Vulnerabilities > CVE-2006-2458 - Heap Buffer Overflow vulnerability in Libextractor 0.5.13

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
libextractor
nessus
exploit available

Summary

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

Vulnerable Configurations

Part Description Count
Application
Libextractor
1

Exploit-Db

descriptionlibextractor. CVE-2006-2458. Dos exploits for multiple platform
idEDB-ID:1801
last seen2016-01-31
modified2006-05-17
published2006-05-17
reporterLuigi Auriemma
sourcehttps://www.exploit-db.com/download/1801/
titlelibextractor <= 0.5.13 - Multiple Heap Overflow PoC Exploits

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBEXTRACTOR-1426.NASL
    descriptionFix heap overflow in the asf plugin (CVE-2006-2458) [# 176280]. Fix heap overflow in the qt plugin (CVE-2006-2458) [# 176280].
    last seen2020-06-01
    modified2020-06-02
    plugin id27321
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27321
    titleopenSUSE 10 Security Update : libextractor (libextractor-1426)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libextractor-1426.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27321);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2006-2458");
    
      script_name(english:"openSUSE 10 Security Update : libextractor (libextractor-1426)");
      script_summary(english:"Check for the libextractor-1426 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix heap overflow in the asf plugin (CVE-2006-2458) [# 176280]. Fix
    heap overflow in the qt plugin (CVE-2006-2458) [# 176280]."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libextractor package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libextractor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/05/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"libextractor-0.5.10-12.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libextractor");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1081.NASL
    descriptionLuigi Auriemma discovered a buffer overflow in the processing of ASF files in libextractor, a library to extract arbitrary meta-data from files, which can lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22623
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22623
    titleDebian DSA-1081-1 : libextractor - buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1081. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22623);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2006-2458");
      script_bugtraq_id(18021);
      script_xref(name:"DSA", value:"1081");
    
      script_name(english:"Debian DSA-1081-1 : libextractor - buffer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Luigi Auriemma discovered a buffer overflow in the processing of ASF
    files in libextractor, a library to extract arbitrary meta-data from
    files, which can lead to the execution of arbitrary code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1081"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libextractor packages.
    
    The old stable distribution (woody) is not affected by this problem.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 0.4.2-2sarge5."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libextractor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/05/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"extract", reference:"0.4.2-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"libextractor1", reference:"0.4.2-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"libextractor1-dev", reference:"0.4.2-2sarge5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200605-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200605-14 (libextractor: Two heap-based buffer overflows) Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asf_read_header function in the ASF plugin, and the other occurs in the parse_trak_atom function in the Qt plugin. Impact : By enticing a user to open a malformed file using an application that employs libextractor and its ASF or Qt plugins, an attacker could execute arbitrary code in the context of the application running the affected library. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id21578
    published2006-05-22
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21578
    titleGLSA-200605-14 : libextractor: Two heap-based buffer overflows