Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2023-2212.NASL
HistoryAug 23, 2023 - 12:00 a.m.

Amazon Linux 2 : libtiff (ALAS-2023-2212)

2023-08-2300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2212 advisory.

  • LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3627)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2023-2212.
##

include('compat.inc');

if (description)
{
  script_id(180077);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/06");

  script_cve_id(
    "CVE-2022-2520",
    "CVE-2022-2868",
    "CVE-2022-2953",
    "CVE-2022-3597",
    "CVE-2022-3626",
    "CVE-2022-3627"
  );

  script_name(english:"Amazon Linux 2 : libtiff (ALAS-2023-2212)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability
as referenced in the ALAS2-2023-2212 advisory.

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from
    extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted
    tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3627)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2023-2212.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-2520.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-2868.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-2953.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3597.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3626.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3627.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update libtiff' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3627");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'libtiff-4.0.3-35.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-4.0.3-35.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-4.0.3-35.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-debuginfo-4.0.3-35.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-debuginfo-4.0.3-35.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-debuginfo-4.0.3-35.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-devel-4.0.3-35.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-devel-4.0.3-35.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-devel-4.0.3-35.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-static-4.0.3-35.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-static-4.0.3-35.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-static-4.0.3-35.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-tools-4.0.3-35.amzn2.0.9', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-tools-4.0.3-35.amzn2.0.9', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-tools-4.0.3-35.amzn2.0.9', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-devel / etc");
}
VendorProductVersionCPE
amazonlinux2cpe:/o:amazon:linux:2
amazonlinuxlibtiff-debuginfop-cpe:/a:amazon:linux:libtiff-debuginfo
amazonlinuxlibtiff-develp-cpe:/a:amazon:linux:libtiff-devel
amazonlinuxlibtiff-staticp-cpe:/a:amazon:linux:libtiff-static
amazonlinuxlibtiff-toolsp-cpe:/a:amazon:linux:libtiff-tools
amazonlinuxlibtiffp-cpe:/a:amazon:linux:libtiff

Related

amazon 3
nessus 53
openvas 35
photon 7
ubuntu 2
osv 16
mageia 2
cloudfoundry 1
ibm 2
ubuntucve 8
redhatcve 6
alpinelinux 6
debiancve 6
prion 6
cnvd 6
cve 6
veracode 6
altlinux 1
cbl_mariner 10
rocky 2
oraclelinux 4
almalinux 4
redhat 4
debian 2
suse 1
amazon
amazon
Medium: libtiff
2023-08-17 11:58:00
Medium: libtiff
2023-08-17 11:58:00
Important: libtiff
2022-10-31 19:40:00
nessus
nessus
EulerOS 2.0 SP5 : libtiff (EulerOS-SA-2023-1509)
2023-03-08 00:00:00
Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2023-067)
2023-03-21 00:00:00
SUSE SLES12 Security Update : tiff (SUSE-SU-2022:4248-1)
2022-11-29 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-1509)
2023-03-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4259-1)
2022-11-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4248-1)
2022-11-29 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-0307
2023-01-04 00:00:00
Moderate Photon OS Security Update - PHSA-2023-0516
2023-01-14 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0516
2023-01-14 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-11-08 00:00:00
LibTIFF vulnerabilities
2022-09-08 00:00:00
osv
osv
tiff vulnerabilities
2022-11-08 08:13:42
CVE-2022-2520
2022-08-31 16:15:11
CVE-2022-2953
2022-08-29 15:15:10
mageia
mageia
Updated libtiff packages fix security vulnerability
2022-11-13 05:25:20
Updated libtiff packages fix security vulnerability
2022-09-16 22:39:55
cloudfoundry
cloudfoundry
USN-5714-1: LibTIFF vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2023-05-02 20:42:17
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2023-06-28 20:55:31
ubuntucve
ubuntucve
CVE-2022-2520
2022-08-31 00:00:00
CVE-2022-3626
2022-10-21 00:00:00
CVE-2022-3597
2022-10-21 00:00:00
redhatcve
redhatcve
CVE-2022-2520
2022-08-30 20:15:43
CVE-2022-2953
2022-10-13 15:30:21
CVE-2022-3626
2022-11-15 06:56:12
alpinelinux
alpinelinux
CVE-2022-2520
2022-08-31 16:15:00
CVE-2022-2953
2022-08-29 15:15:00
CVE-2022-3626
2022-10-21 16:15:00
debiancve
debiancve
CVE-2022-2520
2022-08-31 16:15:00
CVE-2022-3626
2022-10-21 16:15:00
CVE-2022-2868
2022-08-17 22:15:00
prion
prion
Input validation
2022-08-31 16:15:00
Out-of-bounds
2022-08-29 15:15:00
Out-of-bounds
2022-10-21 16:15:00
cnvd
cnvd
Denial of Service vulnerability in the rotateImage function in LibTIFF tiffcrop.c:8621
2022-09-02 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72092)
2022-10-25 00:00:00
LibTIFF input validation error vulnerability
2022-08-18 00:00:00
cve
cve
CVE-2022-2520
2022-08-31 16:15:00
CVE-2022-3597
2022-10-21 16:15:00
CVE-2022-2953
2022-08-29 15:15:00
veracode
veracode
Denial Of Service (DoS)
2022-09-01 05:51:24
Denial Of Service (DoS)
2022-10-23 21:26:54
Denial Of Service (DoS)
2022-08-18 08:58:31
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.4.0-alt2
2022-12-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-2953 affecting package libtiff 4.4.0-2
2022-10-13 00:40:13
CVE-2022-3626 affecting package libtiff 4.4.0-4
2022-11-24 00:45:37
CVE-2022-3597 affecting package libtiff 4.4.0-5
2022-11-30 04:44:03
rocky
rocky
libtiff security update
2023-01-12 08:25:25
libtiff security update
2023-01-23 14:29:57
oraclelinux
oraclelinux
libtiff security update
2023-01-12 00:00:00
libtiff security update
2023-05-15 00:00:00
libtiff security update
2023-01-24 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-01-12 00:00:00
Moderate: libtiff security update
2023-05-09 00:00:00
Moderate: libtiff security update
2023-01-23 00:00:00
redhat
redhat
(RHSA-2023:0095) Moderate: libtiff security update
2023-01-12 08:25:25
(RHSA-2023:2340) Moderate: libtiff security update
2023-05-09 05:07:52
(RHSA-2023:0302) Moderate: libtiff security update
2023-01-23 14:29:57
debian
debian
[SECURITY] [DSA 5333-1] tiff security update
2023-01-29 12:55:02
[SECURITY] [DLA 3278-1] tiff security update
2023-01-20 22:37:38
suse
suse
Security update for tiff (important)
2022-10-21 00:00:00
JSON
Related for AL2_ALAS-2023-2212.NASL
amazon3nessus53openvas35photon7ubuntu2osv16mageia2cloudfoundry1ibm2ubuntucve8redhatcve6alpinelinux6debiancve6prion6cnvd6cve6veracode6altlinux1cbl_mariner10rocky2oraclelinux4almalinux4redhat4debian2suse1