Vulnerabilities > CVE-2005-1194 - Remote Buffer Overflow vulnerability in Redhat products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 12 |
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-381.NASL description An updated nasm package that fixes multiple security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. NASM is an 80x86 assembler. Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1287 and CVE-2005-1194 to these issues. All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21816 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21816 title CentOS 3 / 4 : nasm (CESA-2005:381) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:381 and # CentOS Errata and Security Advisory 2005:381 respectively. # include("compat.inc"); if (description) { script_id(21816); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2004-1287", "CVE-2005-1194"); script_xref(name:"RHSA", value:"2005:381"); script_name(english:"CentOS 3 / 4 : nasm (CESA-2005:381)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated nasm package that fixes multiple security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. NASM is an 80x86 assembler. Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1287 and CVE-2005-1194 to these issues. All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues." ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011626.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?842ec1bf" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011627.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4308e1e6" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011630.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?83f85f56" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011631.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?39ede482" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011635.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?94b176e7" ); script_set_attribute(attribute:"solution", value:"Update the affected nasm packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nasm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nasm-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nasm-rdoff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"nasm-0.98.35-3.EL3")) flag++; if (rpm_check(release:"CentOS-3", reference:"nasm-doc-0.98.35-3.EL3")) flag++; if (rpm_check(release:"CentOS-3", reference:"nasm-rdoff-0.98.35-3.EL3")) flag++; if (rpm_check(release:"CentOS-4", reference:"nasm-0.98.38-3.EL4")) flag++; if (rpm_check(release:"CentOS-4", reference:"nasm-doc-0.98.38-3.EL4")) flag++; if (rpm_check(release:"CentOS-4", reference:"nasm-rdoff-0.98.38-3.EL4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nasm / nasm-doc / nasm-rdoff"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-128-1.NASL description Josh Bressers discovered a buffer overflow in the ieee_putascii() function of nasm. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20518 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20518 title Ubuntu 4.10 / 5.04 : nasm vulnerability (USN-128-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-090.NASL description A buffer overflow in nasm was discovered by Josh Bressers. If an attacker could trick a user into assembling a malicious source file, they could use this vulnerability to execute arbitrary code with the privileges of the user running nasm. The provided packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18306 published 2005-05-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18306 title Mandrake Linux Security Advisory : nasm (MDKSA-2005:090) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-381.NASL description An updated nasm package that fixes multiple security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. NASM is an 80x86 assembler. Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1287 and CVE-2005-1194 to these issues. All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18196 published 2005-05-04 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18196 title RHEL 2.1 / 3 / 4 : nasm (RHSA-2005:381)
Oval
| accepted | 2013-04-29T04:12:42.971-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11256 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. | ||||||||||||||||||||
| version | 25 |
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |