Vulnerabilities > CVE-2018-4013 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-58.NASL description This update fixes two security issues in live555 : - CVE-2018-4013: Remote code execution vulnerability (bsc#1114779) - CVE-2019-6256: Denial of Service issue with RTSP-over-HTTP tunneling via x-sessioncookie HTTP headers (boo#1121892) This library is statically linked into VLC. However VLC is not affected because it only uses the live555 library to implement the RTSP client. last seen 2020-05-31 modified 2019-01-22 plugin id 121285 published 2019-01-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121285 title openSUSE Security Update : live555 (openSUSE-2019-58) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-58. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(121285); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26"); script_cve_id("CVE-2018-4013", "CVE-2019-6256"); script_name(english:"openSUSE Security Update : live555 (openSUSE-2019-58)"); script_summary(english:"Check for the openSUSE-2019-58 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes two security issues in live555 : - CVE-2018-4013: Remote code execution vulnerability (bsc#1114779) - CVE-2019-6256: Denial of Service issue with RTSP-over-HTTP tunneling via x-sessioncookie HTTP headers (boo#1121892) This library is statically linked into VLC. However VLC is not affected because it only uses the live555 library to implement the RTSP client." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114779" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121892" ); script_set_attribute( attribute:"solution", value:"Update the affected live555 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"live555-devel-2018.12.14-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "live555-devel"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FA194483DABD11E8BF395404A68AD561.NASL description Talos reports : An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 118478 published 2018-10-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118478 title FreeBSD : liveMedia -- potential remote code execution (fa194483-dabd-11e8-bf39-5404a68ad561) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4343.NASL description It was discovered that a buffer overflow in liveMedia, a set of C++ libraries for multimedia streaming could result in the execution of arbitrary code when parsing a malformed RTSP stream. last seen 2020-06-01 modified 2020-06-02 plugin id 119124 published 2018-11-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119124 title Debian DSA-4343-1 : liblivemedia - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1582.NASL description A stack based buffer overflow vulnerability was found in liblivemedia, the LIVE555 RTSP server library. This issue might be leveraged by remote attackers to cause code execution, by sending a crafted packet. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 119054 published 2018-11-21 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119054 title Debian DLA-1582-1 : liblivemedia security update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202005-06.NASL description The remote host is affected by the vulnerability described in GLSA-202005-06 (LIVE555 Media Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-05-21 modified 2020-05-15 plugin id 136636 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136636 title GLSA-202005-06 : LIVE555 Media Server: Multiple vulnerabilities
Talos
id | TALOS-2018-0684 |
last seen | 2019-05-29 |
published | 2018-10-18 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0684 |
title | Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability |
The Hacker News
id | THN:6CD8C5575220F8640A7E9D117AE6181F |
last seen | 2018-10-22 |
modified | 2018-10-22 |
published | 2018-10-19 |
reporter | The Hacker News |
source | https://thehackernews.com/2018/10/critical-flaw-found-in-streaming.html |
title | Critical Code Execution Flaw Found in LIVE555 Streaming Library |
References
- http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
- http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00020.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00020.html
- https://security.gentoo.org/glsa/202005-06
- https://security.gentoo.org/glsa/202005-06
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
- https://www.debian.org/security/2018/dsa-4343
- https://www.debian.org/security/2018/dsa-4343