu Update for gst-plugins-good0.10 vulnerability USN-611-3 File : nvt/gb_ubuntu_USN_611_3.nasl |
2009-03-23 | Name : Ubuntu Update for vorbis-tools vulnerability USN-611-2 File : nvt/gb_ubuntu_USN_611_2.nasl |
2009-03-23 | Name : Ubuntu Update for speex vulnerability USN-611-1 File : nvt/gb_ubuntu_USN_611_1.nasl |
2009-03-06 | Name : RedHat Update for speex RHSA-2008:0235-01 File : nvt/gb_RHSA-2008_0235-01_speex.nasl |
2009-02-27 | Name : CentOS Update for speex CESA-2008:0235 centos4 i386 File : nvt/gb_CESA-2008_0235_speex_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for speex CESA-2008:0235 centos4 x86_64 File : nvt/gb_CESA-2008_0235_speex_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for libfishsound FEDORA-2008-3059 File : nvt/gb_fedora_2008_3059_libfishsound_fc8.nasl |
2009-02-17 | Name : Fedora Update for speex FEDORA-2008-3103 File : nvt/gb_fedora_2008_3103_speex_fc8.nasl |
2009-02-17 | Name : Fedora Update for libfishsound FEDORA-2008-3117 File : nvt/gb_fedora_2008_3117_libfishsound_fc7.nasl |
2009-02-17 | Name : Fedora Update for speex FEDORA-2008-3191 File : nvt/gb_fedora_2008_3191_speex_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-17 (speex) File : nvt/glsa_200804_17.nasl |
2008-09-04 | Name : FreeBSD Ports: vorbis-tools File : nvt/freebsd_vorbis-tools.nasl |
2008-09-04 | Name : FreeBSD Ports: libxine File : nvt/freebsd_libxine9.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1586-1 (xine-lib) File : nvt/deb_1586_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1584-1 (libfishsound) File : nvt/deb_1584_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-111-01 xine-lib File : nvt/esoft_slk_ssa_2008_111_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44143 | libfishsound Speex Decoder Header Structure Handling Arbitrary Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0235.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080416_speex_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5304.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_vorbis-tools-5302.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-124.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-094.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-093.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-092.nasl - Type : ACT_GATHER_INFO |
2008-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-635-1.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_speex-5364.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gstreamer010-plugins-good-5185.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_gstreamer010-plugins-good-5195.nasl - Type : ACT_GATHER_INFO |
2008-06-04 | Name : The remote openSUSE host is missing a security update. File : suse_vorbis-tools-5192.nasl - Type : ACT_GATHER_INFO |
2008-06-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_vorbis-tools-5193.nasl - Type : ACT_GATHER_INFO |
2008-05-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1586.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1585.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1584.nasl - Type : ACT_GATHER_INFO |
2008-05-20 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3117.nasl - Type : ACT_GATHER_INFO |
2008-05-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5205.nasl - Type : ACT_GATHER_INFO |
2008-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5204.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_633716fa1f8f11ddb1430211d880e350.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-611-3.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-611-2.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-611-1.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7a7c585310a311dd8eb800163e000016.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-111-01.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0235.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-17.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0235.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3059.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3103.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3191.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:35 |
|