English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63620
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-736-1 (gst-plugins-good0.10)
Summary:Ubuntu USN-736-1 (gst-plugins-good0.10)
Description:The remote host is missing an update to gst-plugins-good0.10
announced via advisory USN-736-1.

Details follow:

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Composition Time To Sample (ctts) atom data in Quicktime (mov)
movie files. If a user were tricked into opening a crafted mov file, an
attacker could execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-0386)

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files.
If a user were tricked into opening a crafted mov file, an attacker could
cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-0387)

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie
files. If a user were tricked into opening a crafted mov file, an attacker
could execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-0397)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
gstreamer0.10-plugins-good 0.10.6-0ubuntu4.2

Ubuntu 8.04 LTS:
gstreamer0.10-plugins-good 0.10.7-3ubuntu0.2

Ubuntu 8.10:
gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-736-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0386
Bugtraq: 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded
http://www.openwall.com/lists/oss-security/2009/01/29/3
http://trapkit.de/advisories/TKADV2009-003.txt
http://security.gentoo.org/glsa/glsa-200907-11.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:035
http://www.redhat.com/support/errata/RHSA-2009-0271.html
SuSE Security Announcement: SUSE-SR:2009:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
http://www.ubuntu.com/usn/USN-736-1
BugTraq ID: 33405
http://www.securityfocus.com/bid/33405
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10306
http://secunia.com/advisories/33815
http://secunia.com/advisories/34336
http://secunia.com/advisories/35777
http://www.vupen.com/english/advisories/2009/0225
http://secunia.com/advisories/33650
Common Vulnerability Exposure (CVE) ID: CVE-2009-0387
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10611
Common Vulnerability Exposure (CVE) ID: CVE-2009-0397
http://www.redhat.com/support/errata/RHSA-2009-0270.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9942
http://secunia.com/advisories/33830
XForce ISS Database: gstreamer-qtdemuxparse-bo(48555)
http://xforce.iss.net/xforce/xfdb/48555
Common Vulnerability Exposure (CVE) ID: CVE-2007-5137
http://bugs.gentoo.org/show_bug.cgi?id=192539
Debian Security Information: DSA-1743 (Google Search)
http://www.debian.org/security/2009/dsa-1743
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html
http://security.gentoo.org/glsa/glsa-200710-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:200
http://www.redhat.com/support/errata/RHSA-2008-0136.html
SuSE Security Announcement: SUSE-SR:2007:020 (Google Search)
http://www.novell.com/linux/security/advisories/2007_20_sr.html
http://www.ubuntu.com/usn/usn-529-1
http://www.attrition.org/pipermail/vim/2007-October/001826.html
BugTraq ID: 25826
http://www.securityfocus.com/bid/25826
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9540
http://secunia.com/advisories/26942
http://secunia.com/advisories/27086
http://secunia.com/advisories/27207
http://secunia.com/advisories/27182
http://secunia.com/advisories/27295
http://secunia.com/advisories/27229
http://secunia.com/advisories/29069
http://secunia.com/advisories/34297
Common Vulnerability Exposure (CVE) ID: CVE-2007-5378
Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded
Debian Security Information: DSA-1415 (Google Search)
http://www.debian.org/security/2007/dsa-1415
Debian Security Information: DSA-1416 (Google Search)
http://www.debian.org/security/2007/dsa-1416
http://www.redhat.com/support/errata/RHSA-2008-0135.html
http://www.redhat.com/support/errata/RHSA-2008-0134.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
BugTraq ID: 26056
http://www.securityfocus.com/bid/26056
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9480
http://www.vupen.com/english/advisories/2008/1456/references
http://www.vupen.com/english/advisories/2008/1744
http://secunia.com/advisories/27801
http://secunia.com/advisories/27806
http://secunia.com/advisories/29070
http://secunia.com/advisories/30129
http://secunia.com/advisories/30535
XForce ISS Database: tktoolkit-filereadgif-dos(37189)
http://xforce.iss.net/xforce/xfdb/37189
Common Vulnerability Exposure (CVE) ID: CVE-2009-0586
Bugtraq: 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501712/100/0/threaded
http://openwall.com/lists/oss-security/2009/03/12/2
http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff
http://www.ocert.org/advisories/ocert-2008-015.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:085
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://www.ubuntu.com/usn/USN-735-1
BugTraq ID: 34100
http://www.securityfocus.com/bid/34100
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9694
http://secunia.com/advisories/34335
http://secunia.com/advisories/34350
XForce ISS Database: gstreamer-gstvorbistagaddcoverart-bo(49274)
http://xforce.iss.net/xforce/xfdb/49274
Common Vulnerability Exposure (CVE) ID: CVE-2009-0585
http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff
Debian Security Information: DSA-1748 (Google Search)
http://www.debian.org/security/2009/dsa-1748
http://www.mandriva.com/security/advisories?name=MDVSA-2009:081
http://www.redhat.com/support/errata/RHSA-2009-0344.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.ubuntu.com/usn/USN-737-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9599
http://secunia.com/advisories/34310
http://secunia.com/advisories/34337
http://secunia.com/advisories/34401
http://secunia.com/advisories/35065
XForce ISS Database: libsoup-soupmisc-bo(49273)
http://xforce.iss.net/xforce/xfdb/49273
Common Vulnerability Exposure (CVE) ID: CVE-2009-0135
Bugtraq: 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499984/100/0/threaded
http://openwall.com/lists/oss-security/2009/01/14/2
http://trapkit.de/advisories/TKADV2009-002.txt
Debian Security Information: DSA-1706 (Google Search)
http://www.debian.org/security/2009/dsa-1706
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html
http://security.gentoo.org/glsa/glsa-200903-34.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:030
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://www.ubuntu.com/usn/USN-739-1
BugTraq ID: 33210
http://www.securityfocus.com/bid/33210
http://secunia.com/advisories/34315
http://secunia.com/advisories/34407
http://www.vupen.com/english/advisories/2009/0100
http://www.securitytracker.com/id?1021558
http://secunia.com/advisories/33505
http://secunia.com/advisories/33522
http://secunia.com/advisories/33640
http://secunia.com/advisories/33819
http://securityreason.com/securityalert/4915
Common Vulnerability Exposure (CVE) ID: CVE-2009-0136
Common Vulnerability Exposure (CVE) ID: CVE-2008-4564
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774
CERT/CC vulnerability note: VU#276563
http://www.kb.cert.org/vuls/id/276563
BugTraq ID: 34086
http://www.securityfocus.com/bid/34086
http://osvdb.org/52713
http://securitytracker.com/id?1021856
http://securitytracker.com/id?1021857
http://www.securitytracker.com/id?1021859
http://secunia.com/advisories/34307
http://secunia.com/advisories/34303
http://secunia.com/advisories/34318
http://secunia.com/advisories/34355
http://www.vupen.com/english/advisories/2009/0744
http://www.vupen.com/english/advisories/2009/0756
http://www.vupen.com/english/advisories/2009/0757
XForce ISS Database: autonomy-keyview-wp6sr-bo(49284)
http://xforce.iss.net/xforce/xfdb/49284
Common Vulnerability Exposure (CVE) ID: CVE-2009-0538
Bugtraq: 20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501930/100/0/threaded
http://www.layereddefense.com/pcanywhere17mar.html
BugTraq ID: 33845
http://www.securityfocus.com/bid/33845
http://osvdb.org/52797
http://securitytracker.com/id?1021855
http://secunia.com/advisories/34305
http://www.vupen.com/english/advisories/2009/0755
XForce ISS Database: symantec-pcanywhere-unspecified-dos(49291)
http://xforce.iss.net/xforce/xfdb/49291
Common Vulnerability Exposure (CVE) ID: CVE-2004-2761
Bugtraq: 20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499685/100/0/threaded
http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
http://www.doxpara.com/research/md5/md5_someday.pdf
http://www.microsoft.com/technet/security/advisory/961509.mspx
http://www.phreedom.org/research/rogue-ca/
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
http://www.win.tue.nl/hashclash/rogue-ca/
https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
Cisco Security Advisory: 20090115 MD5 Hashes May Allow for Certificate Spoofing
http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html
RedHat Security Advisories: RHSA-2010:0837
https://rhn.redhat.com/errata/RHSA-2010-0837.html
RedHat Security Advisories: RHSA-2010:0838
https://rhn.redhat.com/errata/RHSA-2010-0838.html
http://www.ubuntu.com/usn/usn-740-1
CERT/CC vulnerability note: VU#836068
http://www.kb.cert.org/vuls/id/836068
BugTraq ID: 33065
http://www.securityfocus.com/bid/33065
http://securitytracker.com/id?1024697
http://secunia.com/advisories/33826
http://secunia.com/advisories/34281
http://secunia.com/advisories/42181
http://securityreason.com/securityalert/4866
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.