Detections
Analytics

Debian DSA-1764-1 : tunapie - several vulnerabilities

medium Nessus Plugin ID 36118

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in Tunapie, a GUI frontend to video and radio streams. The Common Vulnerabilities and Exposures project identifies the following problems :

 - CVE-2009-1253 Kees Cook discovered that insecure handling of temporary files may lead to local denial of service through symlink attacks.

 - CVE-2009-1254 Mike Coleman discovered that insufficient escaping of stream URLs may lead to the execution of arbitrary commands if a user is tricked into opening a malformed stream URL.

Solution

Upgrade the tunapie package.

For the old stable distribution (etch), these problems have been fixed in version 1.3.1-1+etch2. Due to a technical problem, this update cannot be released synchronously with the stable (lenny) version, but will appear soon.

For the stable distribution (lenny), these problems have been fixed in version 2.1.8-2.

See Also

https://security-tracker.debian.org/tracker/CVE-2009-1253

https://security-tracker.debian.org/tracker/CVE-2009-1254

https://www.debian.org/security/2009/dsa-1764

Plugin Details

Severity: Medium

ID: 36118

File Name: debian_DSA-1764.nasl

Version: 1.15

Type: local

Agent: unix

Published: 4/9/2009

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:tunapie, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 4/7/2009

Reference Information

CVE: CVE-2009-1253, CVE-2009-1254

CWE: 20, 59

DSA: 1764