Vulnerabilities > CVE-2009-0398 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gstreamer Plug-Ins 0.6.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20090206_GSTREAMER_PLUGINS_ON_SL3_X.NASL description An array indexing error was found in the GStreamer last seen 2020-06-01 modified 2020-06-02 plugin id 60531 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60531 title Scientific Linux Security Update : gstreamer-plugins on SL3.x, SL4.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60531); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:18"); script_cve_id("CVE-2009-0397", "CVE-2009-0398"); script_name(english:"Scientific Linux Security Update : gstreamer-plugins on SL3.x, SL4.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An array indexing error was found in the GStreamer's QuickTime media file format decoding plug-in. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim. (CVE-2009-0397, CVE-2009-0398) After installing the update, all applications using GStreamer (such as nautilus-media) must be restarted for the changes to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0902&L=scientific-linux-errata&T=0&P=1790 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ec05855b" ); script_set_attribute( attribute:"solution", value: "Update the affected gstreamer-plugins and / or gstreamer-plugins-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"gstreamer-plugins-0.6.0-19")) flag++; if (rpm_check(release:"SL3", reference:"gstreamer-plugins-devel-0.6.0-19")) flag++; if (rpm_check(release:"SL4", reference:"gstreamer-plugins-0.8.5-1.EL.2")) flag++; if (rpm_check(release:"SL4", reference:"gstreamer-plugins-devel-0.8.5-1.EL.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0269.NASL description Updated gstreamer-plugins packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The gstreamer-plugins package contains plug-ins used by the GStreamer streaming-media framework to support a wide variety of media types. An array indexing error was found in the GStreamer last seen 2020-06-01 modified 2020-06-02 plugin id 35602 published 2009-02-06 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35602 title CentOS 3 : gstreamer-plugins (CESA-2009:0269) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0269.NASL description From Red Hat Security Advisory 2009:0269 : Updated gstreamer-plugins packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The gstreamer-plugins package contains plug-ins used by the GStreamer streaming-media framework to support a wide variety of media types. An array indexing error was found in the GStreamer last seen 2020-06-01 modified 2020-06-02 plugin id 67802 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67802 title Oracle Linux 3 : gstreamer-plugins (ELSA-2009-0269) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0269.NASL description Updated gstreamer-plugins packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The gstreamer-plugins package contains plug-ins used by the GStreamer streaming-media framework to support a wide variety of media types. An array indexing error was found in the GStreamer last seen 2020-06-01 modified 2020-06-02 plugin id 35615 published 2009-02-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35615 title RHEL 3 : gstreamer-plugins (RHSA-2009:0269)
Oval
| accepted | 2013-04-29T04:23:04.248-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:9886 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://secunia.com/advisories/33830
- http://secunia.com/advisories/33830
- http://www.openwall.com/lists/oss-security/2009/01/29/3
- http://www.openwall.com/lists/oss-security/2009/01/29/3
- http://www.redhat.com/support/errata/RHSA-2009-0269.html
- http://www.redhat.com/support/errata/RHSA-2009-0269.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9886
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9886