Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20090211_NETPBM_ON_SL4_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60534);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-2721", "CVE-2008-3520");

  script_name(english:"Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An input validation flaw and multiple integer overflows were
discovered in the JasPer library providing support for JPEG-2000 image
format and used in the jpeg2ktopam and pamtojpeg2k converters. An
attacker could create a carefully-crafted JPEG file which could cause
jpeg2ktopam to crash or, possibly, execute arbitrary code as the user
running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0902&L=scientific-linux-errata&T=0&P=1130
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f647b0a3"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected netpbm, netpbm-devel and / or netpbm-progs
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/02/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"netpbm-10.25-2.1.el4_7.4")) flag++;
if (rpm_check(release:"SL4", reference:"netpbm-devel-10.25-2.1.el4_7.4")) flag++;
if (rpm_check(release:"SL4", reference:"netpbm-progs-10.25-2.1.el4_7.4")) flag++;

if (rpm_check(release:"SL5", reference:"netpbm-10.35-6.1.el5_3.1")) flag++;
if (rpm_check(release:"SL5", reference:"netpbm-devel-10.35-6.1.el5_3.1")) flag++;
if (rpm_check(release:"SL5", reference:"netpbm-progs-10.35-6.1.el5_3.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

openvas 54
nessus 28
centos 1
oraclelinux 1
redhat 2
ubuntu 4
securityvulns 5
prion 2
veracode 2
ubuntucve 3
debiancve 2
fedora 3
cve 2
gentoo 1
debian 1
freebsd 1
slackware 1
openvas
openvas
RedHat Security Advisory RHSA-2009:0012
2009-02-13 00:00:00
CentOS Security Advisory CESA-2009:0012 (netpbm)
2009-02-13 00:00:00
CentOS Security Advisory CESA-2009:0012 (netpbm)
2009-02-13 00:00:00
nessus
nessus
Oracle Linux 4 / 5 : netpbm (ELSA-2009-0012)
2013-07-12 00:00:00
CentOS 4 : netpbm (CESA-2009:0012)
2009-02-12 00:00:00
RHEL 4 / 5 : netpbm (RHSA-2009:0012)
2009-02-12 00:00:00
centos
centos
netpbm security update
2009-02-11 19:31:04
oraclelinux
oraclelinux
netpbm security update
2009-02-11 00:00:00
redhat
redhat
(RHSA-2009:0012) Moderate: netpbm security update
2009-02-11 00:00:00
(RHSA-2015:0698) Important: rhevm-spice-client security, bug fix, and enhancement update
2015-03-18 00:00:00
ubuntu
ubuntu
Ghostscript vulnerability
2007-10-22 00:00:00
jasper vulnerability
2007-08-21 00:00:00
JasPer vulnerabilities
2009-03-19 00:00:00
securityvulns
securityvulns
jasper library buffer overflow
2007-06-20 00:00:00
[ MDKSA-2007:129 ] - Updated jasper packages fix vulnerability
2007-06-20 00:00:00
[ GLSA 200812-18 ] JasPer: User-assisted execution of arbitrary code
2008-12-17 00:00:00
prion
prion
Design/Logic Flaw
2007-05-16 20:30:00
Integer overflow
2008-10-02 18:18:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:34:17
Arbitrary Code Execution
2020-04-10 00:34:17
ubuntucve
ubuntucve
CVE-2007-2721
2007-05-16 00:00:00
CVE-2008-3520
2008-10-02 00:00:00
CVE-2015-8751
2020-02-17 00:00:00
debiancve
debiancve
CVE-2007-2721
2007-05-16 20:30:00
CVE-2008-3520
2008-10-02 18:18:00
fedora
fedora
[SECURITY] Fedora 7 Update: jasper-1.900.1-2.fc7
2007-05-31 18:07:53
[SECURITY] Fedora 10 Update: jasper-1.900.1-13.fc10
2009-10-27 06:37:10
[SECURITY] Fedora 11 Update: jasper-1.900.1-13.fc11
2009-10-27 06:43:29
cve
cve
CVE-2007-2721
2007-05-16 20:30:00
CVE-2008-3520
2008-10-02 18:18:00
gentoo
gentoo
JasPer: User-assisted execution of arbitrary code
2008-12-16 00:00:00
debian
debian
[SECURITY] [DSA 2036-1] New jasper packages fix denial of service
2010-04-17 21:23:29
freebsd
freebsd
jasper -- buffer overflow
2011-12-09 00:00:00
slackware
slackware
[slackware-security] jasper
2015-10-29 22:48:48
JSON
Related for SL_20090211_NETPBM_ON_SL4_X.NASL
openvas54nessus28centos1oraclelinux1redhat2ubuntu4securityvulns5prion2veracode2ubuntucve3debiancve2fedora3cve2gentoo1debian1freebsd1slackware1