Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1385.NASLHistoryApr 15, 2020 - 12:00 a.m.
EulerOS 2.0 SP3 : giflib (EulerOS-SA-2020-1385)
2020-04-1500:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.6%
According to the version of the giflib package installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.(CVE-2019-15133)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135514);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");
script_cve_id("CVE-2019-15133");
script_name(english:"EulerOS 2.0 SP3 : giflib (EulerOS-SA-2020-1385)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the giflib package installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :
- In GIFLIB before 2019-02-16, a malformed GIF file
triggers a divide-by-zero exception in the decoder
function DGifSlurp in dgif_lib.c if the height field of
the ImageSize data structure is equal to
zero.(CVE-2019-15133)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1385
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb8fba9e");
script_set_attribute(attribute:"solution", value:
"Update the affected giflib package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15133");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:giflib");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["giflib-4.1.6-9.h3"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "giflib");
}
Related
prion
prion
Arbitrary file deletion
2019-08-17 18:15:00
cvelist
cvelist
CVE-2019-15133
2019-08-17 00:00:00
debiancve
debiancve
CVE-2019-15133
2019-08-17 18:15:10
openvas
openvas
Huawei EulerOS: Security Advisory for giflib (EulerOS-SA-2020-1385)
2020-04-16 00:00:00
Mageia: Security Advisory (MGASA-2019-0252)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for giflib (EulerOS-SA-2019-2104)
2020-01-23 00:00:00
cve
cve
CVE-2019-15133
2019-08-17 18:15:10
ubuntucve
ubuntucve
CVE-2019-15133
2019-08-17 00:00:00
nvd
nvd
CVE-2019-15133
2019-08-17 18:15:10
redhatcve
redhatcve
CVE-2019-15133
2019-11-12 07:37:35
mageia
mageia
Updated giflib packages fix security vulnerability
2019-09-07 00:09:08
debian
debian
[SECURITY] [DLA 3223-1] giflib security update
2022-12-05 12:42:34
nessus
nessus
Debian DLA-3223-1 : giflib - LTS security update
2022-12-05 00:00:00
EulerOS 2.0 SP8 : giflib (EulerOS-SA-2019-2104)
2019-11-12 00:00:00
SUSE SLES15 Security Update : giflib (SUSE-SU-2023:1970-2)
2023-04-25 00:00:00
osv
osv
giflib - security update
2022-12-05 00:00:00
suse
suse
Security update for giflib (moderate)
2022-05-06 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1842
2021-07-02 16:45:05
ubuntu
ubuntu
GIFLIB vulnerabilities
2019-08-20 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.6%
Related for EULEROS_SA-2020-1385.NASL