Vulnerabilities > CVE-2012-1175 - Numeric Errors vulnerability in GNU Gnash 0.8.10
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-4032.NASL description Fix CVE-2012-1175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-03-27 plugin id 58489 published 2012-03-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58489 title Fedora 16 : gnash-0.8.10-2.fc16 (2012-4032) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-4032. # include("compat.inc"); if (description) { script_id(58489); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-1175"); script_bugtraq_id(52446); script_xref(name:"FEDORA", value:"2012-4032"); script_name(english:"Fedora 16 : gnash-0.8.10-2.fc16 (2012-4032)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix CVE-2012-1175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=803443" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076545.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac44dd8a" ); script_set_attribute(attribute:"solution", value:"Update the affected gnash package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnash"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"gnash-0.8.10-2.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnash"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-4070.NASL description Fix CVE-2012-1175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-03-26 plugin id 58468 published 2012-03-26 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58468 title Fedora 15 : gnash-0.8.10-2.fc15 (2012-4070) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-4070. # include("compat.inc"); if (description) { script_id(58468); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-1175"); script_bugtraq_id(52446); script_xref(name:"FEDORA", value:"2012-4070"); script_name(english:"Fedora 15 : gnash-0.8.10-2.fc15 (2012-4070)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix CVE-2012-1175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=803443" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076522.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1ce801a2" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076580.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dfc23b97" ); script_set_attribute(attribute:"solution", value:"Update the affected gnash package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnash"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"gnash-0.8.10-2.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnash"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-177.NASL description specially crafted swf files could cause an integer overflow in gnash last seen 2020-06-05 modified 2014-06-13 plugin id 74576 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74576 title openSUSE Security Update : gnash (openSUSE-SU-2012:0415-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-3837.NASL description Fix CVE-2012-1175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-03-22 plugin id 58419 published 2012-03-22 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58419 title Fedora 17 : gnash-0.8.10-2.fc17 (2012-3837) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201207-08.NASL description The remote host is affected by the vulnerability described in GLSA-201207-08 (Gnash: Multiple vulnerabilities) Multiple vulnerabilities have been found in Gnash: The last seen 2020-06-01 modified 2020-06-02 plugin id 59900 published 2012-07-10 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59900 title GLSA-201207-08 : Gnash: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2435.NASL description Several vulnerabilities have been identified in Gnash, the GNU Flash player. - CVE-2012-1175 Tielei Wang from Georgia Tech Information Security Center discovered a vulnerability in GNU Gnash which is caused due to an integer overflow error and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted SWF file. - CVE-2011-4328 Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie files are stored under /tmp and have predictable names, and the vulnerability allows a local attacker to overwrite arbitrary files the users has write permissions for, and are also world-readable which may cause information leak. - CVE-2010-4337 Jakub Wilk discovered an unsafe management of temporary files during the build process. Files are stored under /tmp and have predictable names, and the vulnerability allows a local attacker to overwrite arbitrary files the users has write permissions for. last seen 2020-03-17 modified 2012-03-20 plugin id 58392 published 2012-03-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58392 title Debian DSA-2435-1 : gnash - several vulnerabilities
References
- http://git.savannah.gnu.org/cgit/gnash.git/commit/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527
- http://git.savannah.gnu.org/cgit/gnash.git/commit/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527
- http://secunia.com/advisories/47183
- http://secunia.com/advisories/47183
- http://secunia.com/advisories/48466
- http://secunia.com/advisories/48466
- http://www.debian.org/security/2012/dsa-2435
- http://www.debian.org/security/2012/dsa-2435
- http://www.openwall.com/lists/oss-security/2012/03/14/5
- http://www.openwall.com/lists/oss-security/2012/03/14/5
- http://www.openwall.com/lists/oss-security/2012/03/14/6
- http://www.openwall.com/lists/oss-security/2012/03/14/6
- http://www.securityfocus.com/bid/52446
- http://www.securityfocus.com/bid/52446
- https://bugzilla.redhat.com/show_bug.cgi?id=803443
- https://bugzilla.redhat.com/show_bug.cgi?id=803443