Detections
Analytics

Debian DSA-4026-1 : bchunk - security update

medium Nessus Plugin ID 104482

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

Solution

Upgrade the bchunk packages.

For the oldstable distribution (jessie), these problems have been fixed in version 1.2.0-12+deb8u1.

For the stable distribution (stretch), these problems have been fixed in version 1.2.0-12+deb9u1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116

https://packages.debian.org/source/jessie/bchunk

https://packages.debian.org/source/stretch/bchunk

https://www.debian.org/security/2017/dsa-4026

Plugin Details

Severity: Medium

ID: 104482

File Name: debian_DSA-4026.nasl

Version: 3.5

Type: local

Agent: unix

Published: 11/10/2017

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:bchunk, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 11/9/2017

Reference Information

CVE: CVE-2017-15953, CVE-2017-15954, CVE-2017-15955

DSA: 4026