Lucene search

K
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2019-1350.NASL
HistoryNov 07, 2019 - 12:00 a.m.

Amazon Linux 2 : libjpeg-turbo (ALAS-2019-1350)

2019-11-0700:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
57

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616)

A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.

CVE-2018-11212)

An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213)

An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214)

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813)

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1350.
#

include('compat.inc');

if (description)
{
  script_id(130602);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/15");

  script_cve_id(
    "CVE-2016-3616",
    "CVE-2018-11212",
    "CVE-2018-11213",
    "CVE-2018-11214",
    "CVE-2018-11813",
    "CVE-2018-14498"
  );
  script_xref(name:"ALAS", value:"2019-1350");

  script_name(english:"Amazon Linux 2 : libjpeg-turbo (ALAS-2019-1350)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The cjpeg utility in libjpeg allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) or execute
arbitrary code via a crafted file.(CVE-2016-3616)

A divide by zero vulnerability has been discovered in libjpeg-turbo in
alloc_sarray function of jmemmgr.c file. An attacker could use this
vulnerability to cause a denial of service via a crafted file.

CVE-2018-11212)

An out-of-bound read vulnerability has been discovered in
libjpeg-turbo when reading one row of pixels of a PGM file. An
attacker could use this flaw to crash the application and cause a
denial of service.(CVE-2018-11213)

An out-of-bounds read vulnerability has been discovered in
libjpeg-turbo when reading one row of pixels of a PPM file. An
attacker could use this flaw to crash the application and cause a
denial of service.(CVE-2018-11214)

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles
EOF.(CVE-2018-11813)

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted
8-bit BMP in which one or more of the color indices is out of range
for the number of palette entries.(CVE-2018-14498)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1350.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update libjpeg-turbo' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3616");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libjpeg-turbo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libjpeg-turbo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libjpeg-turbo-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libjpeg-turbo-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libjpeg-turbo-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:turbojpeg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:turbojpeg-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"libjpeg-turbo-1.2.90-6.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"libjpeg-turbo-debuginfo-1.2.90-6.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"libjpeg-turbo-devel-1.2.90-6.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"libjpeg-turbo-static-1.2.90-6.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"libjpeg-turbo-utils-1.2.90-6.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"turbojpeg-1.2.90-6.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"turbojpeg-devel-1.2.90-6.amzn2.0.3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo / libjpeg-turbo-debuginfo / libjpeg-turbo-devel / etc");
}
VendorProductVersionCPE
amazonlinuxlibjpeg-turbop-cpe:/a:amazon:linux:libjpeg-turbo
amazonlinuxlibjpeg-turbo-debuginfop-cpe:/a:amazon:linux:libjpeg-turbo-debuginfo
amazonlinuxlibjpeg-turbo-develp-cpe:/a:amazon:linux:libjpeg-turbo-devel
amazonlinuxlibjpeg-turbo-staticp-cpe:/a:amazon:linux:libjpeg-turbo-static
amazonlinuxlibjpeg-turbo-utilsp-cpe:/a:amazon:linux:libjpeg-turbo-utils
amazonlinuxturbojpegp-cpe:/a:amazon:linux:turbojpeg
amazonlinuxturbojpeg-develp-cpe:/a:amazon:linux:turbojpeg-devel
amazonlinux2cpe:/o:amazon:linux:2

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%