Vulnerabilities > CVE-2004-0097 - Unspecified vulnerability in Openh323 Project Pwlib

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
openh323-project
critical
nessus

Summary

Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Vulnerable Configurations

Part Description Count
Application
Openh323_Project
1

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-047.NASL
    descriptionUpdated PWLib packages that contain fixes for security issues found during protocol testing by the NISCC are now available. PWLib is a cross-platform class library designed to support the OpenH323 project. OpenH323 provides an implementation of the ITU H.323 teleconferencing protocol, used by packages such as Gnome Meeting. A test suite for the H.225 protocol (part of the H.323 family) provided by the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker could trigger these bugs by sending carefully crafted messages to an application. The effects of such an attack can vary depending on the application, but would usually result in a Denial of Service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0097 to this issue. Users are advised to upgrade to the erratum packages, which contain backported security fixes and are not vulnerable to these issues. Red Hat would like to thank Craig Southeren of the OpenH323 project for providing the fixes for these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id12460
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12460
    titleRHEL 3 : pwlib (RHSA-2004:047)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:047. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12460);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2004-0097");
      script_xref(name:"RHSA", value:"2004:047");
    
      script_name(english:"RHEL 3 : pwlib (RHSA-2004:047)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated PWLib packages that contain fixes for security issues found
    during protocol testing by the NISCC are now available.
    
    PWLib is a cross-platform class library designed to support the
    OpenH323 project. OpenH323 provides an implementation of the ITU H.323
    teleconferencing protocol, used by packages such as Gnome Meeting.
    
    A test suite for the H.225 protocol (part of the H.323 family)
    provided by the NISCC uncovered bugs in PWLib prior to version 1.6.0.
    An attacker could trigger these bugs by sending carefully crafted
    messages to an application. The effects of such an attack can vary
    depending on the application, but would usually result in a Denial of
    Service. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2004-0097 to this issue.
    
    Users are advised to upgrade to the erratum packages, which contain
    backported security fixes and are not vulnerable to these issues.
    
    Red Hat would like to thank Craig Southeren of the OpenH323 project
    for providing the fixes for these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0097"
      );
      # http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cc7c4598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.postincrement.com/openh323/nissc_vulnerabilty.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:047"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected pwlib package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pwlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/02/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:047";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"pwlib-1.4.7-7.EL")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pwlib");
      }
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_27C331D564C711D880E30020ED76EF5A.NASL
    descriptionThe NISCC and the OUSPG developed a test suite for the H.323 protocol. This test suite has uncovered vulnerabilities in several H.323 implementations with impacts ranging from denial-of-service to arbitrary code execution. In the FreeBSD Ports Collection, `pwlib
    last seen2020-06-01
    modified2020-06-02
    plugin id37542
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37542
    titleFreeBSD : Vulnerabilities in H.323 implementations (27c331d5-64c7-11d8-80e3-0020ed76ef5a)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37542);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:36");
    
      script_cve_id("CVE-2004-0097");
      script_xref(name:"CERT-CC", value:"CA-2004-01");
      script_xref(name:"CERT", value:"749342");
    
      script_name(english:"FreeBSD : Vulnerabilities in H.323 implementations (27c331d5-64c7-11d8-80e3-0020ed76ef5a)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The NISCC and the OUSPG developed a test suite for the H.323 protocol.
    This test suite has uncovered vulnerabilities in several H.323
    implementations with impacts ranging from denial-of-service to
    arbitrary code execution.
    
    In the FreeBSD Ports Collection, `pwlib' is directly affected. Other
    applications such as `asterisk' and `openh323' incorporate `pwlib'
    statically and so are also independently affected."
      );
      # http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cc7c4598"
      );
      # http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ab015474"
      );
      # http://www.southeren.com/blog/archives/000055.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bec8a8df"
      );
      # https://vuxml.freebsd.org/freebsd/27c331d5-64c7-11d8-80e3-0020ed76ef5a.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cd563883"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:openh323");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:pwlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/02/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"pwlib<1.5.0_5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"asterisk<=0.7.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"openh323<1.12.0_4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-105.NASL
    description - Tue Feb 01 2005 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE7-1.FC2.1 - Add more upstream patches, including fixes for bz#146783 Correct handling of oversized reply headers bz#146778 CVE-2005-0211 Buffer overflow in WCCP recvfrom() call - Thu Jan 20 2005 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE7-1.FC2 - Upgrade to 2.5.STABLE7 and 18 upstream patches. - This includes fixes for CVE-2005-0094 CVE-2005-0095 CVE-2004-0096 and CVE-2004-0097. This closes bz#145543 and bz#141938 - This obsoletes Ulrich Drepper
    last seen2020-06-01
    modified2020-06-02
    plugin id16288
    published2005-02-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16288
    titleFedora Core 2 : squid-2.5.STABLE7-1.FC2.1 (2005-105)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-105.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16288);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_xref(name:"FEDORA", value:"2005-105");
    
      script_name(english:"Fedora Core 2 : squid-2.5.STABLE7-1.FC2.1 (2005-105)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Tue Feb 01 2005 Jay Fenlason <fenlason at redhat.com>
        7:2.5.STABLE7-1.FC2.1
    
      - Add more upstream patches, including fixes for bz#146783
        Correct handling of oversized reply headers bz#146778
        CVE-2005-0211 Buffer overflow in WCCP recvfrom() call
    
      - Thu Jan 20 2005 Jay Fenlason <fenlason at redhat.com>
        7:2.5.STABLE7-1.FC2
    
      - Upgrade to 2.5.STABLE7 and 18 upstream patches.
    
        - This includes fixes for CVE-2005-0094 CVE-2005-0095
          CVE-2004-0096 and CVE-2004-0097. This closes bz#145543
          and bz#141938
    
      - This obsoletes Ulrich Drepper's -nonbl patch.
    
        - Add a triggerin on samba-common to make
          /var/cache/samba/winbindd_privileged accessible so
          that ntlm_auth will work. This fixes bz#103726
    
      - Mon Oct 18 2004 Jay Fenlason <fenlason at redhat.com>
        7:2.5.STABLE6-3
    
      - include patch from Ulrich Drepper <drepper at
        redhat.com> to stop problems with O_NONBLOCK. This
        closes #136049
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-February/000663.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fd25ce23"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected squid and / or squid-debuginfo packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squid");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:squid-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC2", reference:"squid-2.5.STABLE7-1.FC2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"squid-debuginfo-2.5.STABLE7-1.FC2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid / squid-debuginfo");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-448.NASL
    descriptionMultiple vulnerabilities were discovered in pwlib, a library used to aid in writing portable applications, whereby a remote attacker could cause a denial of service or potentially execute arbitrary code. This library is most notably used in several applications implementing the H.323 teleconferencing protocol, including the OpenH323 suite, gnomemeeting and asterisk.
    last seen2020-06-01
    modified2020-06-02
    plugin id15285
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15285
    titleDebian DSA-448-1 : pwlib - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-448. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15285);
      script_version("1.22");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2004-0054", "CVE-2004-0056", "CVE-2004-0097", "CVE-2004-2629", "CVE-2004-2758");
      script_bugtraq_id(9406);
      script_xref(name:"DSA", value:"448");
    
      script_name(english:"Debian DSA-448-1 : pwlib - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities were discovered in pwlib, a library used to
    aid in writing portable applications, whereby a remote attacker could
    cause a denial of service or potentially execute arbitrary code. This
    library is most notably used in several applications implementing the
    H.323 teleconferencing protocol, including the OpenH323 suite,
    gnomemeeting and asterisk."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/233888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-448"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "For the current stable distribution (woody) this problem has been
    fixed in version 1.2.5-5woody1.
    
    We recommend that you update your pwlib package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pwlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/02/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"asnparser", reference:"1.2.5-5woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"libpt-1.2.0", reference:"1.2.5-5woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"libpt-dbg", reference:"1.2.5-5woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"libpt-dev", reference:"1.2.5-5woody1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-078.NASL
    descriptionA test suite for the H.225 protocol (part of the H.323 family) provided by the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker could trigger these bugs by sending carefully crafted messages to an application. The effects of such an attack can vary depending on the application, but would usually result in a Denial of Service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0097 to this issue. Users are advised to upgrade to the update packages, which contain backported security fixes and are not vulnerable to these issues. Red Hat would like to thank Craig Southeren of the OpenH323 project for providing the fixes for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id13678
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13678
    titleFedora Core 1 : pwlib-1.5.0-4 (2004-078)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-106.NASL
    description - Tue Feb 01 2005 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE7-1.FC3.1 - Add more upstream patches, including fixes for bz#146783 Correct handling of oversized reply headers bz#146778 CVE-2005-0211 Buffer overflow in WCCP recvfrom() call - Thu Jan 20 2005 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE7-1.FC3 - Upgrade to 2.5.STABLE7 and 18 upstream patches. - This includes fixes for CVE-2005-0094 CVE-2005-0095 CVE-2004-0096 and CVE-2004-0097. This closes bz#145543 and bz#141938 - This obsoletes Ulrich Drepper
    last seen2020-06-01
    modified2020-06-02
    plugin id16289
    published2005-02-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16289
    titleFedora Core 3 : squid-2.5.STABLE7-1.FC3.1 (2005-106)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_H323_BUGS.NASL
    descriptionThe following package needs to be updated: asterisk
    last seen2016-09-26
    modified2004-07-06
    plugin id12548
    published2004-07-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=12548
    titleFreeBSD : Vulnerabilities in H.323 implementations (63)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200404-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200404-11 (Multiple Vulnerabilities in pwlib) Multiple vulnerabilities have been found in the implementation of protocol H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously crafted ASN.1 element to cause unpredictable behavior in pwlib. Impact : An attacker may cause a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges. Workaround : Blocking ports 1719 and 1720 may reduce the likelihood of an attack. All users are advised to upgrade to the latest version of the affected package.
    last seen2020-06-01
    modified2020-06-02
    plugin id14476
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14476
    titleGLSA-200404-11 : Multiple Vulnerabilities in pwlib
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-017.NASL
    descriptionThe NISCC uncovered bugs in pwlib prior to version 1.6.0 via a test suite for the H.225 protocol. An attacker could trigger these bugs by sending carefully crafted messages to an application that uses pwlib, and the severity would vary based on the application, but likely would result in a Denial of Service (DoS). The updated packages provide backported fixes from Craig Southeren of the OpenH323 project to protect against this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id14117
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14117
    titleMandrake Linux Security Advisory : pwlib (MDKSA-2004:017)

Oval

  • accepted2013-04-29T04:00:59.805-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    descriptionMultiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
    familyunix
    idoval:org.mitre.oval:def:10056
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMultiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
    version27
  • accepted2010-09-20T04:00:37.420-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameMatt Busby
      organizationThe MITRE Corporation
    • nameThomas R. Jones
      organizationMaitreya Security
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionMultiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
    familyunix
    idoval:org.mitre.oval:def:803
    statusaccepted
    submitted2004-03-20T12:00:00.000-04:00
    titleRedHat Code Execution and DoS Vulnerabilities in PWLib
    version39
  • accepted2010-09-20T04:00:38.346-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameMatt Busby
      organizationThe MITRE Corporation
    • nameThomas R. Jones
      organizationMaitreya Security
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionMultiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
    familyunix
    idoval:org.mitre.oval:def:826
    statusaccepted
    submitted2004-03-20T12:00:00.000-04:00
    titleRedHat Enterprise 3 Code Execution and DoS Vulnerabilities in PWLib
    version39

Redhat

advisories
rhsa
idRHSA-2004:047
rpms
  • pwlib-0:1.4.7-7.EL
  • pwlib-debuginfo-0:1.4.7-7.EL
  • pwlib-devel-0:1.4.7-7.EL