Vulnerabilities > CVE-2018-11710 - Out-of-bounds Write vulnerability in Openmpt Libopenmpt

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
openmpt
CWE-787
nessus
NVD
Published: 2018-06-04
Updated: 2018-07-16

Summary

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.

Vulnerable Configurations

Part Description Count
Application
Openmpt
53

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-742.NASL
    descriptionThis update for libopenmpt to version 0.3.9 fixes the following issues : These security issues were fixed : - CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644) - CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080) These non-security issues were fixed : - [Bug] openmpt123: Fixed build failure in C++17 due to use of removed feature std::random_shuffle. - STM: Having both Bxx and Cxx commands in a pattern imported the Bxx command incorrectly. - STM: Last character of sample name was missing. - Speed up reading of truncated ULT files. - ULT: Portamento import was sometimes broken. - The resonant filter was sometimes unstable when combining low-volume samples, low cutoff and high mixing rates. - Keep track of active SFx macro during seeking. - The
    last seen2020-06-05
    modified2018-07-20
    plugin id111197
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111197
    titleopenSUSE Security Update : libopenmpt (openSUSE-2018-742)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-742.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(111197);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2018-10017", "CVE-2018-11710");

  script_name(english:"openSUSE Security Update : libopenmpt (openSUSE-2018-742)");
  script_summary(english:"Check for the openSUSE-2018-742 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for libopenmpt to version 0.3.9 fixes the following 
issues :

These security issues were fixed :

  - CVE-2018-11710: Prevent write near address 0 in
    out-of-memory situations when reading AMS files
    (bsc#1095644)

  - CVE-2018-10017: Preven out-of-bounds memory read with
    IT/ITP/MO3 files containing pattern loops (bsc#1089080)

These non-security issues were fixed :

  - [Bug] openmpt123: Fixed build failure in C++17 due to
    use of removed feature std::random_shuffle.

  - STM: Having both Bxx and Cxx commands in a pattern
    imported the Bxx command incorrectly.

  - STM: Last character of sample name was missing.

  - Speed up reading of truncated ULT files.

  - ULT: Portamento import was sometimes broken.

  - The resonant filter was sometimes unstable when
    combining low-volume samples, low cutoff and high mixing
    rates.

  - Keep track of active SFx macro during seeking.

  - The 'note cut' duplicate note action did not volume-ramp
    the previously playing sample.

  - A song starting with non-existing patterns could not be
    played.

  - DSM: Support restart position and 16-bit samples.

  - DTM: Import global volume.

This update was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089080"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095644"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libopenmpt packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug1-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt0-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt_modplug1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt_modplug1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openmpt123");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openmpt123-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"libmodplug-devel-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libmodplug1-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libmodplug1-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt-debugsource-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt-devel-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt0-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt0-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt_modplug1-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt_modplug1-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"openmpt123-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"openmpt123-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libmodplug1-32bit-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libmodplug1-32bit-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libopenmpt0-32bit-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libopenmpt0-32bit-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libopenmpt_modplug1-32bit-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libopenmpt_modplug1-32bit-debuginfo-0.3.9-lp150.2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmodplug-devel / libmodplug1 / libmodplug1-debuginfo / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-524.NASL
    descriptionThis update for libopenmpt to version 0.3.9 fixes the following issues : These security issues were fixed : - CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644) - CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080) These non-security issues were fixed : - [Bug] openmpt123: Fixed build failure in C++17 due to use of removed feature std::random_shuffle. - STM: Having both Bxx and Cxx commands in a pattern imported the Bxx command incorrectly. - STM: Last character of sample name was missing. - Speed up reading of truncated ULT files. - ULT: Portamento import was sometimes broken. - The resonant filter was sometimes unstable when combining low-volume samples, low cutoff and high mixing rates. - Keep track of active SFx macro during seeking. - The
    last seen2020-06-01
    modified2020-06-02
    plugin id123222
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123222
    titleopenSUSE Security Update : libopenmpt (openSUSE-2019-524)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-524.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(123222);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/30");

  script_cve_id("CVE-2018-10017", "CVE-2018-11710");

  script_name(english:"openSUSE Security Update : libopenmpt (openSUSE-2019-524)");
  script_summary(english:"Check for the openSUSE-2019-524 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for libopenmpt to version 0.3.9 fixes the following 
issues :

These security issues were fixed :

  - CVE-2018-11710: Prevent write near address 0 in
    out-of-memory situations when reading AMS files
    (bsc#1095644)

  - CVE-2018-10017: Preven out-of-bounds memory read with
    IT/ITP/MO3 files containing pattern loops (bsc#1089080)

These non-security issues were fixed :

  - [Bug] openmpt123: Fixed build failure in C++17 due to
    use of removed feature std::random_shuffle.

  - STM: Having both Bxx and Cxx commands in a pattern
    imported the Bxx command incorrectly.

  - STM: Last character of sample name was missing.

  - Speed up reading of truncated ULT files.

  - ULT: Portamento import was sometimes broken.

  - The resonant filter was sometimes unstable when
    combining low-volume samples, low cutoff and high mixing
    rates.

  - Keep track of active SFx macro during seeking.

  - The 'note cut' duplicate note action did not volume-ramp
    the previously playing sample.

  - A song starting with non-existing patterns could not be
    played.

  - DSM: Support restart position and 16-bit samples.

  - DTM: Import global volume.

This update was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089080"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095644"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libopenmpt packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug1-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmodplug1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt0-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt_modplug1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenmpt_modplug1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openmpt123");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openmpt123-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"libmodplug-devel-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libmodplug1-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libmodplug1-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt-debugsource-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt-devel-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt0-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt0-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt_modplug1-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libopenmpt_modplug1-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"openmpt123-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"openmpt123-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libmodplug1-32bit-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libmodplug1-32bit-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libopenmpt0-32bit-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libopenmpt0-32bit-debuginfo-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libopenmpt_modplug1-32bit-0.3.9-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libopenmpt_modplug1-32bit-debuginfo-0.3.9-lp150.2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmodplug-devel / libmodplug1 / libmodplug1-32bit / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1951-1.NASL
    descriptionThis update for libopenmpt to version 0.3.9 fixes the following issues: These security issues were fixed : - CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644) - CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120047
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120047
    titleSUSE SLED15 / SLES15 Security Update : libopenmpt (SUSE-SU-2018:1951-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:1951-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(120047);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/20");

  script_cve_id("CVE-2018-10017", "CVE-2018-11710");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : libopenmpt (SUSE-SU-2018:1951-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for libopenmpt to version 0.3.9 fixes the following
issues: These security issues were fixed :

  - CVE-2018-11710: Prevent write near address 0 in
    out-of-memory situations when reading AMS files
    (bsc#1095644)

  - CVE-2018-10017: Preven out-of-bounds memory read with
    IT/ITP/MO3 files containing pattern loops (bsc#1089080)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1089080"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10017/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11710/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20181951-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f2b09b2c"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t
patch SUSE-SLE-Module-Desktop-Applications-15-2018-1323=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmodplug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmodplug1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmodplug1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenmpt-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenmpt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenmpt0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenmpt0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenmpt_modplug1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenmpt_modplug1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"0", reference:"libmodplug-devel-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libmodplug1-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libmodplug1-debuginfo-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libopenmpt-debugsource-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libopenmpt-devel-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libopenmpt0-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libopenmpt0-debuginfo-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libopenmpt_modplug1-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libopenmpt_modplug1-debuginfo-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libmodplug-devel-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libmodplug1-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libmodplug1-debuginfo-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libopenmpt-debugsource-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libopenmpt-devel-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libopenmpt0-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libopenmpt0-debuginfo-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libopenmpt_modplug1-0.3.9-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libopenmpt_modplug1-debuginfo-0.3.9-3.3.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenmpt");
}

References