Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2559.NASL
HistoryOct 18, 2012 - 12:00 a.m.

Debian DSA-2559-1 : libexif - several vulnerabilities

2012-10-1800:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

Several vulnerabilities were found in libexif, a library used to parse EXIF meta-data on camera files.

  • CVE-2012-2812 :
    A heap-based out-of-bounds array read in the exif_entry_get_value function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.

  • CVE-2012-2813 :
    A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.

  • CVE-2012-2814 :
    A buffer overflow in the exif_entry_format_value function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags.

  • CVE-2012-2836 :
    A heap-based out-of-bounds array read in the exif_data_load_data function allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags.

  • CVE-2012-2837 :
    A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags allows remote attackers to cause a denial of service via an image with crafted EXIF tags.

  • CVE-2012-2840 :
    An off-by-one error in the exif_convert_utf16_to_utf8 function allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags.

  • CVE-2012-2841 :
    An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2559. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(62599);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2012-2812", "CVE-2012-2813", "CVE-2012-2814", "CVE-2012-2836", "CVE-2012-2837", "CVE-2012-2840", "CVE-2012-2841");
  script_bugtraq_id(54437);
  script_xref(name:"DSA", value:"2559");

  script_name(english:"Debian DSA-2559-1 : libexif - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were found in libexif, a library used to parse
EXIF meta-data on camera files.

  - CVE-2012-2812 :
    A heap-based out-of-bounds array read in the
    exif_entry_get_value function allows remote attackers to
    cause a denial of service or possibly obtain potentially
    sensitive information from process memory via an image
    with crafted EXIF tags.

  - CVE-2012-2813 :
    A heap-based out-of-bounds array read in the
    exif_convert_utf16_to_utf8 function allows remote
    attackers to cause a denial of service or possibly
    obtain potentially sensitive information from process
    memory via an image with crafted EXIF tags.

  - CVE-2012-2814 :
    A buffer overflow in the exif_entry_format_value
    function allows remote attackers to cause a denial of
    service or possibly execute arbitrary code via an image
    with crafted EXIF tags.

  - CVE-2012-2836 :
    A heap-based out-of-bounds array read in the
    exif_data_load_data function allows remote attackers to
    cause a denial of service or possibly obtain potentially
    sensitive information from process memory via an image
    with crafted EXIF tags.

  - CVE-2012-2837 :
    A divide-by-zero error in the
    mnote_olympus_entry_get_value function while formatting
    EXIF maker note tags allows remote attackers to cause a
    denial of service via an image with crafted EXIF tags.

  - CVE-2012-2840 :
    An off-by-one error in the exif_convert_utf16_to_utf8
    function allows remote attackers to cause a denial of
    service or possibly execute arbitrary code via an image
    with crafted EXIF tags.

  - CVE-2012-2841 :
    An integer underflow in the exif_entry_get_value
    function can cause a heap overflow and potentially
    arbitrary code execution while formatting an EXIF tag,
    if the function is called with a buffer size parameter
    equal to zero or one."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681454"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2812"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2814"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2836"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2837"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2840"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/libexif"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2012/dsa-2559"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the libexif packages.

For the stable distribution (squeeze), these problems have been fixed
in version 0.6.19-1+squeeze1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libexif");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"libexif-dev", reference:"0.6.19-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"libexif12", reference:"0.6.19-1+squeeze1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlibexifp-cpe:/a:debian:debian_linux:libexif
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

References

Related

oraclelinux 1
nessus 17
openvas 21
securityvulns 3
amazon 1
debian 1
veracode 7
suse 2
redhat 1
centos 1
osv 8
fedora 2
ubuntu 1
gentoo 1
freebsd 1
altlinux 1
slackware 1
alpinelinux 7
prion 7
cve 7
ubuntucve 7
debiancve 7
oraclelinux
oraclelinux
libexif security update
2012-09-11 00:00:00
nessus
nessus
Oracle Linux 5 / 6 : libexif (ELSA-2012-1255)
2013-07-12 00:00:00
Mandriva Linux Security Advisory : libexif (MDVSA-2013:035)
2013-04-20 00:00:00
Scientific Linux Security Update : libexif on SL5.x, SL6.x i386/x86_64 (20120911)
2012-09-12 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2012-1255
2015-10-06 00:00:00
RedHat Update for libexif RHSA-2012:1255-01
2012-09-17 00:00:00
CentOS Update for libexif CESA-2012:1255 centos6
2012-09-17 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:106 ] libexif
2012-07-16 00:00:00
libexif project security advisory July 12, 2012
2012-07-23 00:00:00
libexif / exif multiple security vulnerabilities
2012-07-23 00:00:00
amazon
amazon
Medium: libexif
2012-09-22 21:36:00
debian
debian
[SECURITY] [DSA 2559-1] libexif security update
2012-10-17 18:45:06
veracode
veracode
Arbitrary Code Execution And Denial Of Service (DoS)
2019-05-02 04:43:08
Heap-Based Buffer Overflow
2019-05-02 04:43:08
Denial Of Service (DoS)
2019-05-02 04:43:08
suse
suse
Security update for libexif (important)
2012-07-23 19:08:44
Security update for libexif (important)
2012-07-23 19:08:42
redhat
redhat
(RHSA-2012:1255) Moderate: libexif security update
2012-09-11 00:00:00
centos
centos
libexif security update
2012-09-11 18:50:44
osv
osv
libexif - several
2012-10-11 00:00:00
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2837
2012-07-13 10:34:00
fedora
fedora
[SECURITY] Fedora 17 Update: libexif-0.6.21-2.fc17
2013-02-08 02:34:57
[SECURITY] Fedora 16 Update: libexif-0.6.21-2.fc16
2013-02-08 02:14:42
ubuntu
ubuntu
libexif vulnerabilities
2012-07-23 00:00:00
gentoo
gentoo
libexif, exif: Multiple vulnerabilities
2014-01-19 00:00:00
freebsd
freebsd
libexif -- multiple remote vulnerabilities
2012-07-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package libexif version 0.6.21-alt1
2012-10-27 00:00:00
slackware
slackware
[slackware-security] libexif
2012-07-18 17:04:40
alpinelinux
alpinelinux
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
prion
prion
Code injection
2012-07-13 10:34:00
Design/Logic Flaw
2012-07-13 10:34:00
Heap overflow
2012-07-13 10:34:00
cve
cve
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
ubuntucve
ubuntucve
CVE-2012-2836
2012-07-13 00:00:00
CVE-2012-2840
2012-07-13 00:00:00
CVE-2012-2841
2012-07-13 00:00:00
debiancve
debiancve
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2837
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
JSON
Related for DEBIAN_DSA-2559.NASL
oraclelinux1nessus17openvas21securityvulns3amazon1debian1veracode7suse2redhat1centos1osv8fedora2ubuntu1gentoo1freebsd1altlinux1slackware1alpinelinux7prion7cve7ubuntucve7debiancve7