Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED-LIBEXIF-RHEL6.NASL
HistoryMay 11, 2024 - 12:00 a.m.

RHEL 6 : libexif (Unpatched Vulnerability)

2024-05-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
rhel 6
libexif
unpatched vulnerability
integer overflow
information disclosure
out-of-bounds read
out-of-bounds write
denial of service

9.3 High

AI Score

Confidence

High

0.11 Low

EPSS

Percentile

95.1%

JSON

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452)

  • A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications’ private data). (CVE-2016-6328)

  • libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. (CVE-2017-7544)

  • An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. (CVE-2018-20030)

  • In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 (CVE-2019-9278)

  • In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 (CVE-2020-0093)

  • In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 (CVE-2020-0181)

  • In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.
    User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:
    A-147140917 (CVE-2020-0182)

  • In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow.
    This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 (CVE-2020-0198)

  • exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. (CVE-2020-12767)

  • An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. (CVE-2020-13113)

  • An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. (CVE-2020-13114)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory libexif. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(195504);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");

  script_cve_id(
    "CVE-2016-6328",
    "CVE-2017-7544",
    "CVE-2018-20030",
    "CVE-2019-9278",
    "CVE-2020-0093",
    "CVE-2020-0181",
    "CVE-2020-0182",
    "CVE-2020-0198",
    "CVE-2020-0452",
    "CVE-2020-12767",
    "CVE-2020-13113",
    "CVE-2020-13114"
  );

  script_name(english:"RHEL 6 : libexif (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452)

  - A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input
    file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap
    chunk metadata, even other applications' private data). (CVE-2016-6328)

  - libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry
    function in libexif/exif-data.c caused by improper length computation of the allocated data of an
    ExifMnote entry which can cause denial-of-service or possibly information disclosure. (CVE-2017-7544)

  - An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version
    0.6.21 can be exploited to exhaust available CPU resources. (CVE-2018-20030)

  - In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote
    escalation of privilege in the media content provider with no additional execution privileges needed. User
    interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
    (CVE-2019-9278)

  - In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing
    bounds check. This could lead to local information disclosure with no additional execution privileges
    needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1
    Android-9 Android-10Android ID: A-148705132 (CVE-2020-0093)

  - In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer
    overflow. This could lead to remote denial of service with no additional execution privileges needed. User
    interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076
    (CVE-2020-0181)

  - In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds
    check. This could lead to local information disclosure with no additional execution privileges needed.
    User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:
    A-147140917 (CVE-2020-0182)

  - In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow.
    This could lead to remote denial of service with no additional execution privileges needed. User
    interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941
    (CVE-2020-0198)

  - exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. (CVE-2020-12767)

  - An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling
    could lead to crashes and potential use-after-free conditions. (CVE-2020-13113)

  - An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote
    data could lead to consumption of large amounts of compute time for decoding EXIF data. (CVE-2020-13114)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0452");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libexif");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'libexif', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'libexif'}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libexif');
}
VendorProductVersionCPE
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux8cpe:/o:redhat:enterprise_linux:8
redhatenterprise_linuxlibexifp-cpe:/a:redhat:enterprise_linux:libexif

Related

nessus 62
oraclelinux 3
redhat 2
freebsd 1
openvas 49
suse 2
centos 1
amazon 1
slackware 1
osv 14
debian 5
gentoo 2
cloudfoundry 3
ubuntu 3
mageia 4
fedora 6
ubuntucve 6
nvd 4
debiancve 5
alpinelinux 4
veracode 5
cvelist 4
redhatcve 4
cve 3
prion 5
nessus
nessus
RHEL 5 : libexif (Unpatched Vulnerability)
2024-05-11 00:00:00
NewStart CGSL MAIN 6.02 : libexif Multiple Vulnerabilities (NS-SA-2021-0068)
2021-03-10 00:00:00
RHEL 8 : libexif (RHSA-2020:4766)
2020-11-19 00:00:00
oraclelinux
oraclelinux
libexif security, bug fix, and enhancement update
2020-11-10 00:00:00
libexif security, bug fix, and enhancement update
2020-10-06 00:00:00
libexif security update
2020-12-14 00:00:00
redhat
redhat
(RHSA-2020:4766) Moderate: libexif security, bug fix, and enhancement update
2020-11-03 12:34:21
(RHSA-2020:4040) Moderate: libexif security, bug fix, and enhancement update
2020-09-29 07:53:57
freebsd
freebsd
libexif -- multiple vulnerabilities
2020-05-18 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2020-140-02)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1534-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1553-1)
2021-06-09 00:00:00
suse
suse
Security update for libexif (moderate)
2020-06-11 00:00:00
Security update for libexif (moderate)
2020-03-01 00:00:00
centos
centos
libexif security update
2020-10-20 18:21:32
amazon
amazon
Medium: libexif
2020-10-22 18:12:00
slackware
slackware
[slackware-security] libexif
2020-05-19 20:20:39
osv
osv
libexif - security update
2020-05-18 00:00:00
libexif - security update
2020-05-28 00:00:00
libexif - security update
2020-02-10 00:00:00
debian
debian
[SECURITY] [DLA 2214-1] libexif security update
2020-05-18 05:12:48
[SECURITY] [DLA 2222-1] libexif security update
2020-05-28 14:29:51
[SECURITY] [DLA 2249-1] libexif security update
2020-06-13 16:11:29
gentoo
gentoo
libexif: Multiple vulnerabilities
2020-07-26 00:00:00
libexif: Multiple vulnerabilities
2020-11-16 00:00:00
cloudfoundry
cloudfoundry
USN-4277-1: libexif vulnerabilities | Cloud Foundry
2020-02-20 00:00:00
USN-4396-1: libexif vulnerabilities | Cloud Foundry
2020-06-24 00:00:00
USN-4358-1: libexif vulnerabilities | Cloud Foundry
2020-06-24 00:00:00
ubuntu
ubuntu
libexif vulnerabilities
2020-02-11 00:00:00
libexif vulnerabilities
2020-06-16 00:00:00
libexif vulnerabilities
2020-05-13 00:00:00
mageia
mageia
Updated libexif packages fix security vulnerability
2020-05-27 22:06:44
Updated libvpx packages fix security vulnerability
2018-02-06 09:25:44
Updated libexif packages fix security vulnerability
2019-02-21 01:18:01
fedora
fedora
[SECURITY] Fedora 32 Update: libexif-0.6.22-2.fc32
2020-11-25 01:42:52
[SECURITY] Fedora 33 Update: libexif-0.6.22-3.fc33
2020-11-14 01:13:14
[SECURITY] Fedora 26 Update: libexif-0.6.21-14.fc26
2018-01-09 16:51:40
ubuntucve
ubuntucve
CVE-2020-0181
2020-06-11 00:00:00
CVE-2017-7544
2017-09-21 00:00:00
CVE-2016-6328
2018-10-31 00:00:00
nvd
nvd
CVE-2020-13114
2020-05-21 16:15:10
CVE-2017-7544
2017-09-21 21:29:00
CVE-2016-6328
2018-10-31 22:29:00
debiancve
debiancve
CVE-2017-7544
2017-09-21 21:29:00
CVE-2016-6328
2018-10-31 22:29:00
CVE-2018-20030
2019-02-20 17:29:00
alpinelinux
alpinelinux
CVE-2017-7544
2017-09-21 21:29:00
CVE-2016-6328
2018-10-31 22:29:00
CVE-2019-9278
2019-09-27 19:15:19
veracode
veracode
Information Disclosure
2018-11-02 01:50:10
Divide-by-zero Error
2020-10-01 03:51:25
Denial Of Service (DoS)
2019-02-21 04:43:33
cvelist
cvelist
CVE-2016-6328
2018-10-31 21:00:00
CVE-2017-7544
2017-09-21 20:00:00
CVE-2018-20030
2018-10-12 00:00:00
redhatcve
redhatcve
CVE-2018-20030
2019-01-07 09:49:35
CVE-2017-7544
2017-09-21 16:20:45
CVE-2019-9278
2020-01-08 16:05:57
cve
cve
CVE-2018-20030
2019-02-20 17:29:00
CVE-2017-7544
2017-09-21 21:29:00
CVE-2016-6328
2018-10-31 22:29:00
prion
prion
Heap overflow
2017-09-21 21:29:00
Code injection
2019-02-20 17:29:00
Integer overflow
2018-10-31 22:29:00

9.3 High

AI Score

Confidence

High

0.11 Low

EPSS

Percentile

95.1%

JSON
Related for REDHAT_UNPATCHED-LIBEXIF-RHEL6.NASL
nessus62oraclelinux3redhat2freebsd1openvas49suse2centos1amazon1slackware1osv14debian5gentoo2cloudfoundry3ubuntu3mageia4fedora6ubuntucve6nvd4debiancve5alpinelinux4veracode5cvelist4redhatcve4cve3prion5