Vulnerabilities > CVE-2006-2458 - Heap Buffer Overflow vulnerability in Libextractor 0.5.13
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | libextractor. CVE-2006-2458. Dos exploits for multiple platform |
| id | EDB-ID:1801 |
| last seen | 2016-01-31 |
| modified | 2006-05-17 |
| published | 2006-05-17 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/1801/ |
| title | libextractor <= 0.5.13 - Multiple Heap Overflow PoC Exploits |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_LIBEXTRACTOR-1426.NASL description Fix heap overflow in the asf plugin (CVE-2006-2458) [# 176280]. Fix heap overflow in the qt plugin (CVE-2006-2458) [# 176280]. last seen 2020-06-01 modified 2020-06-02 plugin id 27321 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27321 title openSUSE 10 Security Update : libextractor (libextractor-1426) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libextractor-1426. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27321); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-2458"); script_name(english:"openSUSE 10 Security Update : libextractor (libextractor-1426)"); script_summary(english:"Check for the libextractor-1426 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix heap overflow in the asf plugin (CVE-2006-2458) [# 176280]. Fix heap overflow in the qt plugin (CVE-2006-2458) [# 176280]." ); script_set_attribute( attribute:"solution", value:"Update the affected libextractor package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libextractor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"libextractor-0.5.10-12.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libextractor"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1081.NASL description Luigi Auriemma discovered a buffer overflow in the processing of ASF files in libextractor, a library to extract arbitrary meta-data from files, which can lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22623 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22623 title Debian DSA-1081-1 : libextractor - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1081. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22623); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-2458"); script_bugtraq_id(18021); script_xref(name:"DSA", value:"1081"); script_name(english:"Debian DSA-1081-1 : libextractor - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Luigi Auriemma discovered a buffer overflow in the processing of ASF files in libextractor, a library to extract arbitrary meta-data from files, which can lead to the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1081" ); script_set_attribute( attribute:"solution", value: "Upgrade the libextractor packages. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 0.4.2-2sarge5." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libextractor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"extract", reference:"0.4.2-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libextractor1", reference:"0.4.2-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libextractor1-dev", reference:"0.4.2-2sarge5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200605-14.NASL description The remote host is affected by the vulnerability described in GLSA-200605-14 (libextractor: Two heap-based buffer overflows) Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asf_read_header function in the ASF plugin, and the other occurs in the parse_trak_atom function in the Qt plugin. Impact : By enticing a user to open a malformed file using an application that employs libextractor and its ASF or Qt plugins, an attacker could execute arbitrary code in the context of the application running the affected library. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21578 published 2006-05-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21578 title GLSA-200605-14 : libextractor: Two heap-based buffer overflows
References
- http://gnunet.org/libextractor/
- http://secunia.com/advisories/20150
- http://secunia.com/advisories/20160
- http://secunia.com/advisories/20326
- http://secunia.com/advisories/20457
- http://securityreason.com/securityalert/916
- http://securitytracker.com/id?1016118
- http://www.debian.org/security/2006/dsa-1081
- http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml
- http://www.novell.com/linux/security/advisories/2006-06-02.html
- http://www.securityfocus.com/archive/1/434288/100/0/threaded
- http://www.securityfocus.com/bid/18021
- http://www.vupen.com/english/advisories/2006/1848
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26531
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26532