Vulnerabilities > CVE-2009-0186 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200904-16.NASL description The remote host is affected by the vulnerability described in GLSA-200904-16 (libsndfile: User-assisted execution of arbitrary code) Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted CAF file, resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 36195 published 2009-04-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36195 title GLSA-200904-16 : libsndfile: User-assisted execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200904-16. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(36195); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-0186"); script_bugtraq_id(33963); script_xref(name:"GLSA", value:"200904-16"); script_name(english:"GLSA-200904-16 : libsndfile: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200904-16 (libsndfile: User-assisted execution of arbitrary code) Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted CAF file, resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200904-16" ); script_set_attribute( attribute:"solution", value: "All libsndfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libsndfile-1.0.19'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libsndfile"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-libs/libsndfile", unaffected:make_list("ge 1.0.19"), vulnerable:make_list("lt 1.0.19"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_LIBSNDFILE-090317.NASL description Specially crafted CAF files could cause an integer overflow in libsndfile. (CVE-2009-0186) last seen 2020-06-01 modified 2020-06-02 plugin id 41428 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41428 title SuSE 11 Security Update : libsndfile (SAT Patch Number 637) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41428); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-0186"); script_name(english:"SuSE 11 Security Update : libsndfile (SAT Patch Number 637)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Specially crafted CAF files could cause an integer overflow in libsndfile. (CVE-2009-0186)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=481769" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0186.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 637."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsndfile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsndfile-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libsndfile-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libsndfile-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libsndfile-32bit-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libsndfile-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libsndfile-32bit-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libsndfile-32bit-1.0.17-172.13.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2009-11618.NASL description Version 1.0.20 (2009-03-14) * Fix potential heap overflow in VOC file parser (Tobias Klein, http://www.trapkit.de/). Version 1.0.19 (2009-03-02) * Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research). * Huge number of minor bug fixes as a result of static analysis. Version 1.0.18 (2009-02-07) * Add Ogg/Vorbis support (thanks to John ffitch). * Remove captive FLAC library. * Many new features and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42985 published 2009-12-03 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42985 title Fedora 11 : libsndfile-1.0.20-3.fc11 (2009-11618) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBSNDFILE-090305.NASL description Specially crafted CAF files could cause an integer overflow in libsndfile (CVE-2009-0186). last seen 2020-06-01 modified 2020-06-02 plugin id 40044 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40044 title openSUSE Security Update : libsndfile (libsndfile-577) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBSNDFILE-090305.NASL description Specially crafted CAF files could cause an integer overflow in libsndfile (CVE-2009-0186). last seen 2020-06-01 modified 2020-06-02 plugin id 40268 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40268 title openSUSE Security Update : libsndfile (libsndfile-577) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1742.NASL description Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 35925 published 2009-03-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35925 title Debian DSA-1742-1 : libsndfile - integer overflow NASL family SuSE Local Security Checks NASL id SUSE_LIBSNDFILE-6044.NASL description Specially crafted CAF files could cause an integer overflow in libsndfile (CVE-2009-0186). last seen 2020-06-01 modified 2020-06-02 plugin id 36080 published 2009-04-03 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36080 title openSUSE 10 Security Update : libsndfile (libsndfile-6044) NASL family Fedora Local Security Checks NASL id FEDORA_2009-11499.NASL description Version 1.0.20 (2009-03-14) * Fix potential heap overflow in VOC file parser (Tobias Klein, http://www.trapkit.de/). Version 1.0.19 (2009-03-02) * Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research). * Huge number of minor bug fixes as a result of static analysis. Version 1.0.18 (2009-02-07) * Add Ogg/Vorbis support (thanks to John ffitch). * Remove captive FLAC library. * Many new features and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42984 published 2009-12-03 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42984 title Fedora 10 : libsndfile-1.0.20-3.fc10 (2009-11499) NASL family SuSE Local Security Checks NASL id SUSE_LIBSNDFILE-6040.NASL description Specially crafted CAF files could cause an integer overflow in libsndfile. (CVE-2009-0186) last seen 2020-06-01 modified 2020-06-02 plugin id 41550 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41550 title SuSE 10 Security Update : libsndfile (ZYPP Patch Number 6040) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-067.NASL description Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow (CVE-2009-0186). This update provides fix for that vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 37704 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37704 title Mandriva Linux Security Advisory : libsndfile (MDVSA-2009:067) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-749-1.NASL description It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37606 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37606 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libsndfile vulnerability (USN-749-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C5AF0747126211DEA9640030843D3802.NASL description Secunia reports : The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file. last seen 2020-06-01 modified 2020-06-02 plugin id 35940 published 2009-03-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35940 title FreeBSD : libsndfile -- CAF processing integer overflow vulnerability (c5af0747-1262-11de-a964-0030843d3802)
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 33963 CVE(CAN) ID: CVE-2009-0186 libsndfile是用于通过标准接口读写AIFF、AU和WAV之类声音文件的C库。 libsndfile.dll库在解析CAF描述块时存在整数溢出,最终可能导致堆溢出。如果用户受骗使用链接到该库的播放器打开了特制的CAF音频文件的话,就可以触发这个溢出,导致执行任意代码。 Nullsoft Winamp 5.55 Nullsoft Winamp 5.541 Erik de Castro Lopo libsndfile 1.0.18 厂商补丁: Erik de Castro Lopo ------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.mega-nerd.com/libsndfile/ChangeLog target=_blank rel=external nofollow>http://www.mega-nerd.com/libsndfile/ChangeLog</a> |
id | SSV:4868 |
last seen | 2017-11-19 |
modified | 2009-03-05 |
published | 2009-03-05 |
reporter | Root |
title | libsndfile CAF文件处理堆溢出漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://secunia.com/advisories/33980
- http://secunia.com/advisories/33981
- http://secunia.com/advisories/34316
- http://secunia.com/advisories/34526
- http://secunia.com/advisories/34642
- http://secunia.com/advisories/34791
- http://secunia.com/secunia_research/2009-7/
- http://secunia.com/secunia_research/2009-8/
- http://security.gentoo.org/glsa/glsa-200904-16.xml
- http://www.debian.org/security/2009/dsa-1742
- http://www.mega-nerd.com/libsndfile/NEWS
- http://www.securityfocus.com/archive/1/501399/100/0/threaded
- http://www.securityfocus.com/archive/1/501413/100/0/threaded
- http://www.securityfocus.com/bid/33963
- http://www.securitytracker.com/id?1021784
- http://www.ubuntu.com/usn/USN-749-1
- http://www.vupen.com/english/advisories/2009/0584
- http://www.vupen.com/english/advisories/2009/0585
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49038