Vulnerabilities > CVE-2009-0136 - Numeric Errors vulnerability in Amarok 1.4.10/2.0/2.0.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200903-34.NASL description The remote host is affected by the vulnerability described in GLSA-200903-34 (Amarok: User-assisted execution of arbitrary code) Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows (CVE-2009-0135). Multiple array index errors in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp can lead to invalid pointer dereferences, or the writing of a 0x00 byte to an arbitrary memory location after an allocation failure (CVE-2009-0136). Impact : A remote attacker could entice a user to open a specially crafted Audible Audio (.aa) file with a large last seen 2020-06-01 modified 2020-06-02 plugin id 35985 published 2009-03-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35985 title GLSA-200903-34 : Amarok: User-assisted execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200903-34. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(35985); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-0135", "CVE-2009-0136"); script_bugtraq_id(33210); script_xref(name:"GLSA", value:"200903-34"); script_name(english:"GLSA-200903-34 : Amarok: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200903-34 (Amarok: User-assisted execution of arbitrary code) Tobias Klein has discovered multiple vulnerabilities in Amarok: Multiple integer overflows in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows (CVE-2009-0135). Multiple array index errors in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp can lead to invalid pointer dereferences, or the writing of a 0x00 byte to an arbitrary memory location after an allocation failure (CVE-2009-0136). Impact : A remote attacker could entice a user to open a specially crafted Audible Audio (.aa) file with a large 'nlen' or 'vlen' tag value to execute arbitrary code or cause a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200903-34" ); script_set_attribute( attribute:"solution", value: "All Amarok users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/amarok-1.4.10-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:amarok"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-sound/amarok", unaffected:make_list("ge 1.4.10-r2"), vulnerable:make_list("lt 1.4.10-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Amarok"); }NASL family SuSE Local Security Checks NASL id SUSE_AMAROK-5931.NASL description This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. (CVE-2009-0135 / CVE-2009-0136) last seen 2020-06-01 modified 2020-06-02 plugin id 51717 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51717 title SuSE 10 Security Update : amarok (ZYPP Patch Number 5931) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(51717); script_version ("1.6"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2009-0135", "CVE-2009-0136"); script_name(english:"SuSE 10 Security Update : amarok (ZYPP Patch Number 5931)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. (CVE-2009-0135 / CVE-2009-0136)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0135.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0136.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5931."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"amarok-1.4.8-13.5")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"amarok-libvisual-1.4.8-13.5")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"amarok-xine-1.4.8-13.5")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"amarok-yauap-1.4.8-13.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_0_AMAROK-090119.NASL description This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. (CVE-2009-0135, CVE-2009-0136) last seen 2020-06-01 modified 2020-06-02 plugin id 39909 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39909 title openSUSE Security Update : amarok (amarok-436) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update amarok-436. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(39909); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2009-0135", "CVE-2009-0136"); script_name(english:"openSUSE Security Update : amarok (amarok-436)"); script_summary(english:"Check for the amarok-436 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. (CVE-2009-0135, CVE-2009-0136)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=465098" ); script_set_attribute( attribute:"solution", value:"Update the affected amarok packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok-libvisual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok-xine"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:amarok-yauap"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"amarok-1.4.9.1-27.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"amarok-lang-1.4.9.1-27.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"amarok-libvisual-1.4.9.1-27.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"amarok-xine-1.4.9.1-27.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"amarok-yauap-1.4.9.1-27.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "amarok"); }NASL family Fedora Local Security Checks NASL id FEDORA_2009-0715.NASL description This build includes a security fix concerning the parsing of malformed Audible digital audio files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35439 published 2009-01-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35439 title Fedora 9 : amarok-1.4.10-2.fc9 (2009-0715) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-0715. # include("compat.inc"); if (description) { script_id(35439); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2009-0135", "CVE-2009-0136"); script_bugtraq_id(33210); script_xref(name:"FEDORA", value:"2009-0715"); script_name(english:"Fedora 9 : amarok-1.4.10-2.fc9 (2009-0715)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This build includes a security fix concerning the parsing of malformed Audible digital audio files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=479560" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/019149.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?faf9cbc5" ); script_set_attribute( attribute:"solution", value:"Update the affected amarok package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:amarok"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"amarok-1.4.10-2.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "amarok"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-739-1.NASL description It was discovered that Amarok did not correctly handle certain malformed tags in Audible Audio (.aa) files. If a user were tricked into opening a crafted Audible Audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37607 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37607 title Ubuntu 7.10 / 8.04 LTS / 8.10 : amarok vulnerabilities (USN-739-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-739-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(37607); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2009-0135", "CVE-2009-0136"); script_bugtraq_id(33210); script_xref(name:"USN", value:"739-1"); script_name(english:"Ubuntu 7.10 / 8.04 LTS / 8.10 : amarok vulnerabilities (USN-739-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Amarok did not correctly handle certain malformed tags in Audible Audio (.aa) files. If a user were tricked into opening a crafted Audible Audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/739-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:amarok"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:amarok-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:amarok-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:amarok-engine-xine"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:amarok-engine-yauap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:amarok-engines"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:amarok-xine"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(7\.10|8\.04|8\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 7.10 / 8.04 / 8.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"7.10", pkgname:"amarok", pkgver:"2:1.4.7-0ubuntu3.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"amarok-engines", pkgver:"1.4.7-0ubuntu3.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"amarok-xine", pkgver:"1.4.7-0ubuntu3.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"amarok", pkgver:"2:1.4.9.1-0ubuntu3.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"amarok-engines", pkgver:"1.4.9.1-0ubuntu3.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"amarok-xine", pkgver:"1.4.9.1-0ubuntu3.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"amarok", pkgver:"2:1.4.10-0ubuntu3.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"amarok-common", pkgver:"1.4.10-0ubuntu3.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"amarok-dbg", pkgver:"1.4.10-0ubuntu3.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"amarok-engine-xine", pkgver:"1.4.10-0ubuntu3.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"amarok-engine-yauap", pkgver:"1.4.10-0ubuntu3.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"amarok-engines", pkgver:"1.4.10-0ubuntu3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "amarok / amarok-common / amarok-dbg / amarok-engine-xine / etc"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6BB6188C17B211DEAE4D0030843D3802.NASL description Secunia reports : Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user last seen 2020-06-01 modified 2020-06-02 plugin id 35999 published 2009-03-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35999 title FreeBSD : amarok -- multiple vulnerabilities (6bb6188c-17b2-11de-ae4d-0030843d3802) NASL family SuSE Local Security Checks NASL id SUSE_AMAROK-5932.NASL description This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. (CVE-2009-0135, CVE-2009-0136) last seen 2020-06-01 modified 2020-06-02 plugin id 35552 published 2009-01-29 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35552 title openSUSE 10 Security Update : amarok (amarok-5932) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1706.NASL description Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 35383 published 2009-01-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35383 title Debian DSA-1706-1 : amarok - integer overflows NASL family SuSE Local Security Checks NASL id SUSE_11_1_AMAROK-090119.NASL description This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. (CVE-2009-0135, CVE-2009-0136) last seen 2020-06-01 modified 2020-06-02 plugin id 40185 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40185 title openSUSE Security Update : amarok (amarok-436) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-030.NASL description Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code (CVE-2009-0135). Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file (CVE-2009-0136). This update provide the fix for these security issues. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 36306 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36306 title Mandriva Linux Security Advisory : amarok (MDVSA-2009:030-1)
References
- http://amarok.kde.org/en/releases/2.0.1.1
- http://bugs.gentoo.org/show_bug.cgi?id=254896
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
- http://openwall.com/lists/oss-security/2009/01/14/2
- http://secunia.com/advisories/33505
- http://secunia.com/advisories/33522
- http://secunia.com/advisories/33640
- http://secunia.com/advisories/33819
- http://secunia.com/advisories/34315
- http://secunia.com/advisories/34407
- http://security.gentoo.org/glsa/glsa-200903-34.xml
- http://securityreason.com/securityalert/4915
- http://trapkit.de/advisories/TKADV2009-002.txt
- http://websvn.kde.org/?view=rev&revision=908391
- http://websvn.kde.org/?view=rev&revision=908401
- http://websvn.kde.org/?view=rev&revision=908415
- http://www.debian.org/security/2009/dsa-1706
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:030
- http://www.securityfocus.com/archive/1/499984/100/0/threaded
- http://www.securityfocus.com/bid/33210
- http://www.securitytracker.com/id?1021558
- http://www.ubuntu.com/usn/USN-739-1
- http://www.vupen.com/english/advisories/2009/0100
- https://bugzilla.redhat.com/show_bug.cgi?id=479560
- https://bugzilla.redhat.com/show_bug.cgi?id=479946
- https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html