Vulnerabilities > CVE-2019-6256 - Improper Handling of Exceptional Conditions vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-58.NASL description This update fixes two security issues in live555 : - CVE-2018-4013: Remote code execution vulnerability (bsc#1114779) - CVE-2019-6256: Denial of Service issue with RTSP-over-HTTP tunneling via x-sessioncookie HTTP headers (boo#1121892) This library is statically linked into VLC. However VLC is not affected because it only uses the live555 library to implement the RTSP client. last seen 2020-05-31 modified 2019-01-22 plugin id 121285 published 2019-01-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121285 title openSUSE Security Update : live555 (openSUSE-2019-58) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-58. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(121285); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26"); script_cve_id("CVE-2018-4013", "CVE-2019-6256"); script_name(english:"openSUSE Security Update : live555 (openSUSE-2019-58)"); script_summary(english:"Check for the openSUSE-2019-58 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes two security issues in live555 : - CVE-2018-4013: Remote code execution vulnerability (bsc#1114779) - CVE-2019-6256: Denial of Service issue with RTSP-over-HTTP tunneling via x-sessioncookie HTTP headers (boo#1121892) This library is statically linked into VLC. However VLC is not affected because it only uses the live555 library to implement the RTSP client." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114779" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121892" ); script_set_attribute( attribute:"solution", value:"Update the affected live555 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"live555-devel-2018.12.14-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "live555-devel"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1690.NASL description Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library : CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to an invalid function pointer dereference. This issue might happen during error handling when processing two GET and POST requests being sent with identical x-sessioncookie within the same TCP session and might be leveraged by remote attackers to cause DoS. CVE-2019-7314 liblivemedia servers with RTSP-over-HTTP tunneling enabled are affected by a use-after-free vulnerability. This vulnerability might be triggered by remote attackers to cause DoS (server crash) or possibly unspecified other impact. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 122453 published 2019-02-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122453 title Debian DLA-1690-1 : liblivemedia security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1690-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(122453); script_version("1.2"); script_cvs_date("Date: 2020/02/07"); script_cve_id("CVE-2019-6256", "CVE-2019-7314"); script_name(english:"Debian DLA-1690-1 : liblivemedia security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library : CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to an invalid function pointer dereference. This issue might happen during error handling when processing two GET and POST requests being sent with identical x-sessioncookie within the same TCP session and might be leveraged by remote attackers to cause DoS. CVE-2019-7314 liblivemedia servers with RTSP-over-HTTP tunneling enabled are affected by a use-after-free vulnerability. This vulnerability might be triggered by remote attackers to cause DoS (server crash) or possibly unspecified other impact. For Debian 8 'Jessie', these problems have been fixed in version 2014.01.13-1+deb8u2. We recommend that you upgrade your liblivemedia packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/liblivemedia" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbasicusageenvironment0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgroupsock1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia23"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libusageenvironment1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:livemedia-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libbasicusageenvironment0", reference:"2014.01.13-1+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libgroupsock1", reference:"2014.01.13-1+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"liblivemedia-dev", reference:"2014.01.13-1+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"liblivemedia23", reference:"2014.01.13-1+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"libusageenvironment1", reference:"2014.01.13-1+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"livemedia-utils", reference:"2014.01.13-1+deb8u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4408.NASL description Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream. last seen 2020-06-01 modified 2020-06-02 plugin id 122933 published 2019-03-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122933 title Debian DSA-4408-1 : liblivemedia - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4408. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(122933); script_version("1.2"); script_cvs_date("Date: 2020/02/05"); script_cve_id("CVE-2019-6256", "CVE-2019-7314", "CVE-2019-9215"); script_xref(name:"DSA", value:"4408"); script_name(english:"Debian DSA-4408-1 : liblivemedia - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream." ); # https://security-tracker.debian.org/tracker/source-package/liblivemedia script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ae949efb" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/liblivemedia" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4408" ); script_set_attribute( attribute:"solution", value: "Upgrade the liblivemedia packages. For the stable distribution (stretch), these problems have been fixed in version 2016.11.28-1+deb9u2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"libbasicusageenvironment1", reference:"2016.11.28-1+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libgroupsock8", reference:"2016.11.28-1+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"liblivemedia-dev", reference:"2016.11.28-1+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"liblivemedia57", reference:"2016.11.28-1+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libusageenvironment3", reference:"2016.11.28-1+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"livemedia-utils", reference:"2016.11.28-1+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202005-06.NASL description The remote host is affected by the vulnerability described in GLSA-202005-06 (LIVE555 Media Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-05-21 modified 2020-05-15 plugin id 136636 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136636 title GLSA-202005-06 : LIVE555 Media Server: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202005-06. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(136636); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/19"); script_cve_id("CVE-2018-4013", "CVE-2019-15232", "CVE-2019-6256", "CVE-2019-7314", "CVE-2019-7733", "CVE-2019-9215"); script_xref(name:"GLSA", value:"202005-06"); script_name(english:"GLSA-202005-06 : LIVE555 Media Server: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202005-06 (LIVE555 Media Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202005-06" ); script_set_attribute( attribute:"solution", value: "All LIVE555 Media Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-plugins/live-2020.03.06'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:live"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-plugins/live", unaffected:make_list("ge 2020.03.06"), vulnerable:make_list("lt 2020.03.06"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LIVE555 Media Server"); }
References
- https://github.com/rgaufman/live555/issues/19
- https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html
- https://seclists.org/bugtraq/2019/Mar/22
- https://security.gentoo.org/glsa/202005-06
- https://www.debian.org/security/2019/dsa-4408
- https://github.com/rgaufman/live555/issues/19
- https://www.debian.org/security/2019/dsa-4408
- https://security.gentoo.org/glsa/202005-06
- https://seclists.org/bugtraq/2019/Mar/22
- https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html