Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-2133.NASL
HistoryNov 12, 2019 - 12:00 a.m.

EulerOS 2.0 SP5 : compat-libtiff3 (EulerOS-SA-2019-2133)

2019-11-1200:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9

7.1 High

AI Score

Confidence

High

JSON

According to the version of the compat-libtiff3 package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  • A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)(CVE-2018-7456)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(130842);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/12");

  script_cve_id("CVE-2018-7456");

  script_name(english:"EulerOS 2.0 SP5 : compat-libtiff3 (EulerOS-SA-2019-2133)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the compat-libtiff3 package installed,
the EulerOS installation on the remote host is affected by the
following vulnerability :

  - A NULL Pointer Dereference occurs in the function
    TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when
    using the tiffinfo tool to print crafted TIFF
    information, a different vulnerability than
    CVE-2017-18013. (This affects an earlier part of the
    TIFFPrintDirectory function that was not addressed by
    the CVE-2017-18013 patch.)(CVE-2018-7456)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2133
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc312111");
  script_set_attribute(attribute:"solution", value:
"Update the affected compat-libtiff3 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7456");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:compat-libtiff3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["compat-libtiff3-3.9.4-11.h21.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-libtiff3");
}
VendorProductVersionCPE
huaweieuleroscompat-libtiff3p-cpe:/a:huawei:euleros:compat-libtiff3
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

redhatcve 2
osv 9
debiancve 2
nessus 51
openvas 34
cve 2
amazon 3
prion 2
ubuntucve 2
mageia 2
alpinelinux 2
fedora 9
veracode 2
debian 7
suse 2
oraclelinux 2
redhat 2
centos 2
freebsd 1
photon 4
archlinux 1
f5 1
slackware 1
ubuntu 3
cloudfoundry 3
ibm 2
redhatcve
redhatcve
CVE-2018-7456
2020-01-29 16:07:10
CVE-2017-18013
2018-01-03 04:19:43
osv
osv
CVE-2018-7456
2018-02-24 06:29:00
tiff - security update
2018-01-27 00:00:00
tiff3 - security update
2018-01-27 00:00:00
debiancve
debiancve
CVE-2018-7456
2018-02-24 06:29:00
CVE-2017-18013
2018-01-01 08:29:00
nessus
nessus
Oracle Linux 7 : compat-libtiff3 (ELSA-2019-2051)
2023-09-07 00:00:00
EulerOS 2.0 SP3 : compat-libtiff3 (EulerOS-SA-2019-2244)
2019-11-08 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : compat-libtiff3 Vulnerability (NS-SA-2019-0238)
2019-12-31 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for compat-libtiff3 (EulerOS-SA-2019-2244)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2018-0208)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for compat-libtiff3 (EulerOS-SA-2019-2133)
2020-01-23 00:00:00
cve
cve
CVE-2018-7456
2018-02-24 06:29:00
CVE-2017-18013
2018-01-01 08:29:00
amazon
amazon
Low: compat-libtiff3
2019-11-04 22:04:00
Medium: libtiff
2019-10-08 21:06:00
Medium: libtiff
2019-10-21 18:01:00
prion
prion
Null pointer dereference
2018-02-24 06:29:00
Null pointer dereference
2018-01-01 08:29:00
ubuntucve
ubuntucve
CVE-2018-7456
2018-02-24 00:00:00
CVE-2017-18013
2018-01-01 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2018-04-20 20:24:13
Updated libtiff packages fix security vulnerability
2018-02-06 09:25:44
alpinelinux
alpinelinux
CVE-2018-7456
2018-02-24 06:29:00
CVE-2017-18013
2018-01-01 08:29:00
fedora
fedora
[SECURITY] Fedora 28 Update: libtiff-4.0.9-9.fc28
2018-06-06 13:33:54
[SECURITY] Fedora 28 Update: libtiff-4.0.9-8.fc28
2018-04-27 04:18:01
[SECURITY] Fedora 28 Update: libtiff-4.0.9-10.fc28
2018-06-15 15:52:15
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:21:27
Denial Of Service (DoS) Through NULL Pointer Dereference
2018-04-12 16:38:53
debian
debian
[SECURITY] [DLA 1260-1] tiff3 security update
2018-01-27 20:12:34
[SECURITY] [DLA 1259-1] tiff security update
2018-01-27 20:12:11
[SECURITY] [DLA 1347-1] tiff3 security update
2018-04-16 02:36:28
suse
suse
Security update for tiff (moderate)
2018-07-14 00:09:06
Security update for tiff (moderate)
2018-06-28 15:08:17
oraclelinux
oraclelinux
compat-libtiff3 security update
2019-08-13 00:00:00
libtiff security update
2019-08-13 00:00:00
redhat
redhat
(RHSA-2019:2051) Low: compat-libtiff3 security update
2019-08-06 07:55:44
(RHSA-2019:2053) Moderate: libtiff security update
2019-08-06 07:56:00
centos
centos
compat security update
2019-08-30 02:37:42
libtiff security update
2019-08-30 03:31:24
freebsd
freebsd
tiff -- multiple vulnerabilities
2017-06-22 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0048
2018-05-21 00:00:00
Important Photon OS Security Update - PHSA-2018-0048
2018-05-21 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0013
2018-01-23 00:00:00
archlinux
archlinux
[ASA-201811-18] lib32-libtiff: multiple issues
2018-11-20 00:00:00
f5
f5
K04185528 : LibTIFF vulnerabilities CVE-2016-3186 CVE-2018-10779 CVE-2018-10963 CVE-2018-12900 CVE-2018-17100 CVE-2018-17101 CVE-2018-18661 CVE-2018-7456 CVE-2018-8905
2022-02-17 00:00:00
slackware
slackware
[slackware-security] libtiff
2018-11-13 05:52:20
ubuntu
ubuntu
LibTIFF vulnerabilities
2019-01-22 00:00:00
LibTIFF vulnerabilities
2018-03-26 00:00:00
LibTIFF vulnerabilities
2018-03-20 00:00:00
cloudfoundry
cloudfoundry
USN-3864-1: LibTIFF vulnerabilities | Cloud Foundry
2019-01-24 00:00:00
USN-3606-1: LibTIFF vulnerabilities | Cloud Foundry
2018-05-02 00:00:00
USN-3602-1: LibTIFF vulnerabilities | Cloud Foundry
2018-05-02 00:00:00
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF
2023-12-07 22:45:03
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-v
2019-04-18 16:40:01

7.1 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2019-2133.NASL
redhatcve2osv9debiancve2nessus51openvas34cve2amazon3prion2ubuntucve2mageia2alpinelinux2fedora9veracode2debian7suse2oraclelinux2redhat2centos2freebsd1photon4archlinux1f51slackware1ubuntu3cloudfoundry3ibm2