MiracleLinux 4 : gimp-2.6.9-4.1.0.1.AXS4 (AXSA:2011-685:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2011-685:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284464);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2010-4540",
    "CVE-2010-4541",
    "CVE-2010-4542",
    "CVE-2010-4543"
  );

  script_name(english:"MiracleLinux 4 : gimp-2.6.9-4.1.0.1.AXS4 (AXSA:2011-685:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2011-685:01 advisory.

    GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be
    extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and
    filters you would expect to find in similar commercial offerings, and some interesting extras as well.
    GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-
    pixel imaging and anti-aliasing, and conversions, all with multi-level undo.
    Security issues fixed with this release:
    CVE-2010-4540
    Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the
    LIGHTING EFFECTS > LIGHT plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of
    service (application crash) or possibly execute arbitrary code via a long Position field in a plugin
    configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted
    source that is separate from the distribution of the plugin itself. NOTE: some of these details are
    obtained from third party information.
    CVE-2010-4541
    Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE
    DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code via a long Number of lights field in a plugin
    configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted
    source that is separate from the distribution of the plugin itself.
    CVE-2010-4542
    Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in
    the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin
    configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted
    source that is separate from the distribution of the plugin itself. NOTE: some of these details are
    obtained from third party information.
    CVE-2010-4543
    Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP)
    plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly
    execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at
    the end of the image. NOTE: some of these details are obtained from third party information.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/2403");
  script_set_attribute(attribute:"solution", value:
"Update the affected gimp, gimp-help-browser and / or gimp-libs packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-4541");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2010-4543");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:gimp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:gimp-help-browser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:gimp-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'gimp-2.6.9-4.1.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'gimp-2.6.9-4.1.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'gimp-help-browser-2.6.9-4.1.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'gimp-help-browser-2.6.9-4.1.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'gimp-libs-2.6.9-4.1.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'gimp-libs-2.6.9-4.1.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gimp / gimp-help-browser / gimp-libs');
}