Vulnerabilities > CVE-2019-7314 - Use After Free vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
live555
debian
CWE-416
nessus
NVD
Published: 2019-02-04
Updated: 2020-05-15

Summary

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.

Vulnerable Configurations

Part Description Count
Application
Live555
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1690.NASL
    descriptionMultiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library : CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to an invalid function pointer dereference. This issue might happen during error handling when processing two GET and POST requests being sent with identical x-sessioncookie within the same TCP session and might be leveraged by remote attackers to cause DoS. CVE-2019-7314 liblivemedia servers with RTSP-over-HTTP tunneling enabled are affected by a use-after-free vulnerability. This vulnerability might be triggered by remote attackers to cause DoS (server crash) or possibly unspecified other impact. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id122453
    published2019-02-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122453
    titleDebian DLA-1690-1 : liblivemedia security update
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1690-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(122453);
  script_version("1.2");
  script_cvs_date("Date: 2020/02/07");

  script_cve_id("CVE-2019-6256", "CVE-2019-7314");

  script_name(english:"Debian DLA-1690-1 : liblivemedia security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities have been discovered in liblivemedia, the
LIVE555 RTSP server library :

CVE-2019-6256

liblivemedia servers with RTSP-over-HTTP tunneling enabled are
vulnerable to an invalid function pointer dereference. This issue
might happen during error handling when processing two GET and POST
requests being sent with identical x-sessioncookie within the same TCP
session and might be leveraged by remote attackers to cause DoS.

CVE-2019-7314

liblivemedia servers with RTSP-over-HTTP tunneling enabled are
affected by a use-after-free vulnerability. This vulnerability might
be triggered by remote attackers to cause DoS (server crash) or
possibly unspecified other impact.

For Debian 8 'Jessie', these problems have been fixed in version
2014.01.13-1+deb8u2.

We recommend that you upgrade your liblivemedia packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/liblivemedia"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbasicusageenvironment0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgroupsock1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia23");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libusageenvironment1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:livemedia-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libbasicusageenvironment0", reference:"2014.01.13-1+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libgroupsock1", reference:"2014.01.13-1+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"liblivemedia-dev", reference:"2014.01.13-1+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"liblivemedia23", reference:"2014.01.13-1+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libusageenvironment1", reference:"2014.01.13-1+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"livemedia-utils", reference:"2014.01.13-1+deb8u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4408.NASL
    descriptionMultiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
    last seen2020-06-01
    modified2020-06-02
    plugin id122933
    published2019-03-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122933
    titleDebian DSA-4408-1 : liblivemedia - security update
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4408. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(122933);
  script_version("1.2");
  script_cvs_date("Date: 2020/02/05");

  script_cve_id("CVE-2019-6256", "CVE-2019-7314", "CVE-2019-9215");
  script_xref(name:"DSA", value:"4408");

  script_name(english:"Debian DSA-4408-1 : liblivemedia - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues were discovered in liveMedia, a set of C++
libraries for multimedia streaming which could result in the execution
of arbitrary code or denial of service when parsing a malformed RTSP
stream."
  );
  # https://security-tracker.debian.org/tracker/source-package/liblivemedia
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ae949efb"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/liblivemedia"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2019/dsa-4408"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the liblivemedia packages.

For the stable distribution (stretch), these problems have been fixed
in version 2016.11.28-1+deb9u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"9.0", prefix:"libbasicusageenvironment1", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libgroupsock8", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"liblivemedia-dev", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"liblivemedia57", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libusageenvironment3", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"livemedia-utils", reference:"2016.11.28-1+deb9u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1797.NASL
    descriptionThis update for live555 fixes the following issues : - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. (boo#1127341) - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead to a Use-After-Free error causing the RTSP server to crash or possibly have unspecified other impact. (boo#1124159) - Update to version 2019.06.28, - Convert to dynamic libraries (boo#1121995) : + Use make ilinux-with-shared-libraries: build the dynamic libs instead of the static one. + Use make install instead of a manual file copy script: this also reveals that we missed quite a bit of code to be installed before. + Split out shared library packages according the SLPP. - Use FAT LTO objects in order to provide proper static library.
    last seen2020-06-01
    modified2020-06-02
    plugin id126980
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126980
    titleopenSUSE Security Update : live555 (openSUSE-2019-1797)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1797.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(126980);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/06");

  script_cve_id("CVE-2019-7314", "CVE-2019-9215");

  script_name(english:"openSUSE Security Update : live555 (openSUSE-2019-1797)");
  script_summary(english:"Check for the openSUSE-2019-1797 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for live555 fixes the following issues :

  - CVE-2019-9215: Malformed headers could have lead to
    invalid memory access in the parseAuthorizationHeader
    function. (boo#1127341)

  - CVE-2019-7314: Mishandled termination of an RTSP stream
    after RTP/RTCP-over-RTSP has been set up could have lead
    to a Use-After-Free error causing the RTSP server to
    crash or possibly have unspecified other impact.
    (boo#1124159)

  - Update to version 2019.06.28, 

  - Convert to dynamic libraries (boo#1121995) :

  + Use make ilinux-with-shared-libraries: build the dynamic
    libs instead of the static one.

  + Use make install instead of a manual file copy script:
    this also reveals that we missed quite a bit of code to
    be installed before.

  + Split out shared library packages according the SLPP.

  - Use FAT LTO objects in order to provide proper static
    library."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127341"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected live555 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libBasicUsageEnvironment1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libBasicUsageEnvironment1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libUsageEnvironment3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libUsageEnvironment3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgroupsock8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgroupsock8-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libliveMedia66");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libliveMedia66-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"libBasicUsageEnvironment1-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libBasicUsageEnvironment1-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libUsageEnvironment3-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libUsageEnvironment3-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libgroupsock8-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libgroupsock8-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libliveMedia66-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libliveMedia66-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"live555-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"live555-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"live555-debugsource-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"live555-devel-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libBasicUsageEnvironment1-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libBasicUsageEnvironment1-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libUsageEnvironment3-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libUsageEnvironment3-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libgroupsock8-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libgroupsock8-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libliveMedia66-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libliveMedia66-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"live555-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"live555-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"live555-debugsource-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"live555-devel-2019.06.28-lp151.2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libBasicUsageEnvironment1 / libBasicUsageEnvironment1-debuginfo / etc");
}
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202005-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202005-06 (LIVE555 Media Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-05-21
    modified2020-05-15
    plugin id136636
    published2020-05-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136636
    titleGLSA-202005-06 : LIVE555 Media Server: Multiple vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202005-06.
#
# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(136636);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/19");

  script_cve_id("CVE-2018-4013", "CVE-2019-15232", "CVE-2019-6256", "CVE-2019-7314", "CVE-2019-7733", "CVE-2019-9215");
  script_xref(name:"GLSA", value:"202005-06");

  script_name(english:"GLSA-202005-06 : LIVE555 Media Server: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-202005-06
(LIVE555 Media Server: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in LIVE555 Media Server.
      Please review the CVE identifiers referenced below for details.
  
Impact :

    Please review the referenced CVE identifiers for details.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/202005-06"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All LIVE555 Media Server users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=media-plugins/live-2020.03.06'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:live");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"media-plugins/live", unaffected:make_list("ge 2020.03.06"), vulnerable:make_list("lt 2020.03.06"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LIVE555 Media Server");
}

References