Lucene search
This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4100.NASLHistoryJan 29, 2018 - 12:00 a.m.
Debian DSA-4100-1 : tiff - security update
2018-01-2900:00:00
This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-4100. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include("compat.inc");
if (description)
{
script_id(106414);
script_version("3.3");
script_cvs_date("Date: 2018/11/13 12:30:46");
script_cve_id("CVE-2017-11335", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-18013", "CVE-2017-9935");
script_xref(name:"DSA", value:"4100");
script_name(english:"Debian DSA-4100-1 : tiff - security update");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities have been discovered in the libtiff library
and the included tools, which may result in denial of service or the
execution of arbitrary code."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/source-package/tiff"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/jessie/tiff"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/stretch/tiff"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2018/dsa-4100"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the tiff packages.
For the oldstable distribution (jessie), these problems have been
fixed in version 4.0.3-12.3+deb8u5.
For the stable distribution (stretch), these problems have been fixed
in version 4.0.8-2+deb9u2."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tiff");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/29");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"8.0", prefix:"libtiff-doc", reference:"4.0.3-12.3+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"libtiff-opengl", reference:"4.0.3-12.3+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"libtiff-tools", reference:"4.0.3-12.3+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"libtiff5", reference:"4.0.3-12.3+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"libtiff5-dev", reference:"4.0.3-12.3+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"libtiffxx5", reference:"4.0.3-12.3+deb8u5")) flag++;
if (deb_check(release:"9.0", prefix:"libtiff-doc", reference:"4.0.8-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libtiff-opengl", reference:"4.0.8-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libtiff-tools", reference:"4.0.8-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libtiff5", reference:"4.0.8-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libtiff5-dev", reference:"4.0.8-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libtiffxx5", reference:"4.0.8-2+deb9u2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | 9.0 | cpe:/o:debian:debian_linux:9.0 |
| debian | debian_linux | tiff | p-cpe:/a:debian:debian_linux:tiff |
| debian | debian_linux | 8.0 | cpe:/o:debian:debian_linux:8.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
packages.debian.org/source/jessie/tiff
packages.debian.org/source/stretch/tiff
security-tracker.debian.org/tracker/source-package/tiff
www.debian.org/security/2018/dsa-4100
Related
openvas
openvas
Debian Security Advisory DSA 4100-1 (tiff - security update)
2018-01-27 00:00:00
Debian LTS: Security Advisory for tiff (DLA-1093-1)
2018-02-07 00:00:00
Debian LTS: Security Advisory for tiff3 (DLA-1094-1)
2018-02-07 00:00:00
osv
osv
tiff - security update
2018-01-27 00:00:00
tiff - security update
2017-09-09 00:00:00
tiff3 - security update
2017-09-09 00:00:00
debian
debian
[SECURITY] [DSA 4100-1] tiff security update
2018-01-27 16:48:31
[SECURITY] [DLA 1093-1] tiff security update
2017-09-10 02:12:22
[SECURITY] [DLA 1094-1] tiff3 security update
2017-09-10 02:14:08
nessus
nessus
Debian DLA-1093-1 : tiff security update
2017-09-11 00:00:00
freebsd
freebsd
libtiff -- Improper Input Validation
2017-08-29 00:00:00
tiff -- multiple vulnerabilities
2017-06-22 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2018-02-06 09:25:44
Updated libtiff packages fix security vulnerability
2018-04-20 20:24:13
Updated libtiff packages fix security vulnerabilities
2018-05-16 11:24:56
redhatcve
redhatcve
debiancve
debiancve
prion
prion
Heap overflow
2017-07-17 13:18:00
Authentication flaw
2017-08-29 06:29:00
Null pointer dereference
2018-01-01 08:29:00
cve
cve
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS) Through Heap Buffer Overflow
2018-05-02 07:32:25
Denial Of Service (DoS)
2023-11-06 10:53:50
Denial Of Service (DoS)
2018-05-25 08:39:54
alpinelinux
alpinelinux
fedora
fedora
[SECURITY] Fedora 28 Update: libtiff-4.0.9-9.fc28
2018-06-06 13:33:54
[SECURITY] Fedora 28 Update: libtiff-4.0.9-10.fc28
2018-06-15 15:52:15
[SECURITY] Fedora 27 Update: libtiff-4.0.9-9.fc27
2018-06-06 12:59:38
zdt
zdt
libvorbis 1.3.5 - Multiple Vulnerabilities
2017-07-31 00:00:00
cloudfoundry
cloudfoundry
USN-3606-1: LibTIFF vulnerabilities | Cloud Foundry
2018-05-02 00:00:00
USN-3602-1: LibTIFF vulnerabilities | Cloud Foundry
2018-05-02 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2018-03-26 00:00:00
LibTIFF vulnerabilities
2018-03-20 00:00:00
amazon
amazon
Low: compat-libtiff3
2019-11-04 22:04:00
Medium: libtiff
2019-10-21 18:01:00
Medium: libtiff
2019-10-08 21:06:00
photon
photon
suse
suse
Security update for tiff (moderate)
2018-06-28 15:08:17
Security update for tiff (moderate)
2018-07-14 00:09:06
Security update for tiff (moderate)
2018-12-23 00:10:13
archlinux
archlinux
[ASA-201811-18] lib32-libtiff: multiple issues
2018-11-20 00:00:00
[ASA-201811-17] libtiff: multiple issues
2018-11-20 00:00:00
Related for DEBIAN_DSA-4100.NASL