Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2006-099.NASL
HistoryJun 16, 2006 - 12:00 a.m.

Mandrake Linux Security Advisory : freetype2 (MDKSA-2006:099-1)

2006-06-1600:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
16
JSON

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. (CVE-2006-0747)

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. (CVE-2006-1861)

Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. (CVE-2006-2661)

In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious bug in ttkern.c that caused some programs to go into an infinite loop when dealing with fonts that don’t have a properly sorted kerning sub-table. This patch is not applicable to the earlier Mandriva releases.

Update :

The previous update introduced some issues with other applications and libraries linked to libfreetype, that were missed in testing for the vulnerability issues. The new packages correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:099. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(21715);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2006-0747",
    "CVE-2006-1861",
    "CVE-2006-2661"
  );
  script_bugtraq_id(
    18034,
    18326,
    18329
  );
  script_xref(name:"MDKSA", value:"2006:099-1");

  script_name(english:"Mandrake Linux Security Advisory : freetype2 (MDKSA-2006:099-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Integer underflow in Freetype before 2.2 allows remote attackers to
cause a denial of service (crash) via a font file with an odd number
of blue values, which causes the underflow when decrementing by 2 in a
context that assumes an even number of values. (CVE-2006-0747)

Multiple integer overflows in FreeType before 2.2 allow remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2)
sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and
a crafted LWFN file in base/ftmac.c. (CVE-2006-1861)

Ftutil.c in Freetype before 2.2 allows remote attackers to cause a
denial of service (crash) via a crafted font file that triggers a null
dereference. (CVE-2006-2661)

In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a
serious bug in ttkern.c that caused some programs to go into an
infinite loop when dealing with fonts that don't have a properly
sorted kerning sub-table. This patch is not applicable to the earlier
Mandriva releases.

Update :

The previous update introduced some issues with other applications and
libraries linked to libfreetype, that were missed in testing for the
vulnerability issues. The new packages correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreetype6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreetype6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreetype6-static-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);

flag = 0;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64freetype6-2.1.9-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64freetype6-devel-2.1.9-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64freetype6-static-devel-2.1.9-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libfreetype6-2.1.9-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libfreetype6-devel-2.1.9-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libfreetype6-static-devel-2.1.9-6.2.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64freetype6-2.1.10-9.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64freetype6-devel-2.1.10-9.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64freetype6-static-devel-2.1.10-9.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libfreetype6-2.1.10-9.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libfreetype6-devel-2.1.10-9.3.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libfreetype6-static-devel-2.1.10-9.3.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64freetype6p-cpe:/a:mandriva:linux:lib64freetype6
mandrivalinuxlib64freetype6-develp-cpe:/a:mandriva:linux:lib64freetype6-devel
mandrivalinuxlib64freetype6-static-develp-cpe:/a:mandriva:linux:lib64freetype6-static-devel
mandrivalinuxlibfreetype6p-cpe:/a:mandriva:linux:libfreetype6
mandrivalinuxlibfreetype6-develp-cpe:/a:mandriva:linux:libfreetype6-devel
mandrivalinuxlibfreetype6-static-develp-cpe:/a:mandriva:linux:libfreetype6-static-devel
mandrivalinux2006cpe:/o:mandriva:linux:2006
mandrakesoftmandrake_linuxle2005x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Related

nessus 21
suse 1
redhat 3
centos 3
debian 1
openvas 29
osv 1
ubuntu 1
freebsd 1
oraclelinux 2
prion 3
ubuntucve 4
debiancve 4
cve 6
slackware 1
gentoo 3
veracode 1
fedora 2
securityvulns 1
nessus
nessus
Ubuntu 5.04 / 5.10 / 6.06 LTS : freetype vulnerabilities (USN-291-1)
2007-11-10 00:00:00
CentOS 3 / 4 : freetype (CESA-2006:0500)
2006-07-19 00:00:00
RHEL 2.1 / 3 / 4 : freetype (RHSA-2006:0500)
2006-07-19 00:00:00
suse
suse
remote code execution in freetype2, freetype2-devel
2006-06-27 12:24:46
redhat
redhat
(RHSA-2006:0500) freetype security update
2006-07-18 00:00:00
(RHSA-2009:1062) Important: freetype security update
2009-05-22 00:00:00
(RHSA-2009:0329) Important: freetype security update
2009-05-22 00:00:00
centos
centos
freetype security update
2006-07-18 22:54:54
freetype security update
2006-07-18 12:29:16
freetype security update
2009-05-22 14:02:05
debian
debian
[SECURITY] [DSA 1095-1] New freetype packages fix several vulnerabilities
2006-06-10 00:00:00
openvas
openvas
Debian Security Advisory DSA 1095-1 (freetype)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-291-1)
2022-08-26 00:00:00
Debian: Security Advisory (DSA-1095-1)
2008-01-17 00:00:00
osv
osv
freetype - integer overflows
2006-06-10 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2006-06-08 00:00:00
freebsd
freebsd
freetype -- LWFN Files Buffer Overflow Vulnerability
2006-07-10 00:00:00
oraclelinux
oraclelinux
Moderate: freetype security update
2007-04-16 00:00:00
freetype security update
2009-05-26 00:00:00
prion
prion
Design/Logic Flaw
2006-05-30 19:02:00
Integer overflow
2006-05-23 10:06:00
Integer overflow
2006-05-23 10:06:00
ubuntucve
ubuntucve
CVE-2006-2661
2006-05-30 00:00:00
CVE-2006-0747
2006-05-23 00:00:00
CVE-2006-3467
2006-07-21 00:00:00
debiancve
debiancve
CVE-2006-2661
2006-05-30 19:02:00
CVE-2006-0747
2006-05-23 10:06:00
CVE-2006-3467
2006-07-21 14:03:00
cve
cve
CVE-2006-2661
2006-05-30 19:02:00
CVE-2006-0747
2006-05-23 10:06:00
CVE-2006-1054
2006-05-26 21:06:00
slackware
slackware
[slackware-security] x11
2006-07-26 21:25:09
gentoo
gentoo
NX 2.1: User-assisted execution of arbitrary code
2007-10-09 00:00:00
FreeType: Multiple integer overflows
2006-07-09 00:00:00
FreeType 1: User-assisted execution of arbitrary code
2010-06-01 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:37
fedora
fedora
[SECURITY] Fedora 10 Update: freetype1-1.4-0.8.pre.fc10
2009-05-28 08:01:17
[SECURITY] Fedora 11 Update: freetype1-1.4-0.8.pre.fc11
2009-05-28 08:17:11
securityvulns
securityvulns
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
JSON
Related for MANDRAKE_MDKSA-2006-099.NASL
nessus21suse1redhat3centos3debian1openvas29osv1ubuntu1freebsd1oraclelinux2prion3ubuntucve4debiancve4cve6slackware1gentoo3veracode1fedora2securityvulns1