Mandrake Linux Security Advisory : libtiff (MDKSA-2006:042)

2006-02-1900:00:00

www.tenable.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.335 Low

EPSS

Percentile

97.1%

JSON

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.

The updated packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:042. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20941);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-1544");
  script_xref(name:"MDKSA", value:"2006:042");

  script_name(english:"Mandrake Linux Security Advisory : libtiff (MDKSA-2006:042)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Stack-based buffer overflow in libTIFF before 3.7.2 allows remote
attackers to execute arbitrary code via a TIFF file with a malformed
BitsPerSample tag. Although some of the previous updates appear to
already catch this issue, this update adds some additional checks.

The updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff3-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff-progs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff3-static-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64tiff3-3.6.1-4.5.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64tiff3-devel-3.6.1-4.5.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64tiff3-static-devel-3.6.1-4.5.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"libtiff-progs-3.6.1-4.5.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libtiff3-3.6.1-4.5.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libtiff3-devel-3.6.1-4.5.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libtiff3-static-devel-3.6.1-4.5.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64tiff3-3.6.1-11.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64tiff3-devel-3.6.1-11.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64tiff3-static-devel-3.6.1-11.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"libtiff-progs-3.6.1-11.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libtiff3-3.6.1-11.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libtiff3-devel-3.6.1-11.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libtiff3-static-devel-3.6.1-11.2.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64tiff3-3.6.1-12.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64tiff3-devel-3.6.1-12.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64tiff3-static-devel-3.6.1-12.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"libtiff-progs-3.6.1-12.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libtiff3-3.6.1-12.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libtiff3-devel-3.6.1-12.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libtiff3-static-devel-3.6.1-12.1.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxlib64tiff3p-cpe:/a:mandriva:linux:lib64tiff3
mandrivalinuxlib64tiff3-develp-cpe:/a:mandriva:linux:lib64tiff3-devel
mandrivalinuxlib64tiff3-static-develp-cpe:/a:mandriva:linux:lib64tiff3-static-devel
mandrivalinuxlibtiff-progsp-cpe:/a:mandriva:linux:libtiff-progs
mandrivalinuxlibtiff3p-cpe:/a:mandriva:linux:libtiff3
mandrivalinuxlibtiff3-develp-cpe:/a:mandriva:linux:libtiff3-devel
mandrivalinuxlibtiff3-static-develp-cpe:/a:mandriva:linux:libtiff3-static-devel
mandrakesoftmandrake_linux10.1cpe:/o:mandrakesoft:mandrake_linux:10.1
mandrivalinux2006cpe:/o:mandriva:linux:2006
mandrakesoftmandrake_linuxle2005x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Vendor	Product	Version	CPE
mandriva	linux	lib64tiff3	p-cpe:/a:mandriva:linux:lib64tiff3
mandriva	linux	lib64tiff3-devel	p-cpe:/a:mandriva:linux:lib64tiff3-devel
mandriva	linux	lib64tiff3-static-devel	p-cpe:/a:mandriva:linux:lib64tiff3-static-devel
mandriva	linux	libtiff-progs	p-cpe:/a:mandriva:linux:libtiff-progs
mandriva	linux	libtiff3	p-cpe:/a:mandriva:linux:libtiff3
mandriva	linux	libtiff3-devel	p-cpe:/a:mandriva:linux:libtiff3-devel
mandriva	linux	libtiff3-static-devel	p-cpe:/a:mandriva:linux:libtiff3-static-devel
mandrakesoft	mandrake_linux	10.1	cpe:/o:mandrakesoft:mandrake_linux:10.1
mandriva	linux	2006	cpe:/o:mandriva:linux:2006
mandrakesoft	mandrake_linux	le2005	x-cpe:/o:mandrakesoft:mandrake_linux:le2005