Vulnerabilities > CVE-2015-5200

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
libvdpau-project
canonical
nessus
NVD
Published: 2015-09-08
Updated: 2024-11-21

Summary

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Libvdpau_Project
1
OS
Canonical
3

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2729-1.NASL
    descriptionFlorian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id85797
    published2015-09-04
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85797
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : libvdpau vulnerabilities (USN-2729-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2729-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(85797);
  script_version("1.7");
  script_cvs_date("Date: 2019/09/18 12:31:44");

  script_cve_id("CVE-2015-5198", "CVE-2015-5199", "CVE-2015-5200");
  script_xref(name:"USN", value:"2729-1");

  script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : libvdpau vulnerabilities (USN-2729-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Florian Weimer discovered that libvdpau incorrectly handled certain
environment variables. A local attacker could possibly use this issue
to gain privileges.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2729-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libvdpau1 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvdpau1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04|14\.04|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"libvdpau1", pkgver:"0.4.1-3ubuntu1.2")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"libvdpau1", pkgver:"0.7-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"15.04", pkgname:"libvdpau1", pkgver:"0.9-1ubuntu0.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvdpau1");
}
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3355.NASL
    descriptionFlorian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id85898
    published2015-09-11
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85898
    titleDebian DSA-3355-1 : libvdpau - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-14851.NASL
    descriptionUpdate to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-25
    plugin id86128
    published2015-09-25
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86128
    titleFedora 22 : libvdpau-1.1.1-1.fc22 (2015-14851)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-14850.NASL
    descriptionUpdate to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-08
    plugin id85828
    published2015-09-08
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85828
    titleFedora 23 : libvdpau-1.1.1-1.fc23 (2015-14850)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1925-1.NASL
    descriptionlibvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications. - CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967) - CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968) - CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86803
    published2015-11-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86803
    titleSUSE SLED11 Security Update : libvdpau (SUSE-SU-2015:1925-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1892-1.NASL
    descriptionlibvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications. - CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967) - CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968) - CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86752
    published2015-11-05
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86752
    titleSUSE SLED12 / SLES12 Security Update : libvdpau (SUSE-SU-2015:1892-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3CA3F2138B.NASL
    descriptionlibvdpau-1.1.1-2.fc21 - Backport current patches - Switch to new upstream git repository on freedesktop.org ---- Update to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89219
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89219
    titleFedora 21 : libvdpau-1.1.1-2.fc21 (2015-3ca3f2138b)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-576.NASL
    descriptionlibvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications. - CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967) - CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968) - CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969)
    last seen2020-06-05
    modified2015-09-14
    plugin id85926
    published2015-09-14
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85926
    titleopenSUSE Security Update : libvdpau (openSUSE-2015-576)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-306.NASL
    descriptionFlorian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges. For Debian 6
    last seen2020-03-17
    modified2015-09-11
    plugin id85897
    published2015-09-11
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85897
    titleDebian DLA-306-1 : libvdpau security update

References