The remote host is affected by the vulnerability described in GLSA-201203-16 (ModPlug: User-assisted execution of arbitrary code)

    Multiple vulnerabilities have been found in ModPlug:
      The ReadS3M method in load_s3m.cpp fails to validate user-supplied         information, which could cause a stack-based buffer overflow         (CVE-2011-1574).
      The 'CSoundFile::ReadWav()' function in load_wav.cpp contains an         integer overflow which could cause a heap-based buffer overflow         (CVE-2011-2911).
      The 'CSoundFile::ReadS3M()' function in load_s3m.cpp contains         multiple boundary errors which could cause a stack-based buffer         overflow (CVE-2011-2912).
      The 'CSoundFile::ReadAMS()' function in load_ams.cpp contains an         off-by-one error which could cause memory corruption (CVE-2011-2913).
      The 'CSoundFile::ReadDSM()' function in load_dms.cpp contains an         off-by-one error which could cause memory corruption (CVE-2011-2914).
      The 'CSoundFile::ReadAMS2()' function in load_ams.cpp contains an         off-by-one error which could cause memory corruption (CVE-2011-2915).
  Impact :

    A remote attacker could entice a user to open a specially crafted media       file, possibly resulting in execution of arbitrary code, or a Denial of       Service condition.
  Workaround :

    There is no known workaround at this time.

Libmodplug is vulnerable to a stack based buffer overflow when handling malicious S3M media files. CVE-2011-1574 has been assigned to this issue.

It was discovered that libmodplug did not correctly handle certain malformed S3M media files. If a user or automated system were tricked into opening a crafted S3M file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-1574)

It was discovered that libmodplug did not correctly handle certain malformed ABC media files. If a user or automated system were tricked into opening a crafted ABC file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-1761)

The default compiler options for affected releases should reduce the vulnerability to a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been found and corrected in libmodplug :

Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file (CVE-2011-1574).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct this issue.

Update to upstream version 0.8.8.2 (CVE-2011-1574).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574)

All applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.

Updated gstreamer-plugins packages that fix two security issues are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats.

An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574)

All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.

M. Lucinskij and P. Tumenas discovered a buffer overflow in the code for processing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code.

From Red Hat Security Advisory 2011:0477 :

Updated gstreamer-plugins packages that fix two security issues are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats.

An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574)

All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect.

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0477 advisory.

  - libmodplug: Integer overflow when reading samples of AMF files (CVE-2006-4192)

  - libmodplug: ReadS3M stack overflow vulnerability (CVE-2011-1574)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
58381	GLSA-201203-16 : ModPlug: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	3/19/2012	1/6/2021	medium
53747	openSUSE Security Update : libmodplug (openSUSE-SU-2011:0350-1)	Nessus	SuSE Local Security Checks	5/5/2011	1/14/2021	medium
55114	Ubuntu 10.04 LTS / 10.10 / 11.04 : libmodplug vulnerabilities (USN-1148-1)	Nessus	Ubuntu Local Security Checks	6/14/2011	9/19/2019	medium
75900	openSUSE Security Update : libmodplug (openSUSE-SU-2011:0350-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/14/2021	medium
53909	Mandriva Linux Security Advisory : libmodplug (MDVSA-2011:085)	Nessus	Mandriva Local Security Checks	5/16/2011	1/6/2021	medium
53464	Fedora 14 : libmodplug-0.8.8.2-1.fc14 (2011-5204)	Nessus	Fedora Local Security Checks	4/18/2011	1/11/2021	medium
61030	Scientific Linux Security Update : gstreamer-plugins on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
53642	CentOS 4 : gstreamer-plugins (CESA-2011:0477)	Nessus	CentOS Local Security Checks	5/5/2011	1/4/2021	medium
53559	Debian DSA-2226-1 : libmodplug - buffer overflow	Nessus	Debian Local Security Checks	4/27/2011	1/4/2021	medium
68266	Oracle Linux 4 : gstreamer-plugins (ELSA-2011-0477)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	medium
53630	RHEL 4 : gstreamer-plugins (RHSA-2011:0477)	Nessus	Red Hat Local Security Checks	5/3/2011	4/21/2024	high
75584	openSUSE Security Update : libmodplug (openSUSE-SU-2011:0350-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/14/2021	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high

medium