Updated libtiff packages fix multiple buffer overflow vulnerabilities and a use-after-free flaw, enabling potential remote code execution
Reporter | Title | Published | Views | Family All 112 |
---|---|---|---|---|
Tenable Nessus | Oracle Solaris Third-Party Patch Update : libtiff (cve_2013_4231_buffer_overflow) | 19 Jan 201500:00 | – | nessus |
Tenable Nessus | Fedora 18 : libtiff-4.0.3-8.fc18 (2013-14726) | 20 Aug 201300:00 | – | nessus |
Tenable Nessus | Fedora 19 : libtiff-4.0.3-8.fc19 (2013-14707) | 20 Aug 201300:00 | – | nessus |
Tenable Nessus | Debian DSA-2744-1 : tiff - several vulnerabilities | 28 Aug 201300:00 | – | nessus |
Tenable Nessus | Ubuntu 14.04 LTS : LibTIFF vulnerabilities (USN-2205-1) | 7 May 201400:00 | – | nessus |
Tenable Nessus | Fedora 19 : mingw-libtiff-4.0.3-4.fc19 (2014-6831) | 10 Jun 201400:00 | – | nessus |
Tenable Nessus | Amazon Linux AMI : libtiff (ALAS-2014-365) | 12 Oct 201400:00 | – | nessus |
Tenable Nessus | Fedora 20 : libtiff-4.0.3-15.fc20 (2014-6583) | 29 May 201400:00 | – | nessus |
Tenable Nessus | SuSE 11.2 / 11.3 Security Update : libtiff (SAT Patch Numbers 8384 / 8385) | 8 Nov 201300:00 | – | nessus |
Tenable Nessus | Fedora 19 : libtiff-4.0.3-10.fc19 (2014-6594) | 10 Jun 201400:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2013:219.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(69467);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2013-4231", "CVE-2013-4232");
script_bugtraq_id(61695, 61849);
script_xref(name:"MDVSA", value:"2013:219");
script_name(english:"Mandriva Linux Security Advisory : libtiff (MDVSA-2013:219)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated libtiff packages fix security vulnerabilities :
Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool
to convert RGB color, greyscale, or bi-level TIFF images to YCbCr
images, and multiple buffer overflow flaws in gif2tiff, a tool to
convert GIF images to TIFF. A remote attacker could provide a
specially crafted TIFF or GIF file that, when processed by rgb2ycbcr
and gif2tiff respectively, would cause the tool to crash or,
potentially, execute arbitrary code with the privileges of the user
running the tool (CVE-2013-4231).
Pedro Ribeiro discovered a use-after-free flaw in the
t2p_readwrite_pdf_image\(\) function in tiff2pdf, a tool for
converting a TIFF image to a PDF document. A remote attacker could
provide a specially crafted TIFF file that, when processed by
tiff2pdf, would cause tiff2pdf to crash or, potentially, execute
arbitrary code with the privileges of the user running tiff2pdf
(CVE-2013-4232)."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2013-0258.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff-static-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff-progs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_set_attribute(attribute:"patch_publication_date", value:"2013/08/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/25");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64tiff-devel-4.0.1-3.3.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64tiff-static-devel-4.0.1-3.3.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64tiff5-4.0.1-3.3.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"libtiff-progs-4.0.1-3.3.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo