GLSA-200804-17 : Speex: User-assisted execution of arbitrary code

high Nessus Plugin ID 32010

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200804-17 (Speex: User-assisted execution of arbitrary code)

oCERT reported that the Speex library does not properly validate the 'mode' value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player applications. Within Gentoo, xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins, vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found to be vulnerable.
Impact :

A remote attacker could entice a user to open a specially crafted Speex file or network stream with an application listed above. This might lead to the execution of arbitrary code with privileges of the user playing the file.
Workaround :

There is no known workaround at this time.

Solution

All Speex users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/speex-1.2_beta3_p2'

See Also

https://security.gentoo.org/glsa/200804-17

Plugin Details

Severity: High

ID: 32010

File Name: gentoo_GLSA-200804-17.nasl

Version: 1.17

Type: local

Published: 4/22/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:speex, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2008

Reference Information

CVE: CVE-2008-1686

BID: 28665

CWE: 189

GLSA: 200804-17