Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2009-121.NASL
HistoryMay 22, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : lcms (MDVSA-2009:121-1)

2009-05-2200:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
10
JSON

Multiple security vulnerabilities has been identified and fixed in Little cms :

A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581).

Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723).

Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733).

A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793).

This update provides fixes for these issues.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2009:121. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(38865);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793");
  script_bugtraq_id(34185, 34411);
  script_xref(name:"MDVSA", value:"2009:121-1");

  script_name(english:"Mandriva Linux Security Advisory : lcms (MDVSA-2009:121-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security vulnerabilities has been identified and fixed in
Little cms :

A memory leak flaw allows remote attackers to cause a denial of
service (memory consumption and application crash) via a crafted image
file (CVE-2009-0581).

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).

Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a
large integer value for the (1) input or (2) output channel
(CVE-2009-0733).

A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).

This update provides fixes for these issues.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 119, 189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lcms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64lcms-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64lcms1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:liblcms-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:liblcms1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-lcms");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"lcms-1.18-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64lcms-devel-1.18-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64lcms1-1.18-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"liblcms-devel-1.18-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"liblcms1-1.18-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"python-lcms-1.18-0.1mdv2008.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlcmsp-cpe:/a:mandriva:linux:lcms
mandrivalinuxlib64lcms-develp-cpe:/a:mandriva:linux:lib64lcms-devel
mandrivalinuxlib64lcms1p-cpe:/a:mandriva:linux:lib64lcms1
mandrivalinuxliblcms-develp-cpe:/a:mandriva:linux:liblcms-devel
mandrivalinuxliblcms1p-cpe:/a:mandriva:linux:liblcms1
mandrivalinuxpython-lcmsp-cpe:/a:mandriva:linux:python-lcms
mandrivalinux2008.0cpe:/o:mandriva:linux:2008.0

Related

openvas 63
securityvulns 3
fedora 11
nessus 34
gentoo 1
oraclelinux 2
ubuntu 2
seebug 1
debian 3
osv 2
slackware 1
redhat 2
ubuntucve 4
prion 4
veracode 4
cve 4
centos 1
openvas
openvas
Mandriva Security Advisory MDVSA-2009:121-1 (lcms)
2009-12-10 00:00:00
Mandriva Security Advisory MDVSA-2009:121-1 (lcms)
2009-12-10 00:00:00
Gentoo Security Advisory GLSA 200904-19 (littlecms)
2009-04-20 00:00:00
securityvulns
securityvulns
[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities
2009-04-20 00:00:00
lcms multiple security vulnerabilities
2009-05-25 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-04-20 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: lcms-1.18-2.fc9
2009-05-09 03:57:49
[SECURITY] Fedora 10 Update: lcms-1.18-2.fc10
2009-05-09 04:02:13
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-11.b14.fc10
2009-03-24 05:31:44
nessus
nessus
GLSA-200904-19 : LittleCMS: Multiple vulnerabilities
2009-04-21 00:00:00
Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 (2009-3034)
2009-03-27 00:00:00
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-603)
2009-07-21 00:00:00
gentoo
gentoo
LittleCMS: Multiple vulnerabilities
2009-04-19 00:00:00
oraclelinux
oraclelinux
lcms security update
2009-03-19 00:00:00
java-1.6.0-openjdk security update
2009-04-07 00:00:00
ubuntu
ubuntu
LittleCMS vulnerabilities
2009-03-23 00:00:00
Little CMS vulnerability
2011-01-12 00:00:00
seebug
seebug
Little CMSε†…ε­˜ζ³„ιœ²εŠζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2009-03-23 00:00:00
debian
debian
[SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution
2009-03-20 09:17:19
[SECURITY] [DSA 1745-2] New lcms packages fix regression
2009-03-25 11:32:42
[SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution
2009-04-11 14:38:44
osv
osv
lcms - arbitrary code execution
2009-03-20 00:00:00
openjdk-6 - arbitrary code execution
2009-04-11 00:00:00
slackware
slackware
lcms
2009-03-24 16:43:23
redhat
redhat
(RHSA-2009:0339) Moderate: lcms security update
2009-03-19 00:00:00
(RHSA-2009:0377) Important: java-1.6.0-openjdk security update
2009-04-07 00:00:00
ubuntucve
ubuntucve
CVE-2009-0733
2009-03-23 00:00:00
CVE-2009-0581
2009-03-23 00:00:00
CVE-2009-0793
2009-04-09 00:00:00
prion
prion
Memory corruption
2009-03-23 14:19:00
Stack overflow
2009-03-23 14:19:00
Integer overflow
2009-03-23 14:19:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:30:31
Arbitrary Code Execution
2020-04-10 00:30:32
Arbitrary Code Execution
2020-04-10 00:30:32
cve
cve
CVE-2009-0581
2009-03-23 14:19:00
CVE-2009-0733
2009-03-23 14:19:00
CVE-2009-0723
2009-03-23 14:19:00
centos
centos
java security update
2009-04-08 11:56:07
JSON
Related for MANDRIVA_MDVSA-2009-121.NASL
openvas63securityvulns3fedora11nessus34gentoo1oraclelinux2ubuntu2seebug1debian3osv2slackware1redhat2ubuntucve4prion4veracode4cve4centos1