Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2012-106.NASL
HistorySep 06, 2012 - 12:00 a.m.

Mandriva Linux Security Advisory : libexif (MDVSA-2012:106)

2012-09-0600:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
9
JSON

Multiple vulnerabilities has been discovered and corrected in libexif :

A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2812).

A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2813).

A buffer overflow in the exif_entry_format_value function in libexif/exif-entry.c in libexif 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags (CVE-2012-2814).

A heap-based out-of-bounds array read in the exif_data_load_data function in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags (CVE-2012-2836).

A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service via an image with crafted EXIF tags (CVE-2012-2837).

An off-by-one error in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags (CVE-2012-2840).

An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one (CVE-2012-2841).

The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2012:106. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(61959);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2012-2812", "CVE-2012-2813", "CVE-2012-2814", "CVE-2012-2836", "CVE-2012-2837", "CVE-2012-2840", "CVE-2012-2841");
  script_xref(name:"MDVSA", value:"2012:106");

  script_name(english:"Mandriva Linux Security Advisory : libexif (MDVSA-2012:106)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been discovered and corrected in 
libexif :

A heap-based out-of-bounds array read in the exif_entry_get_value
function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows
remote attackers to cause a denial of service or possibly obtain
potentially sensitive information from process memory via an image
with crafted EXIF tags (CVE-2012-2812).

A heap-based out-of-bounds array read in the
exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif
0.6.20 and earlier allows remote attackers to cause a denial of
service or possibly obtain potentially sensitive information from
process memory via an image with crafted EXIF tags (CVE-2012-2813).

A buffer overflow in the exif_entry_format_value function in
libexif/exif-entry.c in libexif 0.6.20 allows remote attackers to
cause a denial of service or possibly execute arbitrary code via an
image with crafted EXIF tags (CVE-2012-2814).

A heap-based out-of-bounds array read in the exif_data_load_data
function in libexif 0.6.20 and earlier allows remote attackers to
cause a denial of service or possibly obtain potentially sensitive
information from process memory via an image with crafted EXIF tags
(CVE-2012-2836).

A divide-by-zero error in the mnote_olympus_entry_get_value function
while formatting EXIF maker note tags in libexif 0.6.20 and earlier
allows remote attackers to cause a denial of service via an image with
crafted EXIF tags (CVE-2012-2837).

An off-by-one error in the exif_convert_utf16_to_utf8 function in
libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote
attackers to cause a denial of service or possibly execute arbitrary
code via an image with crafted EXIF tags (CVE-2012-2840).

An integer underflow in the exif_entry_get_value function can cause a
heap overflow and potentially arbitrary code execution while
formatting an EXIF tag, if the function is called with a buffer size
parameter equal to zero or one (CVE-2012-2841).

The updated packages have been upgraded to the 0.6.21 version which is
not vulnerable to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://sourceforge.net/p/libexif/mailman/message/29534027/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64exif-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64exif12");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexif-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexif12");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexif12-common");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64exif-devel-0.6.21-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64exif12-0.6.21-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libexif-devel-0.6.21-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libexif12-0.6.21-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"libexif12-common-0.6.21-0.1-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64exif-develp-cpe:/a:mandriva:linux:lib64exif-devel
mandrivalinuxlib64exif12p-cpe:/a:mandriva:linux:lib64exif12
mandrivalinuxlibexif-develp-cpe:/a:mandriva:linux:libexif-devel
mandrivalinuxlibexif12p-cpe:/a:mandriva:linux:libexif12
mandrivalinuxlibexif12-commonp-cpe:/a:mandriva:linux:libexif12-common
mandrivalinux2011cpe:/o:mandriva:linux:2011

Related

oraclelinux 1
nessus 17
openvas 21
securityvulns 3
amazon 1
debian 1
veracode 7
suse 2
redhat 1
centos 1
fedora 2
ubuntu 1
osv 8
gentoo 1
freebsd 1
altlinux 1
slackware 1
alpinelinux 7
prion 7
cve 7
ubuntucve 7
debiancve 7
oraclelinux
oraclelinux
libexif security update
2012-09-11 00:00:00
nessus
nessus
Oracle Linux 5 / 6 : libexif (ELSA-2012-1255)
2013-07-12 00:00:00
Debian DSA-2559-1 : libexif - several vulnerabilities
2012-10-18 00:00:00
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libexif vulnerabilities (USN-1513-1)
2012-07-24 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2012-1255
2015-10-06 00:00:00
RedHat Update for libexif RHSA-2012:1255-01
2012-09-17 00:00:00
CentOS Update for libexif CESA-2012:1255 centos5
2012-09-17 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:106 ] libexif
2012-07-16 00:00:00
libexif project security advisory July 12, 2012
2012-07-23 00:00:00
libexif / exif multiple security vulnerabilities
2012-07-23 00:00:00
amazon
amazon
Medium: libexif
2012-09-22 21:36:00
debian
debian
[SECURITY] [DSA 2559-1] libexif security update
2012-10-17 18:45:06
veracode
veracode
Arbitrary Code Execution And Denial Of Service (DoS)
2019-05-02 04:43:08
Heap-Based Buffer Overflow
2019-05-02 04:43:08
Denial Of Service (DoS)
2019-05-02 04:43:08
suse
suse
Security update for libexif (important)
2012-07-23 19:08:44
Security update for libexif (important)
2012-07-23 19:08:42
redhat
redhat
(RHSA-2012:1255) Moderate: libexif security update
2012-09-11 00:00:00
centos
centos
libexif security update
2012-09-11 18:50:44
fedora
fedora
[SECURITY] Fedora 17 Update: libexif-0.6.21-2.fc17
2013-02-08 02:34:57
[SECURITY] Fedora 16 Update: libexif-0.6.21-2.fc16
2013-02-08 02:14:42
ubuntu
ubuntu
libexif vulnerabilities
2012-07-23 00:00:00
osv
osv
libexif - several
2012-10-11 00:00:00
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2837
2012-07-13 10:34:00
gentoo
gentoo
libexif, exif: Multiple vulnerabilities
2014-01-19 00:00:00
freebsd
freebsd
libexif -- multiple remote vulnerabilities
2012-07-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package libexif version 0.6.21-alt1
2012-10-27 00:00:00
slackware
slackware
[slackware-security] libexif
2012-07-18 17:04:40
alpinelinux
alpinelinux
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
prion
prion
Code injection
2012-07-13 10:34:00
Design/Logic Flaw
2012-07-13 10:34:00
Heap overflow
2012-07-13 10:34:00
cve
cve
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
CVE-2012-2836
2012-07-13 10:34:00
ubuntucve
ubuntucve
CVE-2012-2836
2012-07-13 00:00:00
CVE-2012-2840
2012-07-13 00:00:00
CVE-2012-2841
2012-07-13 00:00:00
debiancve
debiancve
CVE-2012-2840
2012-07-13 10:34:00
CVE-2012-2837
2012-07-13 10:34:00
CVE-2012-2841
2012-07-13 10:34:00
JSON
Related for MANDRIVA_MDVSA-2012-106.NASL
oraclelinux1nessus17openvas21securityvulns3amazon1debian1veracode7suse2redhat1centos1fedora2ubuntu1osv8gentoo1freebsd1altlinux1slackware1alpinelinux7prion7cve7ubuntucve7debiancve7