Vulnerabilities > CVE-2009-0186 - Numeric Errors vulnerability in multiple products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

nullsoft

mega-nerd

CWE-189

critical

nessus

NVD

Published: 2009-03-05

Updated: 2018-10-11

Summary

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Nullsoft Nullsoft Winamp 5.55 Nullsoft Winamp 5.541	2
Application	Mega-Nerd Mega Nerd Libsndfile 0.0.8 Mega Nerd Libsndfile 0.0.28 Mega Nerd Libsndfile 1.0.0 Mega Nerd Libsndfile 1.0.1 Mega Nerd Libsndfile 1.0.2 Mega Nerd Libsndfile 1.0.3 Mega Nerd Libsndfile 1.0.4 Mega Nerd Libsndfile 1.0.5 Mega Nerd Libsndfile 1.0.6 Mega Nerd Libsndfile 1.0.7 Mega Nerd Libsndfile 1.0.8 Mega Nerd Libsndfile 1.0.9 Mega Nerd Libsndfile 1.0.10 Mega Nerd Libsndfile 1.0.11 Mega Nerd Libsndfile 1.0.12 Mega Nerd Libsndfile 1.0.13 Mega Nerd Libsndfile 1.0.14 Mega Nerd Libsndfile 1.0.15 Mega Nerd Libsndfile 1.0.16 Mega Nerd Libsndfile 1.0.17 Mega Nerd Libsndfile *	23

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200904-16.NASL
description	The remote host is affected by the vulnerability described in GLSA-200904-16 (libsndfile: User-assisted execution of arbitrary code) Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted CAF file, resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	36195
published	2009-04-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36195
title	GLSA-200904-16 : libsndfile: User-assisted execution of arbitrary code
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200904-16. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(36195); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-0186"); script_bugtraq_id(33963); script_xref(name:"GLSA", value:"200904-16"); script_name(english:"GLSA-200904-16 : libsndfile: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200904-16 (libsndfile: User-assisted execution of arbitrary code) Alin Rad Pop from Secunia Research reported an integer overflow when processing CAF description chunks, leading to a heap-based buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted CAF file, resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200904-16" ); script_set_attribute( attribute:"solution", value: "All libsndfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libsndfile-1.0.19'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libsndfile"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-libs/libsndfile", unaffected:make_list("ge 1.0.19"), vulnerable:make_list("lt 1.0.19"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_LIBSNDFILE-090317.NASL
description	Specially crafted CAF files could cause an integer overflow in libsndfile. (CVE-2009-0186)
last seen	2020-06-01
modified	2020-06-02
plugin id	41428
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41428
title	SuSE 11 Security Update : libsndfile (SAT Patch Number 637)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41428); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-0186"); script_name(english:"SuSE 11 Security Update : libsndfile (SAT Patch Number 637)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Specially crafted CAF files could cause an integer overflow in libsndfile. (CVE-2009-0186)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=481769" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0186.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 637."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsndfile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsndfile-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libsndfile-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libsndfile-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libsndfile-32bit-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libsndfile-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libsndfile-32bit-1.0.17-172.13.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libsndfile-32bit-1.0.17-172.13.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-11618.NASL
description	Version 1.0.20 (2009-03-14) * Fix potential heap overflow in VOC file parser (Tobias Klein, http://www.trapkit.de/). Version 1.0.19 (2009-03-02) * Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research). * Huge number of minor bug fixes as a result of static analysis. Version 1.0.18 (2009-02-07) * Add Ogg/Vorbis support (thanks to John ffitch). * Remove captive FLAC library. * Many new features and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	42985
published	2009-12-03
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42985
title	Fedora 11 : libsndfile-1.0.20-3.fc11 (2009-11618)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_LIBSNDFILE-090305.NASL
description	Specially crafted CAF files could cause an integer overflow in libsndfile (CVE-2009-0186).
last seen	2020-06-01
modified	2020-06-02
plugin id	40044
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40044
title	openSUSE Security Update : libsndfile (libsndfile-577)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_LIBSNDFILE-090305.NASL
description	Specially crafted CAF files could cause an integer overflow in libsndfile (CVE-2009-0186).
last seen	2020-06-01
modified	2020-06-02
plugin id	40268
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40268
title	openSUSE Security Update : libsndfile (libsndfile-577)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1742.NASL
description	Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	35925
published	2009-03-16
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35925
title	Debian DSA-1742-1 : libsndfile - integer overflow

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBSNDFILE-6044.NASL
description	Specially crafted CAF files could cause an integer overflow in libsndfile (CVE-2009-0186).
last seen	2020-06-01
modified	2020-06-02
plugin id	36080
published	2009-04-03
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36080
title	openSUSE 10 Security Update : libsndfile (libsndfile-6044)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-11499.NASL
description	Version 1.0.20 (2009-03-14) * Fix potential heap overflow in VOC file parser (Tobias Klein, http://www.trapkit.de/). Version 1.0.19 (2009-03-02) * Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research). * Huge number of minor bug fixes as a result of static analysis. Version 1.0.18 (2009-02-07) * Add Ogg/Vorbis support (thanks to John ffitch). * Remove captive FLAC library. * Many new features and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	42984
published	2009-12-03
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42984
title	Fedora 10 : libsndfile-1.0.20-3.fc10 (2009-11499)

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBSNDFILE-6040.NASL
description	Specially crafted CAF files could cause an integer overflow in libsndfile. (CVE-2009-0186)
last seen	2020-06-01
modified	2020-06-02
plugin id	41550
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41550
title	SuSE 10 Security Update : libsndfile (ZYPP Patch Number 6040)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-067.NASL
description	Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow (CVE-2009-0186). This update provides fix for that vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	37704
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37704
title	Mandriva Linux Security Advisory : libsndfile (MDVSA-2009:067)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-749-1.NASL
description	It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	37606
published	2009-04-23
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/37606
title	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libsndfile vulnerability (USN-749-1)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_C5AF0747126211DEA9640030843D3802.NASL
description	Secunia reports : The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file.
last seen	2020-06-01
modified	2020-06-02
plugin id	35940
published	2009-03-17
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35940
title	FreeBSD : libsndfile -- CAF processing integer overflow vulnerability (c5af0747-1262-11de-a964-0030843d3802)

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 33963 CVE(CAN) ID: CVE-2009-0186 libsndfile是用于通过标准接口读写AIFF、AU和WAV之类声音文件的C库。 libsndfile.dll库在解析CAF描述块时存在整数溢出，最终可能导致堆溢出。如果用户受骗使用链接到该库的播放器打开了特制的CAF音频文件的话，就可以触发这个溢出，导致执行任意代码。 Nullsoft Winamp 5.55 Nullsoft Winamp 5.541 Erik de Castro Lopo libsndfile 1.0.18 厂商补丁： Erik de Castro Lopo ------------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.mega-nerd.com/libsndfile/ChangeLog target=_blank rel=external nofollow>http://www.mega-nerd.com/libsndfile/ChangeLog</a>
id	SSV:4868
last seen	2017-11-19
modified	2009-03-05
published	2009-03-05
reporter	Root
title	libsndfile CAF文件处理堆溢出漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Seebug

References