Vulnerabilities > CVE-2019-9215

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
live555
opensuse
debian
critical
nessus
NVD
Published: 2019-02-28
Updated: 2022-04-22

Summary

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

Vulnerable Configurations

Part Description Count
Application
Live555
559
Application
Opensuse
2
OS
Opensuse
3
OS
Debian
2

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1720.NASL
    descriptionIt was discovered that liblivemedia, the LIVE555 RTSP server library, is vulnerable to an invalid memory access when processing the Authorization header field. Remote attackers could leverage this vulnerability to possibly trigger code execution or denial of service (OOB access and application crash) via a crafted HTTP header. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id122932
    published2019-03-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122932
    titleDebian DLA-1720-1 : liblivemedia security update
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1720-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(122932);
  script_version("1.2");
  script_cvs_date("Date: 2020/02/05");

  script_cve_id("CVE-2019-9215");

  script_name(english:"Debian DLA-1720-1 : liblivemedia security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that liblivemedia, the LIVE555 RTSP server library,
is vulnerable to an invalid memory access when processing the
Authorization header field. Remote attackers could leverage this
vulnerability to possibly trigger code execution or denial of service
(OOB access and application crash) via a crafted HTTP header.

For Debian 8 'Jessie', this problem has been fixed in version
2014.01.13-1+deb8u3.

We recommend that you upgrade your liblivemedia packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/liblivemedia"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbasicusageenvironment0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgroupsock1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia23");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libusageenvironment1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:livemedia-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libbasicusageenvironment0", reference:"2014.01.13-1+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"libgroupsock1", reference:"2014.01.13-1+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"liblivemedia-dev", reference:"2014.01.13-1+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"liblivemedia23", reference:"2014.01.13-1+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"libusageenvironment1", reference:"2014.01.13-1+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"livemedia-utils", reference:"2014.01.13-1+deb8u3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4408.NASL
    descriptionMultiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
    last seen2020-06-01
    modified2020-06-02
    plugin id122933
    published2019-03-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122933
    titleDebian DSA-4408-1 : liblivemedia - security update
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4408. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(122933);
  script_version("1.2");
  script_cvs_date("Date: 2020/02/05");

  script_cve_id("CVE-2019-6256", "CVE-2019-7314", "CVE-2019-9215");
  script_xref(name:"DSA", value:"4408");

  script_name(english:"Debian DSA-4408-1 : liblivemedia - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues were discovered in liveMedia, a set of C++
libraries for multimedia streaming which could result in the execution
of arbitrary code or denial of service when parsing a malformed RTSP
stream."
  );
  # https://security-tracker.debian.org/tracker/source-package/liblivemedia
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ae949efb"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/liblivemedia"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2019/dsa-4408"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the liblivemedia packages.

For the stable distribution (stretch), these problems have been fixed
in version 2016.11.28-1+deb9u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblivemedia");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"9.0", prefix:"libbasicusageenvironment1", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libgroupsock8", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"liblivemedia-dev", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"liblivemedia57", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libusageenvironment3", reference:"2016.11.28-1+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"livemedia-utils", reference:"2016.11.28-1+deb9u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1797.NASL
    descriptionThis update for live555 fixes the following issues : - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. (boo#1127341) - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead to a Use-After-Free error causing the RTSP server to crash or possibly have unspecified other impact. (boo#1124159) - Update to version 2019.06.28, - Convert to dynamic libraries (boo#1121995) : + Use make ilinux-with-shared-libraries: build the dynamic libs instead of the static one. + Use make install instead of a manual file copy script: this also reveals that we missed quite a bit of code to be installed before. + Split out shared library packages according the SLPP. - Use FAT LTO objects in order to provide proper static library.
    last seen2020-06-01
    modified2020-06-02
    plugin id126980
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126980
    titleopenSUSE Security Update : live555 (openSUSE-2019-1797)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1797.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(126980);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/06");

  script_cve_id("CVE-2019-7314", "CVE-2019-9215");

  script_name(english:"openSUSE Security Update : live555 (openSUSE-2019-1797)");
  script_summary(english:"Check for the openSUSE-2019-1797 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for live555 fixes the following issues :

  - CVE-2019-9215: Malformed headers could have lead to
    invalid memory access in the parseAuthorizationHeader
    function. (boo#1127341)

  - CVE-2019-7314: Mishandled termination of an RTSP stream
    after RTP/RTCP-over-RTSP has been set up could have lead
    to a Use-After-Free error causing the RTSP server to
    crash or possibly have unspecified other impact.
    (boo#1124159)

  - Update to version 2019.06.28, 

  - Convert to dynamic libraries (boo#1121995) :

  + Use make ilinux-with-shared-libraries: build the dynamic
    libs instead of the static one.

  + Use make install instead of a manual file copy script:
    this also reveals that we missed quite a bit of code to
    be installed before.

  + Split out shared library packages according the SLPP.

  - Use FAT LTO objects in order to provide proper static
    library."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127341"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected live555 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libBasicUsageEnvironment1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libBasicUsageEnvironment1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libUsageEnvironment3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libUsageEnvironment3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgroupsock8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgroupsock8-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libliveMedia66");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libliveMedia66-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:live555-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"libBasicUsageEnvironment1-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libBasicUsageEnvironment1-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libUsageEnvironment3-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libUsageEnvironment3-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libgroupsock8-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libgroupsock8-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libliveMedia66-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libliveMedia66-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"live555-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"live555-debuginfo-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"live555-debugsource-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"live555-devel-2019.06.28-lp150.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libBasicUsageEnvironment1-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libBasicUsageEnvironment1-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libUsageEnvironment3-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libUsageEnvironment3-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libgroupsock8-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libgroupsock8-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libliveMedia66-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libliveMedia66-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"live555-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"live555-debuginfo-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"live555-debugsource-2019.06.28-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"live555-devel-2019.06.28-lp151.2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libBasicUsageEnvironment1 / libBasicUsageEnvironment1-debuginfo / etc");
}
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202005-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202005-06 (LIVE555 Media Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-05-21
    modified2020-05-15
    plugin id136636
    published2020-05-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136636
    titleGLSA-202005-06 : LIVE555 Media Server: Multiple vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202005-06.
#
# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(136636);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/19");

  script_cve_id("CVE-2018-4013", "CVE-2019-15232", "CVE-2019-6256", "CVE-2019-7314", "CVE-2019-7733", "CVE-2019-9215");
  script_xref(name:"GLSA", value:"202005-06");

  script_name(english:"GLSA-202005-06 : LIVE555 Media Server: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-202005-06
(LIVE555 Media Server: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in LIVE555 Media Server.
      Please review the CVE identifiers referenced below for details.
  
Impact :

    Please review the referenced CVE identifiers for details.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/202005-06"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All LIVE555 Media Server users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=media-plugins/live-2020.03.06'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:live");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"media-plugins/live", unaffected:make_list("ge 2020.03.06"), vulnerable:make_list("lt 2020.03.06"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LIVE555 Media Server");
}

References