Debian DSA-1493-2 : sdl-image1.2 - buffer overflows

2008-02-1100:00:00

www.tenable.com

Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. The Common Vulnerabilities and Exposures project identifies the following problems :

CVE-2007-6697 Gynvael Coldwind discovered a buffer overflow in GIF image parsing, which could result in denial of service and potentially the execution of arbitrary code.
CVE-2008-0544 It was discovered that a buffer overflow in IFF ILBM image parsing could result in denial of service and potentially the execution of arbitrary code.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1493. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(30232);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2007-6697", "CVE-2008-0544");
  script_bugtraq_id(27417);
  script_xref(name:"DSA", value:"1493");

  script_name(english:"Debian DSA-1493-2 : sdl-image1.2 - buffer overflows");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local/remote vulnerabilities have been discovered in the image
loading library for the Simple DirectMedia Layer 1.2. The Common
Vulnerabilities and Exposures project identifies the following
problems :

  - CVE-2007-6697
    Gynvael Coldwind discovered a buffer overflow in GIF
    image parsing, which could result in denial of service
    and potentially the execution of arbitrary code.

  - CVE-2008-0544
    It was discovered that a buffer overflow in IFF ILBM
    image parsing could result in denial of service and
    potentially the execution of arbitrary code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-6697"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2008-0544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2008/dsa-1493"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the sdl-image1.2 packages.

For the old stable distribution (sarge), these problems have been
fixed in version 1.2.4-1etch1. Due to a copy & paste error 'etch1' was
appended to the version number instead of 'sarge1'. Since the update
is otherwise technically correct, the update was not rebuilt on the
buildd network.

For the stable distribution (etch), these problems have been fixed in
version 1.2.5-2+etch1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sdl-image1.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"libsdl-image1.2", reference:"1.2.4-1etch1")) flag++;
if (deb_check(release:"3.1", prefix:"libsdl-image1.2-dev", reference:"1.2.4-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libsdl-image1.2", reference:"1.2.5-2+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libsdl-image1.2-dev", reference:"1.2.5-2+etch1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxsdl-image1.2p-cpe:/a:debian:debian_linux:sdl-image1.2
debiandebian_linux3.1cpe:/o:debian:debian_linux:3.1
debiandebian_linux4.0cpe:/o:debian:debian_linux:4.0

Vendor	Product	Version	CPE
debian	debian_linux	sdl-image1.2	p-cpe:/a:debian:debian_linux:sdl-image1.2
debian	debian_linux	3.1	cpe:/o:debian:debian_linux:3.1
debian	debian_linux	4.0	cpe:/o:debian:debian_linux:4.0