Test ID:	1.3.6.1.4.1.25623.1.0.70864
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1148-1 (libmodplug1)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libmodplug1 announced via advisory USN-1148-1. Details: It was discovered that libmodplug did not correctly handle certain malformed S3M media files. If a user or automated system were tricked into opening a crafted S3M file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-1574) It was discovered that libmodplug did not correctly handle certain malformed ABC media files. If a user or automated system were tricked into opening a crafted ABC file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-1761) The default compiler options for affected releases should reduce the vulnerability to a denial of service. Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libmodplug1 1:0.8.8.1-2ubuntu0.2 Ubuntu 10.10: libmodplug1 1:0.8.8.1-1ubuntu1.2 Ubuntu 10.04 LTS: libmodplug0c2 1:0.8.7-1ubuntu0.2 http://www.securityspace.com/smysecure/catid.html?in=USN-1148-1 CVSS Score: 6.8 CVSS Vector: AV:L/AC:H/Au:NR/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1574 1025480 http://securitytracker.com/id?1025480 44870 http://secunia.com/advisories/44870 48434 http://secunia.com/advisories/48434 8243 http://securityreason.com/securityalert/8243 DSA-2226 http://www.debian.org/security/2011/dsa-2226 GLSA-201203-16 http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml MDVSA-2011:085 http://www.mandriva.com/security/advisories?name=MDVSA-2011:085 RHSA-2011:0477 https://rhn.redhat.com/errata/RHSA-2011-0477.html USN-1148-1 https://www.ubuntu.com/usn/USN-1148-1/ [oss-security] 20110411 CVE request for libmodplug http://openwall.com/lists/oss-security/2011/04/11/6 [oss-security] 20110411 Re: CVE request for libmodplug http://openwall.com/lists/oss-security/2011/04/11/13 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091 http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commit%3Bh=aecef259828a89bb00c2e6f78e89de7363b2237b https://bugzilla.redhat.com/show_bug.cgi?id=695420 https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt Common Vulnerability Exposure (CVE) ID: CVE-2011-1761 17222 http://www.exploit-db.com/exploits/17222 44388 http://secunia.com/advisories/44388 44695 http://secunia.com/advisories/44695 45742 http://secunia.com/advisories/45742 48058 http://secunia.com/advisories/48058 72157 http://www.osvdb.org/72157 DSA-2415 http://www.debian.org/security/2012/dsa-2415 http://ubuntu.com/usn/usn-1148-1 [oss-security] 20120502 CVE request: libmodplugin stack-buffer overflow http://www.openwall.com/lists/oss-security/2011/05/02/1 [oss-security] 20120502 Re: CVE request: libmodplugin stack-buffer overflow http://www.openwall.com/lists/oss-security/2011/05/02/19 openSUSE-SU-2011:0551 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060520.html openSUSE-SU-2011:0943 http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.