Executive Summary
| Summary | |
|---|---|
| Title | aMule: Parameter injection |
| Informations | |||
|---|---|---|---|
| Name | GLSA-200909-06 | First vendor Publication | 2009-09-09 |
| Vendor | Gentoo | Last vendor Modification | 2009-09-09 |
| Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis An input validation error in aMule enables remote attackers to pass arbitrary parameters to a victim's media player. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200909-06.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-200909-06.xml |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13778 | |||
| Oval ID: | oval:org.mitre.oval:def:13778 | ||
| Title: | DSA-1821-1 amule -- insufficient input sanitising | ||
| Description: | Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player. For the stable distribution, this problem has been fixed in version 2.2.1-1+lenny2. The oldstable distribution is not affected by this issue. For the testing distribution this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.2.5-1.1. We recommend that you upgrade your amule packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1821-1 CVE-2009-1440 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | amule |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8068 | |||
| Oval ID: | oval:org.mitre.oval:def:8068 | ||
| Title: | DSA-1821 amule -- insufficient input sanitising | ||
| Description: | Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player. The oldstable distribution (etch) is not affected by this issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1821 CVE-2009-1440 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | amule |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-09-15 | Name : Gentoo Security Advisory GLSA 200909-06 (amule) File : nvt/glsa_200909_06.nasl |
| 2009-06-30 | Name : Debian Security Advisory DSA 1821-1 (amule) File : nvt/deb_1821_1.nasl |
| 2009-06-30 | Name : Ubuntu USN-789-1 (gst-plugins-good0.10) File : nvt/ubuntu_789_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 54179 | aMule mplayer Video Preview Filename Arbitrary Parameter Injection |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-09-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-06.nasl - Type : ACT_GATHER_INFO |
| 2009-06-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1821.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:36:41 |
|
