ID FEDORA_2007-4594.NASL Type nessus Reporter Tenable Modified 2015-10-21T00:00:00
Description
This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially crafted BMP image could cause the user's CPU to go into an infinite loop.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2007-4594.
#
include("compat.inc");
if (description)
{
script_id(29810);
script_version ("$Revision: 1.16 $");
script_cvs_date("$Date: 2015/10/21 22:04:02 $");
script_cve_id("CVE-2007-3568");
script_xref(name:"FEDORA", value:"2007-4594");
script_name(english:"Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update includes a fix for a denial-of-service issue
(CVE-2007-3568) whereby an attacker who could get an imlib-using user
to view a specially crafted BMP image could cause the user's CPU to go
into an infinite loop.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=426091"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006273.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?6c5b8dbe"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected imlib, imlib-debuginfo and / or imlib-devel
packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:imlib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:imlib-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:imlib-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
script_set_attribute(attribute:"patch_publication_date", value:"2007/12/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC8", reference:"imlib-1.9.15-6.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"imlib-debuginfo-1.9.15-6.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"imlib-devel-1.9.15-6.fc8")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imlib / imlib-debuginfo / imlib-devel");
}
{"id": "FEDORA_2007-4594.NASL", "bulletinFamily": "scanner", "title": "Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)", "description": "This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially crafted BMP image could cause the user's CPU to go into an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-12-31T00:00:00", "modified": "2015-10-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29810", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=426091", "http://www.nessus.org/u?6c5b8dbe"], "cvelist": ["CVE-2007-3568"], "type": "nessus", "lastseen": "2018-09-02T00:07:25", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-3568"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially crafted BMP image could cause the user's CPU to go into an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "49ddbfcac01b04d8468c98c87a7dcf5edf1c3506e36880a6a316f0cf0c278ed2", "hashmap": [{"hash": "4586d6d0f6e8aa1296cad40f7cf3f809", "key": "pluginID"}, {"hash": "1bdbb13f4b81f9c771344ffc6df88dc1", "key": "sourceData"}, {"hash": "50962a1f76e4040c2803c1732b46dcfe", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "aa124a587e1eb6ba80db9b0328adad44", "key": "cvelist"}, {"hash": "b8c391a501b75225e0a38aa984c28feb", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "237551e94454f575fd46517d018198a2", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "04de9e5e677abfa726ee2a9f25452780", "key": "description"}, {"hash": "ea8867ef6edbf0b8ad781f842de88123", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=29810", "id": "FEDORA_2007-4594.NASL", "lastseen": "2016-09-26T17:26:26", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "29810", "published": "2007-12-31T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=426091", "http://www.nessus.org/u?6c5b8dbe"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4594.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29810);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:02 $\");\n\n script_cve_id(\"CVE-2007-3568\");\n script_xref(name:\"FEDORA\", value:\"2007-4594\");\n\n script_name(english:\"Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes a fix for a denial-of-service issue\n(CVE-2007-3568) whereby an attacker who could get an imlib-using user\nto view a specially crafted BMP image could cause the user's CPU to go\ninto an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=426091\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006273.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c5b8dbe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected imlib, imlib-debuginfo and / or imlib-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"imlib-1.9.15-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"imlib-debuginfo-1.9.15-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"imlib-devel-1.9.15-6.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib / imlib-debuginfo / imlib-devel\");\n}\n", "title": "Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:26"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:imlib-devel", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:imlib-debuginfo", "p-cpe:/a:fedoraproject:fedora:imlib"], "cvelist": ["CVE-2007-3568"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially crafted BMP image could cause the user's CPU to go into an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "1b19130cf34f5289a5629ba9e782b5aead1aeccfa748d9d06248fdabc8a35c7d", "hashmap": [{"hash": "4586d6d0f6e8aa1296cad40f7cf3f809", "key": "pluginID"}, {"hash": "1bdbb13f4b81f9c771344ffc6df88dc1", "key": "sourceData"}, {"hash": "50962a1f76e4040c2803c1732b46dcfe", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "aa124a587e1eb6ba80db9b0328adad44", "key": "cvelist"}, {"hash": "b8c391a501b75225e0a38aa984c28feb", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "237551e94454f575fd46517d018198a2", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "04de9e5e677abfa726ee2a9f25452780", "key": "description"}, {"hash": "ea8867ef6edbf0b8ad781f842de88123", "key": "href"}, {"hash": "3020b523b06d9a0860698bb1a11599e5", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=29810", "id": "FEDORA_2007-4594.NASL", "lastseen": "2017-10-29T13:44:48", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "29810", "published": "2007-12-31T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=426091", "http://www.nessus.org/u?6c5b8dbe"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4594.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29810);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:02 $\");\n\n script_cve_id(\"CVE-2007-3568\");\n script_xref(name:\"FEDORA\", value:\"2007-4594\");\n\n script_name(english:\"Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes a fix for a denial-of-service issue\n(CVE-2007-3568) whereby an attacker who could get an imlib-using user\nto view a specially crafted BMP image could cause the user's CPU to go\ninto an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=426091\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006273.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c5b8dbe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected imlib, imlib-debuginfo and / or imlib-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"imlib-1.9.15-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"imlib-debuginfo-1.9.15-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"imlib-devel-1.9.15-6.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib / imlib-debuginfo / imlib-devel\");\n}\n", "title": "Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:44:48"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:imlib-devel", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:imlib-debuginfo", "p-cpe:/a:fedoraproject:fedora:imlib"], "cvelist": ["CVE-2007-3568"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially crafted BMP image could cause the user's CPU to go into an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "157ca1d4b15a9b183fdf45679ce8f6ba7a4a96a92fd51bba86a7c465c088f2f7", "hashmap": [{"hash": "4586d6d0f6e8aa1296cad40f7cf3f809", "key": "pluginID"}, {"hash": "1bdbb13f4b81f9c771344ffc6df88dc1", "key": "sourceData"}, {"hash": "50962a1f76e4040c2803c1732b46dcfe", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "aa124a587e1eb6ba80db9b0328adad44", "key": "cvelist"}, {"hash": "b8c391a501b75225e0a38aa984c28feb", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "237551e94454f575fd46517d018198a2", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "04de9e5e677abfa726ee2a9f25452780", "key": "description"}, {"hash": "ea8867ef6edbf0b8ad781f842de88123", "key": "href"}, {"hash": "3020b523b06d9a0860698bb1a11599e5", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=29810", "id": "FEDORA_2007-4594.NASL", "lastseen": "2018-08-30T19:56:14", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "29810", "published": "2007-12-31T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=426091", "http://www.nessus.org/u?6c5b8dbe"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4594.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29810);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:02 $\");\n\n script_cve_id(\"CVE-2007-3568\");\n script_xref(name:\"FEDORA\", value:\"2007-4594\");\n\n script_name(english:\"Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes a fix for a denial-of-service issue\n(CVE-2007-3568) whereby an attacker who could get an imlib-using user\nto view a specially crafted BMP image could cause the user's CPU to go\ninto an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=426091\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006273.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c5b8dbe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected imlib, imlib-debuginfo and / or imlib-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"imlib-1.9.15-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"imlib-debuginfo-1.9.15-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"imlib-devel-1.9.15-6.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib / imlib-debuginfo / imlib-devel\");\n}\n", "title": "Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:56:14"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "3020b523b06d9a0860698bb1a11599e5"}, {"key": "cvelist", "hash": "aa124a587e1eb6ba80db9b0328adad44"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "04de9e5e677abfa726ee2a9f25452780"}, {"key": "href", "hash": "ea8867ef6edbf0b8ad781f842de88123"}, {"key": "modified", "hash": "55c15b2ee014f410bc35a2ea45f82539"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "4586d6d0f6e8aa1296cad40f7cf3f809"}, {"key": "published", "hash": "237551e94454f575fd46517d018198a2"}, {"key": "references", "hash": "b8c391a501b75225e0a38aa984c28feb"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "1bdbb13f4b81f9c771344ffc6df88dc1"}, {"key": "title", "hash": "50962a1f76e4040c2803c1732b46dcfe"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "1b19130cf34f5289a5629ba9e782b5aead1aeccfa748d9d06248fdabc8a35c7d", "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4594.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29810);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:02 $\");\n\n script_cve_id(\"CVE-2007-3568\");\n script_xref(name:\"FEDORA\", value:\"2007-4594\");\n\n script_name(english:\"Fedora 8 : imlib-1.9.15-6.fc8 (2007-4594)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes a fix for a denial-of-service issue\n(CVE-2007-3568) whereby an attacker who could get an imlib-using user\nto view a specially crafted BMP image could cause the user's CPU to go\ninto an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=426091\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006273.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c5b8dbe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected imlib, imlib-debuginfo and / or imlib-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"imlib-1.9.15-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"imlib-debuginfo-1.9.15-6.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"imlib-devel-1.9.15-6.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib / imlib-debuginfo / imlib-devel\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "29810", "cpe": ["p-cpe:/a:fedoraproject:fedora:imlib-devel", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:imlib-debuginfo", "p-cpe:/a:fedoraproject:fedora:imlib"]}
{"cve": [{"lastseen": "2017-07-29T11:22:07", "references": ["http://www.securitytracker.com/id?1018332", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35325", "http://www.securityfocus.com/bid/24750", "http://www.securiteam.com/unixfocus/5WP030UM0W.html"], "description": "The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.", "edition": 2, "reporter": "NVD", "published": "2007-07-05T15:30:00", "title": "CVE-2007-3568", "type": "cve", "enchantments": {"score": {"modified": "2017-07-29T11:22:07", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-3568"], "scanner": [], "modified": "2017-07-28T21:32:22", "cpe": ["cpe:/a:imlib:imlib:1.9.15"], "id": "CVE-2007-3568", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3568", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-25T10:56:11", "references": ["2007-4561", "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00848.html"], "pluginID": "861457", "description": "Check for the Version of imlib", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "title": "Fedora Update for imlib FEDORA-2007-4561", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3568"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861457", "id": "OPENVAS:861457", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for imlib FEDORA-2007-4561\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Imlib is a display depth independent image loading and rendering library.\n Imlib is designed to simplify and speed up the process of loading images and\n obtaining X Window System drawables. Imlib provides many simple manipulation\n routines which can be used for common operations.\n\n The imlib package also contains the imlib_config program, which you can use to\n configure the Imlib image loading and rendering library. Imlib_config can be\n used to control how Imlib uses color and handles gamma corrections, etc.\n \n Install imlib if you need an image loading and rendering library for X11R6, or\n if you are installing GNOME.\";\n\ntag_affected = \"imlib on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00848.html\");\n script_id(861457);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-4561\");\n script_cve_id(\"CVE-2007-3568\");\n script_name( \"Fedora Update for imlib FEDORA-2007-4561\");\n\n script_summary(\"Check for the Version of imlib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"imlib\", rpm:\"imlib~1.9.15~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib-debuginfo\", rpm:\"imlib-debuginfo~1.9.15~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib-devel\", rpm:\"imlib-devel~1.9.15~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib\", rpm:\"imlib~1.9.15~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib-debuginfo\", rpm:\"imlib-debuginfo~1.9.15~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib-devel\", rpm:\"imlib-devel~1.9.15~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib\", rpm:\"imlib~1.9.15~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:57", "references": ["https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00811.html", "2007-4594"], "pluginID": "861223", "description": "Check for the Version of imlib", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for imlib FEDORA-2007-4594", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3568"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861223", "id": "OPENVAS:861223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for imlib FEDORA-2007-4594\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Imlib is a display depth independent image loading and rendering library.\n Imlib is designed to simplify and speed up the process of loading images and\n obtaining X Window System drawables. Imlib provides many simple manipulation\n routines which can be used for common operations.\n\n The imlib package also contains the imlib_config program, which you can use to\n configure the Imlib image loading and rendering library. Imlib_config can be\n used to control how Imlib uses color and handles gamma corrections, etc.\n \n Install imlib if you need an image loading and rendering library for X11R6, or\n if you are installing GNOME.\";\n\ntag_affected = \"imlib on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00811.html\");\n script_id(861223);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-4594\");\n script_cve_id(\"CVE-2007-3568\");\n script_name( \"Fedora Update for imlib FEDORA-2007-4594\");\n\n script_summary(\"Check for the Version of imlib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"imlib\", rpm:\"imlib~1.9.15~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib-debuginfo\", rpm:\"imlib-debuginfo~1.9.15~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib-devel\", rpm:\"imlib-devel~1.9.15~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib\", rpm:\"imlib~1.9.15~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib-debuginfo\", rpm:\"imlib-debuginfo~1.9.15~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib-devel\", rpm:\"imlib-devel~1.9.15~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imlib\", rpm:\"imlib~1.9.15~6.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:55:02", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=426091", "http://www.nessus.org/u?53383661"], "pluginID": "29809", "description": "This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially crafted BMP image could cause the user's CPU to go into an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2007-12-31T00:00:00", "title": "Fedora 7 : imlib-1.9.15-6.fc7 (2007-4561)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3568"], "modified": "2015-10-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:imlib-devel", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:imlib-debuginfo", "p-cpe:/a:fedoraproject:fedora:imlib"], "id": "FEDORA_2007-4561.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29809", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4561.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29809);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:02 $\");\n\n script_cve_id(\"CVE-2007-3568\");\n script_xref(name:\"FEDORA\", value:\"2007-4561\");\n\n script_name(english:\"Fedora 7 : imlib-1.9.15-6.fc7 (2007-4561)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes a fix for a denial-of-service issue\n(CVE-2007-3568) whereby an attacker who could get an imlib-using user\nto view a specially crafted BMP image could cause the user's CPU to go\ninto an infinite loop.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=426091\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/006310.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53383661\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected imlib, imlib-debuginfo and / or imlib-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"imlib-1.9.15-6.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"imlib-debuginfo-1.9.15-6.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"imlib-devel-1.9.15-6.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib / imlib-debuginfo / imlib-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "references": [], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018332\nOther Advisory URL: http://www.securiteam.com/unixfocus/5WP030UM0W.html\nISS X-Force ID: 35325\n[CVE-2007-3568](https://vulners.com/cve/CVE-2007-3568)\nBugtraq ID: 24750\n", "edition": 1, "reporter": "OSVDB", "published": "2007-07-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "ImLib _LoadBMP Function BMP File Handling DoS", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3568"], "modified": "2007-07-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39016", "id": "OSVDB:39016", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
