Vulnerabilities > CVE-2017-14634 - Divide By Zero vulnerability in multiple products

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201811-23.
#
# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(119318);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/18");

  script_cve_id("CVE-2017-12562", "CVE-2017-14634", "CVE-2017-6892", "CVE-2017-8361", "CVE-2017-8362", "CVE-2017-8363", "CVE-2017-8365", "CVE-2018-13139");
  script_xref(name:"GLSA", value:"201811-23");

  script_name(english:"GLSA-201811-23 : libsndfile: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is affected by the vulnerability described in GLSA-201811-23
(libsndfile: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libsndfile. Please
      review the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker, by enticing a user to open a specially crafted file,
      could cause a Denial of Service condition or have other unspecified
      impacts.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201811-23"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"All libsndfile users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=media-libs/libsndfile-1.0.28-r4'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libsndfile");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/11/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"media-libs/libsndfile", unaffected:make_list("ge 1.0.28-r4"), vulnerable:make_list("lt 1.0.28-r4"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(132609);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");

  script_cve_id(
    "CVE-2017-14634",
    "CVE-2017-17456",
    "CVE-2017-17457",
    "CVE-2018-19432",
    "CVE-2018-19661",
    "CVE-2018-19758"
  );

  script_name(english:"EulerOS 2.0 SP8 : libsndfile (EulerOS-SA-2020-1016)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the libsndfile packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The function d2ulaw_array() in ulaw.c of libsndfile
    1.0.29pre1 may lead to a remote DoS attack (SEGV on
    unknown address 0x000000000000), a different
    vulnerability than CVE-2017-14246.(CVE-2017-17457)

  - The function d2alaw_array() in alaw.c of libsndfile
    1.0.29pre1 may lead to a remote DoS attack (SEGV on
    unknown address 0x000000000000), a different
    vulnerability than CVE-2017-14245.(CVE-2017-17456)

  - In libsndfile 1.0.28, a divide-by-zero error exists in
    the function double64_init() in double64.c, which may
    lead to DoS when playing a crafted audio
    file.(CVE-2017-14634)

  - There is a heap-based buffer over-read at wav.c in
    wav_write_header in libsndfile 1.0.28 that will cause a
    denial of service.(CVE-2018-19758)

  - An issue was discovered in libsndfile 1.0.28. There is
    a buffer over-read in the function i2ulaw_array in
    ulaw.c that will lead to a denial of
    service.(CVE-2018-19661)

  - An issue was discovered in libsndfile 1.0.28. There is
    a NULL pointer dereference in the function sf_write_int
    in sndfile.c, which will lead to a denial of
    service.(CVE-2018-19432)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1016
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5238d465");
  script_set_attribute(attribute:"solution", value:
"Update the affected libsndfile packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsndfile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsndfile-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["libsndfile-1.0.28-9.h5.eulerosv2r8",
        "libsndfile-devel-1.0.28-9.h5.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2019 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include("compat.inc");

if (description)
{
  script_id(107109);
  script_version("3.3");
  script_cvs_date("Date: 2019/03/12  9:14:55");

  script_cve_id("CVE-2017-12562", "CVE-2017-14634", "CVE-2017-8361", "CVE-2017-8362", "CVE-2017-8363", "CVE-2017-8365");

  script_name(english:"FreeBSD : libsndfile -- multiple vulnerabilities (2b386075-1d9c-11e8-b6aa-4ccc6adda413)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Agostino Sarubbo, Gentoo reports :

CVE-2017-8361 (Medium): The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted audio file.

CVE-2017-8362 (Medium): The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(invalid read and application crash) via a crafted audio file.

CVE-2017-8363 (Medium): The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted
audio file.

CVE-2017-8365 (Medium): The i2les_array function in pcm.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer over-read and application crash) via a crafted audio file.

manxorist on Github reports :

CVE-2017-12562 (High): Heap-based Buffer Overflow in the
psf_binheader_writef function in common.c in libsndfile through 1.0.28
allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact.

Xin-Jiang on Github reports :

CVE-2017-14634 (Medium): In libsndfile 1.0.28, a divide-by-zero error
exists in the function double64_init() in double64.c, which may lead
to DoS when playing a crafted audio file."
  );
  # https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?575e0047"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://github.com/erikd/libsndfile/issues/232"
  );
  # https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8a0d9177"
  );
  # https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c971ff39"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://github.com/erikd/libsndfile/issues/231"
  );
  # https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?95e7d37a"
  );
  # https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2b1b1b20"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://github.com/erikd/libsndfile/issues/233"
  );
  # https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8a0d9177"
  );
  # https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?82a0d72b"
  );
  # https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?53801b81"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://github.com/erikd/libsndfile/issues/230"
  );
  # https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8a0d9177"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://github.com/erikd/libsndfile/issues/292/"
  );
  # https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?dc3e5377"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://github.com/erikd/libsndfile/issues/318"
  );
  # https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4058f18b"
  );
  # https://vuxml.freebsd.org/freebsd/2b386075-1d9c-11e8-b6aa-4ccc6adda413.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?320a87f9"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libsndfile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c6-libsndfile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c7-libsndfile");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"libsndfile<1.0.28_2")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-c6-libsndfile<1.0.28_2")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-c7-libsndfile<1.0.28_2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:0352-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(106605);
  script_version("3.5");
  script_cvs_date("Date: 2019/09/10 13:51:46");

  script_cve_id("CVE-2017-14245", "CVE-2017-14246", "CVE-2017-14634", "CVE-2017-16942", "CVE-2017-6892");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : libsndfile (SUSE-SU-2018:0352-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for libsndfile fixes the following issues :

  - CVE-2017-16942: Divide-by-zero in the function
    wav_w64_read_fmt_chunk(), which may lead to Denial of
    service (bsc#1069874).

  - CVE-2017-6892: Fixed an out-of-bounds read memory access
    in the aiff_read_chanmap() (bsc#1043978).

  - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero
    error exists in the function double64_init() in
    double64.c, which may lead to DoS when playing a crafted
    audio file. (bsc#1059911)

  - CVE-2017-14245: An out of bounds read in the function
    d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead
    to a remote DoS attack or information disclosure,
    related to mishandling of the NAN and INFINITY
    floating-point values. (bsc#1059912)

  - CVE-2017-14246: An out of bounds read in the function
    d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead
    to a remote DoS attack or information disclosure,
    related to mishandling of the NAN and INFINITY
    floating-point values.(bsc#1059913)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1043978"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1059911"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1059912"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1059913"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1069874"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-14245/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-14246/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-14634/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-16942/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6892/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20180352-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?757aa169"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2018-247=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2018-247=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2018-247=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2018-247=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2018-247=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2018-247=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2018-247=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsndfile-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsndfile1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsndfile1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsndfile-debugsource-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsndfile1-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsndfile1-debuginfo-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsndfile1-32bit-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsndfile1-debuginfo-32bit-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsndfile-debugsource-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsndfile1-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsndfile1-debuginfo-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsndfile1-32bit-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsndfile1-debuginfo-32bit-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsndfile-debugsource-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsndfile1-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsndfile1-32bit-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsndfile1-debuginfo-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsndfile1-debuginfo-32bit-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsndfile-debugsource-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsndfile1-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsndfile1-32bit-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsndfile1-debuginfo-1.0.25-36.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsndfile1-debuginfo-32bit-1.0.25-36.7.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(131666);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");

  script_cve_id(
    "CVE-2014-9496",
    "CVE-2014-9756",
    "CVE-2017-12562",
    "CVE-2017-14634",
    "CVE-2017-16942",
    "CVE-2017-6892",
    "CVE-2017-7586",
    "CVE-2017-7741",
    "CVE-2017-7742",
    "CVE-2017-8361",
    "CVE-2017-8362",
    "CVE-2017-8363",
    "CVE-2017-8365"
  );
  script_bugtraq_id(
    71796
  );

  script_name(english:"EulerOS 2.0 SP2 : libsndfile (EulerOS-SA-2019-2513)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the libsndfile package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - In libsndfile before 1.0.28, an error in the
    'header_read()' function (common.c) when handling ID3
    tags can be exploited to cause a stack-based buffer
    overflow via a specially crafted FLAC
    file.(CVE-2017-7586)

  - Heap-based Buffer Overflow in the psf_binheader_writef
    function in common.c in libsndfile through 1.0.28
    allows remote attackers to cause a denial of service
    (application crash) or possibly have unspecified other
    impact.(CVE-2017-12562)

  - In libsndfile 1.0.25 (fixed in 1.0.26), a
    divide-by-zero error exists in the function
    wav_w64_read_fmt_chunk() in wav_w64.c, which may lead
    to DoS when playing a crafted audio
    file.(CVE-2017-16942)

  - In libsndfile 1.0.28, a divide-by-zero error exists in
    the function double64_init() in double64.c, which may
    lead to DoS when playing a crafted audio
    file.(CVE-2017-14634)

  - The psf_fwrite function in file_io.c in libsndfile
    allows attackers to cause a denial of service
    (divide-by-zero error and application crash) via
    unspecified vectors related to the headindex
    variable.(CVE-2014-9756)

  - In libsndfile before 1.0.28, an error in the
    'flac_buffer_copy()' function (flac.c) can be exploited
    to cause a segmentation violation (with write memory
    access) via a specially crafted FLAC file during a
    resample attempt, a similar issue to
    CVE-2017-7585.(CVE-2017-7741)

  - In libsndfile before 1.0.28, an error in the
    'flac_buffer_copy()' function (flac.c) can be exploited
    to cause a segmentation violation (with read memory
    access) via a specially crafted FLAC file during a
    resample attempt, a similar issue to
    CVE-2017-7585.(CVE-2017-7742)

  - In libsndfile version 1.0.28, an error in the
    'aiff_read_chanmap()' function (aiff.c) can be
    exploited to cause an out-of-bounds read memory access
    via a specially crafted AIFF file.(CVE-2017-6892)

  - The flac_buffer_copy function in flac.c in libsndfile
    1.0.28 allows remote attackers to cause a denial of
    service (buffer overflow and application crash) or
    possibly have unspecified other impact via a crafted
    audio file.(CVE-2017-8361)

  - The flac_buffer_copy function in flac.c in libsndfile
    1.0.28 allows remote attackers to cause a denial of
    service (invalid read and application crash) via a
    crafted audio file.(CVE-2017-8362)

  - The flac_buffer_copy function in flac.c in libsndfile
    1.0.28 allows remote attackers to cause a denial of
    service (heap-based buffer over-read and application
    crash) via a crafted audio file.(CVE-2017-8363)

  - The i2les_array function in pcm.c in libsndfile 1.0.28
    allows remote attackers to cause a denial of service
    (buffer over-read and application crash) via a crafted
    audio file.(CVE-2017-8365)

  - The sd2_parse_rsrc_fork function in sd2.c in libsndfile
    allows attackers to have unspecified impact via vectors
    related to a (1) map offset or (2) rsrc marker, which
    triggers an out-of-bounds read.(CVE-2014-9496)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2513
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b80e01d6");
  script_set_attribute(attribute:"solution", value:
"Update the affected libsndfile packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsndfile");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["libsndfile-1.0.25-10.h11"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile");
}