Vulnerabilities > CVE-2014-3970 - Remote Denial of Service vulnerability in PulseAudio 'pa_rtp_recv()' Function

CVSS 2.9 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

pulseaudio

nessus

NVD

Published: 2014-06-11

Updated: 2017-01-07

Summary

The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.

Vulnerable Configurations

Part	Description	Count
Application	Pulseaudio Pulseaudio Pulseaudio 1.0 Pulseaudio Pulseaudio 1.1 Pulseaudio Pulseaudio 1.99.1 Pulseaudio Pulseaudio 1.99.2 Pulseaudio Pulseaudio 2.0 Pulseaudio Pulseaudio 2.1 Pulseaudio Pulseaudio 3.0 Pulseaudio Pulseaudio 4.0 Pulseaudio Pulseaudio 5.0	9

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_13_1_OPENSUSE-2014--140723.NASL
description	This update fixes the following security issue: (bnc#881524) CVE-2014-3970 - Denial of service in module-rtp-recv
last seen	2017-10-29
modified	2014-08-08
plugin id	76934
published	2014-07-31
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=76934
title	openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
code	#%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a security fix. # # Disabled on 2014/08/08. # # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014--1. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(76934); script_version("1.3"); script_cvs_date("Date: 2018/07/20 0:18:55"); script_cve_id("CVE-2014-3970"); script_name(english:"openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)"); script_summary(english:"Check for the openSUSE-2014--1 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " This update fixes the following security issue: (bnc#881524) CVE-2014-3970 - Denial of service in module-rtp-recv" ); script_set_attribute( attribute:"solution", value:"Update the affected openSUSE-2014- packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse-mainloop-glib0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse-mainloop-glib0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse-mainloop-glib0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse-mainloop-glib0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpulse0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-esound-compat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-gdm-hooks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-bluetooth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-bluetooth-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-gconf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-gconf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-jack"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-jack-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-lirc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-lirc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-zeroconf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-module-zeroconf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-system-wide"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pulseaudio-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a security fix."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"libpulse-devel-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpulse-mainloop-glib0-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpulse-mainloop-glib0-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpulse0-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpulse0-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-debugsource-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-esound-compat-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-gdm-hooks-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-lang-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-bluetooth-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-bluetooth-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-gconf-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-gconf-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-jack-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-jack-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-lirc-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-lirc-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-x11-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-x11-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-zeroconf-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-module-zeroconf-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-system-wide-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-utils-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pulseaudio-utils-debuginfo-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpulse-mainloop-glib0-32bit-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpulse-mainloop-glib0-debuginfo-32bit-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpulse0-32bit-4.0.git.270.g9490a-12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpulse0-debuginfo-32bit-4.0.git.270.g9490a-12.1") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpulse-devel / libpulse-mainloop-glib0-32bit / etc"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2015-134.NASL
description	Updated pulseaudio package fixes RTP remote crash vulnerability : PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in mbs2 was a pre-release version of PulseAudio v5 and has been updated to the official final version.
last seen	2020-06-01
modified	2020-06-02
plugin id	82387
published	2015-03-30
reporter	This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82387
title	Mandriva Linux Security Advisory : pulseaudio (MDVSA-2015:134)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-8183.NASL
description	Rebase current post-4.0 snapshot to 5.0 release, see also: http://www.freedesktop.org/wiki/Software/PulseAudio/Notes/5.0/ This update restores compatibility with pulseaudio upstream ABI, and includes rebuilds of affected fedora packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-07-26
plugin id	76845
published	2014-07-26
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76845
title	Fedora 20 : qt-mobility-1.2.2-0.16.20140317git169da60c.fc20 / audacious-plugins-3.4.3-2.fc20 / etc (2014-8183)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_LIBPULSE-BROWSE0-140729.NASL
description	The following security issue is fixed in this update : - Fixed a remote denial of service attack in module-rtp-recv. (CVE-2014-3970)
last seen	2020-06-05
modified	2014-08-13
plugin id	77179
published	2014-08-13
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77179
title	SuSE 11.3 Security Update : pulseaudio (SAT Patch Number 9568)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-477.NASL
description	This update fixes the following security issue: (bnc#881524) CVE-2014-3970 - Denial of service in module-rtp-recv
last seen	2020-06-05
modified	2014-08-01
plugin id	76960
published	2014-08-01
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76960
title	openSUSE Security Update : pulseaudio (openSUSE-2014-477)

NASL family	SuSE Local Security Checks
NASL id	SUSE_12_3_OPENSUSE-2014--140723.NASL
description	This update fixes the following security issue: (bnc#881524) CVE-2014-3970 - Denial of service in module-rtp-recv
last seen	2017-10-29
modified	2014-08-08
plugin id	76931
published	2014-07-31
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=76931
title	openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)

Summary

Vulnerable Configurations

Nessus

References