Vulnerabilities > CVE-2010-3998 - Local Privilege Escalation vulnerability in Banshee 'LD_LIBRARY_PATH'
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-16907.NASL description - Mon Oct 25 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-4 - Add a patch to fix CVE-2010-3998 - Sat Jun 26 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-3 - Fix status icon transparency (BZ 533308) - Thu Jun 17 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-2 - avoid last seen 2020-06-01 modified 2020-06-02 plugin id 50564 published 2010-11-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50564 title Fedora 12 : banshee-1.6.1-4.fc12 (2010-16907) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-16907. # include("compat.inc"); if (description) { script_id(50564); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_cve_id("CVE-2010-3998"); script_bugtraq_id(44752); script_xref(name:"FEDORA", value:"2010-16907"); script_name(english:"Fedora 12 : banshee-1.6.1-4.fc12 (2010-16907)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Oct 25 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-4 - Add a patch to fix CVE-2010-3998 - Sat Jun 26 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-3 - Fix status icon transparency (BZ 533308) - Thu Jun 17 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-2 - avoid 'DllNotFoundException: libbnpx11' when switching to fullscreen mode - Tue May 18 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-1 - Update to 1.6.1 release - Thu Apr 8 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.0-1 - Update to 1.6.0 release - Remove upstreamed patch (support for older mono versions) - Sun Feb 28 2010 Christian Krause <chkr at fedoraproject.org> - 1.5.5-1 - Update to 1.5.5 release - Add patch to support older mono versions - Remove upstreamed patch (Spanish translation update) - Wed Feb 3 2010 Christian Krause <chkr at fedoraproject.org> - 1.5.3-1 - Update to final 1.5.3 release - Remove upstreamed patch (last.fm integration) - Update Spanish translation - Wed Dec 16 2009 Christian Krause <chkr at fedoraproject.org> - 1.5.3-0.1.20091216git - Update to latest snapshot to pick up DeviceKit-disks integration to fix iPod support (BZ 495240) - Add a minor patch to fix the last.fm integration - Tue Nov 24 2009 Christian Krause <chkr at fedoraproject.org> - 1.5.2-1 - Update to final 1.5.2 release - Wed Nov 18 2009 Christian Krause <chkr at fedoraproject.org> - 1.5.2-0.1.20091118git - Update to latest snapshot - Remove all *.la and *.a files during %install Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=644554" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050747.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?07549d9d" ); script_set_attribute( attribute:"solution", value:"Update the affected banshee package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:banshee"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"banshee-1.6.1-4.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "banshee"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-16916.NASL description - Mon Oct 25 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-4 - Add a patch to fix CVE-2010-3998 - Sat Jun 26 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-3 - Fix status icon transparency (BZ 533308) - Thu Jun 17 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-2 - avoid last seen 2020-06-01 modified 2020-06-02 plugin id 50565 published 2010-11-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50565 title Fedora 13 : banshee-1.6.1-4.fc13 (2010-16916) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-16916. # include("compat.inc"); if (description) { script_id(50565); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_cve_id("CVE-2010-3998"); script_bugtraq_id(44752); script_xref(name:"FEDORA", value:"2010-16916"); script_name(english:"Fedora 13 : banshee-1.6.1-4.fc13 (2010-16916)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Oct 25 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-4 - Add a patch to fix CVE-2010-3998 - Sat Jun 26 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-3 - Fix status icon transparency (BZ 533308) - Thu Jun 17 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-2 - avoid 'DllNotFoundException: libbnpx11' when switching to fullscreen mode - Tue May 18 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-1 - Update to 1.6.1 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=644554" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050744.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?820d3707" ); script_set_attribute( attribute:"solution", value:"Update the affected banshee package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:banshee"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"banshee-1.6.1-4.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "banshee"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-034.NASL description A vulnerability has been found and corrected in banshee : The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3998). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 52060 published 2011-02-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52060 title Mandriva Linux Security Advisory : banshee (MDVSA-2011:034) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2011:034. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(52060); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2010-3998"); script_bugtraq_id(44752); script_xref(name:"MDVSA", value:"2011:034"); script_name(english:"Mandriva Linux Security Advisory : banshee (MDVSA-2011:034)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in banshee : The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3998). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:banshee"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:banshee-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:banshee-ipod"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:banshee-karma"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:banshee-mtp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"banshee-1.2.1-6.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"banshee-doc-1.2.1-6.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"banshee-ipod-1.2.1-6.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"banshee-mtp-1.2.1-6.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"banshee-1.5.1-2.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"banshee-doc-1.5.1-2.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"banshee-ipod-1.5.1-2.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"banshee-karma-1.5.1-2.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"banshee-mtp-1.5.1-2.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"banshee-1.6.0-6.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"banshee-doc-1.6.0-6.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"banshee-ipod-1.6.0-6.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"banshee-karma-1.6.0-6.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"banshee-mtp-1.6.0-6.1mdv2010.2", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2010-17021.NASL description - Mon Oct 25 2010 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-10 - Add a patch to fix CVE-2010-3998 - Tue Oct 19 2010 Dan Horak <dan[at]danny.cz> - 1.8.0-9 - Update the Requires to match BR on s390(x) - Tue Oct 19 2010 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-8 - Added gnome-doc-utils BR - Mon Oct 18 2010 Dan Horak <dan[at]danny.cz> - 1.8.0-7 - Fix BRs and configure options on s390(x) - Be verbose during build - Mon Oct 11 2010 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-6 - Fix download URL - Fri Oct 8 2010 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-5 - Add upstream patch to fix sync screen Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50566 published 2010-11-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50566 title Fedora 14 : banshee-1.8.0-10.fc14 (2010-17021) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-17021. # include("compat.inc"); if (description) { script_id(50566); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_cve_id("CVE-2010-3998"); script_bugtraq_id(44752); script_xref(name:"FEDORA", value:"2010-17021"); script_name(english:"Fedora 14 : banshee-1.8.0-10.fc14 (2010-17021)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Oct 25 2010 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-10 - Add a patch to fix CVE-2010-3998 - Tue Oct 19 2010 Dan Horak <dan[at]danny.cz> - 1.8.0-9 - Update the Requires to match BR on s390(x) - Tue Oct 19 2010 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-8 - Added gnome-doc-utils BR - Mon Oct 18 2010 Dan Horak <dan[at]danny.cz> - 1.8.0-7 - Fix BRs and configure options on s390(x) - Be verbose during build - Mon Oct 11 2010 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-6 - Fix download URL - Fri Oct 8 2010 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-5 - Add upstream patch to fix sync screen Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=644554" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050756.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?275c6764" ); script_set_attribute( attribute:"solution", value:"Update the affected banshee package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:banshee"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"banshee-1.8.0-10.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "banshee"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201402-05.NASL description The remote host is affected by the vulnerability described in GLSA-201402-05 (Banshee: Arbitrary code execution) Banshee places a zero-length directory name in PATH, which allows libraries to be loaded from the working directory. Impact : A local attacker could put specially crafted library into working directory of Banshee, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72361 published 2014-02-06 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72361 title GLSA-201402-05 : Banshee: Arbitrary code execution code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201402-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(72361); script_version("1.5"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2010-3998"); script_bugtraq_id(44752); script_xref(name:"GLSA", value:"201402-05"); script_name(english:"GLSA-201402-05 : Banshee: Arbitrary code execution"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201402-05 (Banshee: Arbitrary code execution) Banshee places a zero-length directory name in PATH, which allows libraries to be loaded from the working directory. Impact : A local attacker could put specially crafted library into working directory of Banshee, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201402-05" ); script_set_attribute( attribute:"solution", value: "All Banshee users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/banshee-1.8.0-r1' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 17, 2010. It is likely that your system is already no longer affected by this issue." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:banshee"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-sound/banshee", unaffected:make_list("ge 1.8.0-r1"), vulnerable:make_list("lt 1.8.0-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Banshee"); }
References
- http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050744.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050747.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050756.html
- http://secunia.com/advisories/42234
- http://secunia.com/advisories/42237
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:034
- http://www.securityfocus.com/bid/44752
- http://www.vupen.com/english/advisories/2010/2964
- https://bugzilla.redhat.com/show_bug.cgi?id=644554