Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2010-157.NASL
HistoryAug 23, 2010 - 12:00 a.m.

Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:157)

2010-08-2300:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
11
JSON

Multiple vulnerabilities has been found and corrected in freetype2 :

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2805).

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow (CVE-2010-2806).

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2807).

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font (CVE-2010-2808).

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string (CVE-2010-3053).

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2010:157. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(48403);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2010-2805",
    "CVE-2010-2806",
    "CVE-2010-2807",
    "CVE-2010-3053"
  );
  script_bugtraq_id(42285);
  script_xref(name:"MDVSA", value:"2010:157");

  script_name(english:"Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:157)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in freetype2 :

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType
before 2.4.2 does not properly validate certain position values, which
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file
(CVE-2010-2805).

Array index error in the t42_parse_sfnts function in type42/t42parse.c
in FreeType before 2.4.2 allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
negative size values for certain strings in FontType42 font files,
leading to a heap-based buffer overflow (CVE-2010-2806).

FreeType before 2.4.2 uses incorrect integer data types during bounds
checking, which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
font file (CVE-2010-2807).

Buffer overflow in the Mac_Read_POST_Resource function in
base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font
File (aka LWFN) font (CVE-2010-2808).

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause
a denial of service (application crash) via a crafted BDF font file,
related to an attempted modification of a value in a static string
(CVE-2010-3053).

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreetype6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreetype6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreetype6-static-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/08/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64freetype6-2.3.11-1.3mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64freetype6-devel-2.3.11-1.3mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64freetype6-static-devel-2.3.11-1.3mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libfreetype6-2.3.11-1.3mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libfreetype6-devel-2.3.11-1.3mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libfreetype6-static-devel-2.3.11-1.3mdv2010.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64freetype6-2.3.12-1.3mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64freetype6-devel-2.3.12-1.3mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64freetype6-static-devel-2.3.12-1.3mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libfreetype6-2.3.12-1.3mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libfreetype6-devel-2.3.12-1.3mdv2010.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libfreetype6-static-devel-2.3.12-1.3mdv2010.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64freetype6p-cpe:/a:mandriva:linux:lib64freetype6
mandrivalinuxlib64freetype6-develp-cpe:/a:mandriva:linux:lib64freetype6-devel
mandrivalinuxlib64freetype6-static-develp-cpe:/a:mandriva:linux:lib64freetype6-static-devel
mandrivalinuxlibfreetype6p-cpe:/a:mandriva:linux:libfreetype6
mandrivalinuxlibfreetype6-develp-cpe:/a:mandriva:linux:libfreetype6-devel
mandrivalinuxlibfreetype6-static-develp-cpe:/a:mandriva:linux:libfreetype6-static-devel
mandrivalinux2010.0cpe:/o:mandriva:linux:2010.0
mandrivalinux2010.1cpe:/o:mandriva:linux:2010.1

Related

openvas 34
nessus 32
osv 1
debian 2
ubuntu 1
securityvulns 3
redhat 3
oraclelinux 3
centos 2
prion 5
cve 5
debiancve 5
ubuntucve 5
veracode 3
gentoo 1
fedora 4
suse 1
openvas
openvas
Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)
2010-08-24 00:00:00
Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)
2010-08-24 00:00:00
FreeType Multiple denial of service vulnerabilities (Windows)
2010-09-01 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:156)
2010-08-23 00:00:00
Debian DSA-2105-1 : freetype - several vulnerabilities
2010-09-09 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1)
2010-08-18 00:00:00
osv
osv
freetype - several vulnerabilities
2010-09-07 00:00:00
debian
debian
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
ubuntu
ubuntu
FreeType vulnerabilities
2010-08-17 00:00:00
securityvulns
securityvulns
[USN-972-1] FreeType vulnerabilities
2010-08-19 00:00:00
freetype library multiple security vulnerabilities
2011-11-27 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
redhat
redhat
(RHSA-2010:0864) Important: freetype security update
2010-11-10 00:00:00
(RHSA-2010:0737) Important: freetype security update
2010-10-04 00:00:00
(RHSA-2010:0736) Important: freetype security update
2010-10-04 00:00:00
oraclelinux
oraclelinux
freetype security update
2010-11-16 00:00:00
freetype security update
2010-10-04 00:00:00
freetype security update
2010-10-04 00:00:00
centos
centos
freetype security update
2010-10-04 20:11:54
freetype security update
2010-10-05 15:49:55
prion
prion
Design/Logic Flaw
2010-08-19 18:00:00
Heap overflow
2010-08-19 18:00:00
Integer overflow
2010-08-19 18:00:00
cve
cve
CVE-2010-3053
2010-08-19 18:00:00
CVE-2010-2806
2010-08-19 18:00:00
CVE-2010-2807
2010-08-19 18:00:00
debiancve
debiancve
CVE-2010-3053
2010-08-19 18:00:00
CVE-2010-2806
2010-08-19 18:00:00
CVE-2010-2807
2010-08-19 18:00:00
ubuntucve
ubuntucve
CVE-2010-3053
2010-08-19 00:00:00
CVE-2010-2806
2010-08-12 00:00:00
CVE-2010-2807
2010-08-12 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:48:57
Arbitrary Code Execution
2020-04-10 00:53:31
Arbitrary Code Execution
2020-04-10 00:48:58
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13
2010-10-19 07:23:19
[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12
2010-11-01 20:53:44
[SECURITY] Fedora 13 Update: freetype-2.3.11-7.fc13
2010-11-21 21:52:29
suse
suse
Security update for freetype2 (important)
2012-04-23 18:08:18
JSON
Related for MANDRIVA_MDVSA-2010-157.NASL
openvas34nessus32osv1debian2ubuntu1securityvulns3redhat3oraclelinux3centos2prion5cve5debiancve5ubuntucve5veracode3gentoo1fedora4suse1