Vulnerabilities > CVE-2008-5238 - Numeric Errors vulnerability in Xine

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201006-04.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(46771);
  script_version("1.12");
  script_cvs_date("Date: 2019/08/02 13:32:45");

  script_cve_id("CVE-2008-3231", "CVE-2008-5233", "CVE-2008-5234", "CVE-2008-5235", "CVE-2008-5236", "CVE-2008-5237", "CVE-2008-5238", "CVE-2008-5239", "CVE-2008-5240", "CVE-2008-5241", "CVE-2008-5242", "CVE-2008-5243", "CVE-2008-5244", "CVE-2008-5245", "CVE-2008-5246", "CVE-2008-5247", "CVE-2008-5248", "CVE-2009-0698", "CVE-2009-1274");
  script_bugtraq_id(30698, 30699, 30797, 33502, 34384);
  script_xref(name:"GLSA", value:"201006-04");

  script_name(english:"GLSA-201006-04 : xine-lib: User-assisted execution of arbitrary code");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201006-04
(xine-lib: User-assisted execution of arbitrary code)

    Multiple vulnerabilities have been reported in xine-lib. Please review
    the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could entice a user to play a specially crafted video
    file or stream with a player using xine-lib, potentially resulting in
    the execution of arbitrary code with the privileges of the user running
    the application.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201006-04"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All xine-lib users should upgrade to an unaffected version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.16.3'
    NOTE: This is a legacy GLSA. Updates for all affected architectures are
    available since April 10, 2009. It is likely that your system is
    already no longer affected by this issue."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xine-lib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"media-libs/xine-lib", unaffected:make_list("ge 1.1.16.3"), vulnerable:make_list("lt 1.1.16.3"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine-lib");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(51768);
  script_version ("1.6");
  script_cvs_date("Date: 2019/10/25 13:36:37");

  script_cve_id("CVE-2008-3231", "CVE-2008-5233", "CVE-2008-5234", "CVE-2008-5235", "CVE-2008-5236", "CVE-2008-5237", "CVE-2008-5238", "CVE-2008-5239", "CVE-2008-5240", "CVE-2008-5241", "CVE-2008-5242", "CVE-2008-5243", "CVE-2008-5244", "CVE-2008-5245", "CVE-2008-5246", "CVE-2008-5247", "CVE-2008-5248");

  script_name(english:"SuSE 10 Security Update : xine (ZYPP Patch Number 5965)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of xine fixes multiple buffer overflows while parsing
files :

  - CVE-2008-3231

  - CVE-2008-5233

  - CVE-2008-5234

  - CVE-2008-5235

  - CVE-2008-5236

  - CVE-2008-5237

  - CVE-2008-5238

  - CVE-2008-5239

  - CVE-2008-5240

  - CVE-2008-5241

  - CVE-2008-5242

  - CVE-2008-5243

  - CVE-2008-5244

  - CVE-2008-5245

  - CVE-2008-5246

  - CVE-2008-5247

  - These bugs can lead to remote code execution.
    (CVE-2008-5248)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-3231.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5233.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5235.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5236.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5238.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5239.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5240.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5241.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5242.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5243.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5244.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5245.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5246.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5247.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-5248.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5965.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/01/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:2, reference:"xine-devel-1.1.1-24.43")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"xine-lib-1.1.1-24.43")) flag++;
if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"xine-lib-32bit-1.1.1-24.43")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-710-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(37469);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:33:02");

  script_cve_id("CVE-2008-3231", "CVE-2008-5233", "CVE-2008-5234", "CVE-2008-5236", "CVE-2008-5237", "CVE-2008-5238", "CVE-2008-5239", "CVE-2008-5240", "CVE-2008-5241", "CVE-2008-5242", "CVE-2008-5243", "CVE-2008-5244", "CVE-2008-5246", "CVE-2008-5248");
  script_bugtraq_id(30698, 30699, 30797);
  script_xref(name:"USN", value:"710-1");

  script_name(english:"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : xine-lib vulnerabilities (USN-710-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that xine-lib did not correctly handle certain
malformed Ogg and Windows Media files. If a user or automated system
were tricked into opening a specially crafted Ogg or Windows Media
file, an attacker could cause xine-lib to crash, creating a denial of
service. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04
LTS. (CVE-2008-3231)

It was discovered that the MNG, MOD, and Real demuxers in xine-lib did
not correctly handle memory allocation failures. If a user or
automated system were tricked into opening a specially crafted MNG,
MOD, or Real file, an attacker could crash xine-lib or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04
LTS. (CVE-2008-5233)

It was discovered that the QT demuxer in xine-lib did not correctly
handle an invalid metadata atom size, resulting in a heap-based buffer
overflow. If a user or automated system were tricked into opening a
specially crafted MOV file, an attacker could execute arbitrary code
as the user invoking the program. (CVE-2008-5234, CVE-2008-5242)

It was discovered that the Real, RealAudio, and Matroska demuxers in
xine-lib did not correctly handle malformed files, resulting in
heap-based buffer overflows. If a user or automated system were
tricked into opening a specially crafted Real, RealAudio, or Matroska
file, an attacker could execute arbitrary code as the user invoking
the program. (CVE-2008-5236)

It was discovered that the MNG and QT demuxers in xine-lib did not
correctly handle malformed files, resulting in integer overflows. If a
user or automated system were tricked into opening a specially crafted
MNG or MOV file, an attacker could execute arbitrary code as the user
invoking the program. (CVE-2008-5237)

It was discovered that the Matroska, MOD, Real, and Real Audio
demuxers in xine-lib did not correctly handle malformed files,
resulting in integer overflows. If a user or automated system were
tricked into opening a specially crafted Matroska, MOD, Real, or Real
Audio file, an attacker could execute arbitrary code as the user
invoking the program. This issue only applied to Ubuntu 6.06 LTS,
7.10, and 8.04 LTS. (CVE-2008-5238)

It was discovered that the input handlers in xine-lib did not
correctly handle certain error codes, resulting in out-of-bounds reads
and heap-based buffer overflows. If a user or automated system were
tricked into opening a specially crafted file, stream, or URL, an
attacker could execute arbitrary code as the user invoking the
program. (CVE-2008-5239)

It was discovered that the Matroska and Real demuxers in xine-lib did
not correctly handle memory allocation failures. If a user or
automated system were tricked into opening a specially crafted
Matroska or Real file, an attacker could crash xine-lib or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-5240)

It was discovered that the QT demuxer in xine-lib did not correctly
handle an invalid metadata atom size in a compressed MOV file,
resulting in an integer underflow. If a user or automated system were
tricked into opening a specially crafted MOV file, an attacker could
an attacker could cause xine-lib to crash, creating a denial of
service. (CVE-2008-5241)

It was discovered that the Real demuxer in xine-lib did not correctly
handle certain malformed files. If a user or automated system were
tricked into opening a specially crafted Real file, an attacker could
could cause xine-lib to crash, creating a denial of service.
(CVE-2008-5243)

It was discovered that xine-lib did not correctly handle certain
malformed AAC files. If a user or automated system were tricked into
opening a specially crafted AAC file, an attacker could could cause
xine-lib to crash, creating a denial of service. This issue only
applied to Ubuntu 7.10, and 8.04 LTS. (CVE-2008-5244)

It was discovered that the id3 tag handler in xine-lib did not
correctly handle malformed tags, resulting in heap-based buffer
overflows. If a user or automated system were tricked into opening a
media file containing a specially crafted id3 tag, an attacker could
execute arbitrary code as the user invoking the program. This issue
only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5246)

It was discovered that xine-lib did not correctly handle MP3 files
with metadata consisting only of separators. If a user or automated
system were tricked into opening a specially crafted MP3 file, an
attacker could could cause xine-lib to crash, creating a denial of
service. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04
LTS. (CVE-2008-5248)

It was discovered that the Matroska demuxer in xine-lib did not
correctly handle an invalid track type. If a user or automated system
were tricked into opening a specially crafted Matroska file, an
attacker could could cause xine-lib to crash, creating a denial of
service.

It was discovered that the ffmpeg video decoder in xine-lib did not
correctly handle media with certain image heights, resulting in a
heap-based buffer overflow. If a user or automated system were tricked
into opening a specially crafted video file, an attacker could crash
xine-lib or possibly execute arbitrary code with the privileges of the
user invoking the program. This issue only applied to Ubuntu 7.10,
8.04 LTS, and 8.10.

It was discovered that the ffmpeg audio decoder in xine-lib did not
correctly handle malformed media, resulting in a integer overflow. If
a user or automated system were tricked into opening a specially
crafted media file, an attacker could crash xine-lib or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only applied to Ubuntu 8.10.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/710-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine-main1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-all-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-ffmpeg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-misc-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1-x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/01/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|7\.10|8\.04|8\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10 / 8.04 / 8.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"libxine-dev", pkgver:"1.1.1+ubuntu2-7.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libxine-main1", pkgver:"1.1.1+ubuntu2-7.10")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxine-dev", pkgver:"1.1.7-1ubuntu1.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxine1", pkgver:"1.1.7-1ubuntu1.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxine1-console", pkgver:"1.1.7-1ubuntu1.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxine1-dbg", pkgver:"1.1.7-1ubuntu1.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxine1-doc", pkgver:"1.1.7-1ubuntu1.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxine1-ffmpeg", pkgver:"1.1.7-1ubuntu1.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxine1-gnome", pkgver:"1.1.7-1ubuntu1.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxine1-plugins", pkgver:"1.1.7-1ubuntu1.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine-dev", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-all-plugins", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-bin", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-console", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-dbg", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-doc", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-ffmpeg", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-gnome", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-misc-plugins", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-plugins", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxine1-x", pkgver:"1.1.11.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine-dev", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-all-plugins", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-bin", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-console", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-dbg", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-doc", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-ffmpeg", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-gnome", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-misc-plugins", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-plugins", pkgver:"1.1.15-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libxine1-x", pkgver:"1.1.15-0ubuntu3.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxine-dev / libxine-main1 / libxine1 / libxine1-all-plugins / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2008-7512.
#

include("compat.inc");

if (description)
{
  script_id(34133);
  script_version ("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:28");

  script_cve_id("CVE-2008-3231", "CVE-2008-5233", "CVE-2008-5234", "CVE-2008-5236", "CVE-2008-5237", "CVE-2008-5238", "CVE-2008-5239", "CVE-2008-5240", "CVE-2008-5241", "CVE-2008-5242", "CVE-2008-5243", "CVE-2008-5247");
  script_bugtraq_id(30698, 30699, 30797);
  script_xref(name:"FEDORA", value:"2008-7512");

  script_name(english:"Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This release fixes multiple bugs and security issues: - DoS via
corrupted Ogg files (CVE-2008-3231) - multiple possible buffer
overflows detailed in oCERT-2008-008 For more details, see:
http://sourceforge.net/project/shownotes.php?release_id=619869&group_i
d=9655 http://www.ocert.org/advisories/ocert-2008-008.html NOTE: A
coordinated release with 3rd-party repos was not possible, so this
update may result in dependency issues with currently-installed
xine-lib-extras-* rpms. This temporary problem will be rectified asap.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://sourceforge.net/project/shownotes.php?release_id=619869&group_id=9655
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3d83ed04"
  );
  # http://www.ocert.org/advisories/ocert-2008-008.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://ocert.org/advisories/ocert-2008-008.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=456057"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/013916.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?dd3c0751"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xine-lib package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xine-lib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/09/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC9", reference:"xine-lib-1.1.15-1.fc9")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine-lib");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update xine-devel-5966.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(35599);
  script_version ("1.9");
  script_cvs_date("Date: 2019/10/25 13:36:37");

  script_cve_id("CVE-2008-3231", "CVE-2008-5233", "CVE-2008-5234", "CVE-2008-5235", "CVE-2008-5236", "CVE-2008-5237", "CVE-2008-5238", "CVE-2008-5239", "CVE-2008-5240", "CVE-2008-5241", "CVE-2008-5242", "CVE-2008-5243", "CVE-2008-5244", "CVE-2008-5245", "CVE-2008-5246", "CVE-2008-5247", "CVE-2008-5248");

  script_name(english:"openSUSE 10 Security Update : xine-devel (xine-devel-5966)");
  script_summary(english:"Check for the xine-devel-5966 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of xine fixes multiple buffer overflows while parsing
files :

  - CVE-2008-3231

  - CVE-2008-5233

  - CVE-2008-5234

  - CVE-2008-5235

  - CVE-2008-5236

  - CVE-2008-5237

  - CVE-2008-5238

  - CVE-2008-5239

  - CVE-2008-5240

  - CVE-2008-5241

  - CVE-2008-5242

  - CVE-2008-5243

  - CVE-2008-5244

  - CVE-2008-5245

  - CVE-2008-5246

  - CVE-2008-5247

  - CVE-2008-5248 These bugs can lead to remote code
    execution."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xine-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/01/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.3", reference:"xine-devel-1.1.8-14.11") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"xine-extra-1.1.8-14.11") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"xine-lib-1.1.8-14.11") ) flag++;
if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"xine-lib-32bit-1.1.8-14.11") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update xine-devel-483.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(40156);
  script_version("1.11");
  script_cvs_date("Date: 2019/10/25 13:36:34");

  script_cve_id("CVE-2008-3231", "CVE-2008-5233", "CVE-2008-5234", "CVE-2008-5235", "CVE-2008-5236", "CVE-2008-5237", "CVE-2008-5238", "CVE-2008-5239", "CVE-2008-5240", "CVE-2008-5241", "CVE-2008-5242", "CVE-2008-5243", "CVE-2008-5244", "CVE-2008-5245", "CVE-2008-5246", "CVE-2008-5247", "CVE-2008-5248");

  script_name(english:"openSUSE Security Update : xine-devel (xine-devel-483)");
  script_summary(english:"Check for the xine-devel-483 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of xine fixes multiple buffer overflows while parsing
files :

  - CVE-2008-3231

  - CVE-2008-5233

  - CVE-2008-5234

  - CVE-2008-5235

  - CVE-2008-5236

  - CVE-2008-5237

  - CVE-2008-5238

  - CVE-2008-5239

  - CVE-2008-5240

  - CVE-2008-5241

  - CVE-2008-5242

  - CVE-2008-5243

  - CVE-2008-5244

  - CVE-2008-5245

  - CVE-2008-5246

  - CVE-2008-5247

  - CVE-2008-5248 These bugs can lead to remote code
    execution."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=417929"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=419541"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xine-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"xine-devel-1.1.12-8.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xine-extra-1.1.12-8.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xine-lib-1.1.12-8.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"xine-lib-32bit-1.1.12-8.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine");
}