Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL59503294.NASL
HistoryMay 24, 2016 - 12:00 a.m.

F5 Networks BIG-IP : libjpeg vulnerability (K59503294)

2016-05-2400:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. (CVE-2013-6629)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K59503294.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(91303);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");

  script_cve_id("CVE-2013-6629");
  script_bugtraq_id(63676);

  script_name(english:"F5 Networks BIG-IP : libjpeg vulnerability (K59503294)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The get_sos function in jdmarker.c in (1) libjpeg 6b and (2)
libjpeg-turbo through 1.3.0, as used in Google Chrome before
31.0.1650.48, Ghostscript, and other products, does not check for
certain duplications of component data during the reading of segments
that follow Start Of Scan (SOS) JPEG markers, which allows remote
attackers to obtain sensitive information from uninitialized memory
locations via a crafted JPEG image. (CVE-2013-6629)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K59503294"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K59503294."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "K59503294";
vmatrix = make_array();

# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected"  ] = make_list("12.0.0","11.3.0-11.6.1");
vmatrix["AFM"]["unaffected"] = make_list("12.1.0");

# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected"  ] = make_list("12.0.0","11.4.0-11.6.1");
vmatrix["AM"]["unaffected"] = make_list("12.1.0");

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1","10.1.0-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("12.1.0");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1","10.1.0-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("12.1.0");

# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1");
vmatrix["AVR"]["unaffected"] = make_list("12.1.0");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1","10.1.0-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("12.1.0");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1","10.1.0-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("12.1.0");

# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected"  ] = make_list("12.0.0","11.3.0-11.6.1");
vmatrix["PEM"]["unaffected"] = make_list("12.1.0");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
VendorProductVersionCPE
f5big-ip_access_policy_managercpe:/a:f5:big-ip_access_policy_manager
f5big-ip_advanced_firewall_managercpe:/a:f5:big-ip_advanced_firewall_manager
f5big-ip_application_acceleration_managercpe:/a:f5:big-ip_application_acceleration_manager
f5big-ip_application_security_managercpe:/a:f5:big-ip_application_security_manager
f5big-ip_application_visibility_and_reportingcpe:/a:f5:big-ip_application_visibility_and_reporting
f5big-ip_global_traffic_managercpe:/a:f5:big-ip_global_traffic_manager
f5big-ip_link_controllercpe:/a:f5:big-ip_link_controller
f5big-ip_local_traffic_managercpe:/a:f5:big-ip_local_traffic_manager
f5big-ip_policy_enforcement_managercpe:/a:f5:big-ip_policy_enforcement_manager
f5big-ip_wan_optimization_managercpe:/a:f5:big-ip_wan_optimization_manager
Rows per page:
1-10 of 131

Related

mscve 1
nessus 61
openvas 46
mskb 10
veracode 24
oraclelinux 2
ubuntucve 1
prion 1
centos 2
cve 1
f5 2
symantec 1
debiancve 1
slackware 1
kaspersky 3
redhat 5
fedora 6
ubuntu 3
amazon 1
mageia 2
mozilla 1
securityvulns 6
gentoo 1
ibm 7
freebsd 2
chrome 1
threatpost 1
osv 1
suse 3
debian 2
mscve
mscve
libjpeg Information Disclosure Vulnerability
2017-04-11 07:00:00
nessus
nessus
KB4017094: Security Update for the libjpeg Information Disclosure Vulnerability for Microsoft Silverlight 5 (April 2017)
2017-04-11 00:00:00
Scientific Linux Security Update : libjpeg on SL5.x i386/x86_64 (20131210)
2013-12-11 00:00:00
KB4015383: Security Updates for the libjpeg Information Disclosure Vulnerability (April 2017)
2017-04-12 00:00:00
openvas
openvas
Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4014794)
2017-04-12 00:00:00
Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4015383)
2017-04-12 00:00:00
CentOS Update for libjpeg CESA-2013:1804 centos5
2013-12-17 00:00:00
mskb
mskb
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
Security update 2017-04-11
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
veracode
veracode
Information Disclosure
2019-01-15 08:53:01
Sensitive Information Disclosure
2019-05-02 05:00:31
Information Disclosure
2019-05-02 04:58:07
oraclelinux
oraclelinux
libjpeg security update
2013-12-09 00:00:00
libjpeg-turbo security update
2013-12-09 00:00:00
ubuntucve
ubuntucve
CVE-2013-6629
2013-11-18 00:00:00
prion
prion
Design/Logic Flaw
2013-11-19 04:50:00
centos
centos
libjpeg security update
2013-12-10 00:47:48
libjpeg security update
2013-12-10 01:01:49
cve
cve
CVE-2013-6629
2013-11-19 04:50:00
f5
f5
K59503294 : libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
SOL59503294 - libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
symantec
symantec
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
2013-11-12 00:00:00
debiancve
debiancve
CVE-2013-6629
2013-11-19 04:50:00
slackware
slackware
[slackware-security] libjpeg
2013-12-17 03:49:12
kaspersky
kaspersky
KLA11061 Information disclosure vulnerability in Microsoft Windows
2017-04-11 00:00:00
KLA11059 Multiple vulnerabilities in Microsoft Windows
2017-04-11 00:00:00
KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)
2017-04-11 00:00:00
redhat
redhat
(RHSA-2013:1804) Moderate: libjpeg security update
2013-12-09 00:00:00
(RHSA-2013:1803) Moderate: libjpeg-turbo security update
2013-12-09 00:00:00
(RHSA-2014:0041) Important: rhev-hypervisor6 security update
2014-01-21 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-libjpeg-turbo-1.3.1-1.fc20
2014-06-10 03:09:55
[SECURITY] Fedora 19 Update: libjpeg-turbo-1.2.90-3.fc19
2014-01-10 07:56:56
[SECURITY] Fedora 19 Update: mingw-libjpeg-turbo-1.3.1-1.fc19
2014-06-10 03:13:25
ubuntu
ubuntu
libjpeg, libjpeg-turbo vulnerabilities
2013-12-19 00:00:00
Thunderbird vulnerabilities
2013-12-11 00:00:00
Firefox vulnerabilities
2013-12-11 00:00:00
amazon
amazon
Medium: libjpeg-turbo
2013-12-17 21:32:00
mageia
mageia
Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
2013-11-21 00:31:46
Updated chromium-browser-stable packages fix multiple vulnerabilities
2013-11-13 23:09:45
mozilla
mozilla
JPEG information leak — Mozilla
2013-12-10 00:00:00
securityvulns
securityvulns
bugs in IJG jpeg6b & libjpeg-turbo
2013-12-09 00:00:00
libjpeg multiple security vulnerabilities
2013-12-09 00:00:00
[ MDVSA-2013:274 ] libjpeg
2013-11-26 00:00:00
gentoo
gentoo
libjpeg-turbo: Multiple vulnerabilities
2016-06-05 00:00:00
ibm
ibm
Security Bulletin: Security vulnerability in IBM Jazz Team Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-2421, CVE-2013-6954, CVE-2013-6629, CVE-2014-0411, CVE-2014-0416)
2021-04-28 18:35:50
Security Bulletin: SiteProtector System can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2013-6954, CVE-2013-6629, CVE-2014-2421, CVE-2014-0453, CVE-2014-1876, CVE-2014-4244, CVE-2014-4263) and in Tomcat (CVE-2014-0075)
2018-06-16 21:19:16
Security Bulletin: Multiple vulnerabilities in IBM SDK for Java included with IBM Forms Viewer
2018-06-16 19:52:50
freebsd
freebsd
chromium -- multiple vulnerabilities
2013-11-12 00:00:00
mozilla -- multiple vulnerabilities
2013-12-09 00:00:00
chrome
chrome
Stable Channel Update
2013-11-12 00:00:00
threatpost
threatpost
12 Flaws Fixed in Google Chrome
2013-11-12 13:17:53
osv
osv
chromium-browser - several
2013-11-16 00:00:00
suse
suse
chromium: update to 31.0.1650.57 (important)
2013-11-27 20:04:35
Mozilla updates 2013/12 (important)
2013-12-13 15:04:36
chromium: 31.0.1650.57 version update (important)
2013-11-27 20:04:13
debian
debian
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:43:07
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:42:38
JSON
Related for F5_BIGIP_SOL59503294.NASL
mscve1nessus61openvas46mskb10veracode24oraclelinux2ubuntucve1prion1centos2cve1f52symantec1debiancve1slackware1kaspersky3redhat5fedora6ubuntu3amazon1mageia2mozilla1securityvulns6gentoo1ibm7freebsd2chrome1threatpost1osv1suse3debian2