Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_FREETYPE2-7121.NASL
HistoryOct 11, 2010 - 12:00 a.m.

SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)

2010-10-1100:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :

  • stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797)

  • integer underflow. (CVE-2010-2497)

  • invalid free. (CVE-2010-2498)

  • buffer overflow. (CVE-2010-2499)

  • integer overflow. (CVE-2010-2500)

  • heap buffer overflow. (CVE-2010-2519)

  • heap buffer overflow. (CVE-2010-2520)

  • buffer overflows in the freetype demo. (CVE-2010-2527)

  • buffer overflow in ftmulti demo program. (CVE-2010-2541)

  • improper bounds checking. (CVE-2010-2805)

  • improper bounds checking. (CVE-2010-2806)

  • improper type comparisons. (CVE-2010-2807)

  • memory corruption flaw by processing certain LWFN fonts.
    (CVE-2010-2808)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(49854);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808");

  script_name(english:"SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of freetype2 fixes several vulnerabilities that could lead
to remote system compromise by executing arbitrary code with user
privileges :

  - stack-based buffer overflow while processing CFF
    opcodes. (CVE-2010-1797)

  - integer underflow. (CVE-2010-2497)

  - invalid free. (CVE-2010-2498)

  - buffer overflow. (CVE-2010-2499)

  - integer overflow. (CVE-2010-2500)

  - heap buffer overflow. (CVE-2010-2519)

  - heap buffer overflow. (CVE-2010-2520)

  - buffer overflows in the freetype demo. (CVE-2010-2527)

  - buffer overflow in ftmulti demo program. (CVE-2010-2541)

  - improper bounds checking. (CVE-2010-2805)

  - improper bounds checking. (CVE-2010-2806)

  - improper type comparisons. (CVE-2010-2807)

  - memory corruption flaw by processing certain LWFN fonts.
    (CVE-2010-2808)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1797.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2497.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2498.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2499.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2500.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2519.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2520.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2527.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2541.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2805.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2806.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2807.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2808.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7121.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:3, reference:"freetype2-2.1.10-18.22.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"freetype2-devel-2.1.10-18.22.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"freetype2-32bit-2.1.10-18.22.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"freetype2-devel-32bit-2.1.10-18.22.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"freetype2-2.1.10-18.22.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"freetype2-devel-2.1.10-18.22.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"freetype2-32bit-2.1.10-18.22.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"freetype2-devel-32bit-2.1.10-18.22.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

nessus 39
openvas 55
fedora 4
n0where 1
debian 3
securityvulns 4
oraclelinux 5
centos 4
ubuntu 2
redhat 6
osv 1
gentoo 1
suse 1
ubuntucve 14
cve 14
prion 15
veracode 10
debiancve 14
seebug 2
exploitpack 1
packetstorm 1
cert 1
exploitdb 1
nessus
nessus
SuSE9 Security Update : freetype2 (YOU Patch Number 12630)
2010-08-27 00:00:00
openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)
2014-06-13 00:00:00
SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)
2010-12-02 00:00:00
openvas
openvas
Fedora Update for freetype FEDORA-2010-15785
2010-11-16 00:00:00
Fedora Update for freetype FEDORA-2010-15785
2010-11-16 00:00:00
FreeType Memory Corruption and Buffer Overflow Vulnerabilities - Windows
2010-09-01 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13
2010-10-19 07:23:19
[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12
2010-11-01 20:53:44
[SECURITY] Fedora 13 Update: freetype-2.3.11-7.fc13
2010-11-21 21:52:29
n0where
n0where
General Purpose Fuzzing: Honggfuzz
2015-06-05 15:50:13
debian
debian
[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities
2010-07-14 20:04:45
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
securityvulns
securityvulns
[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities
2010-07-16 00:00:00
[USN-972-1] FreeType vulnerabilities
2010-08-19 00:00:00
freetype library multiple security vulnerabilities
2011-11-27 00:00:00
oraclelinux
oraclelinux
freetype security update
2010-07-30 00:00:00
freetype security update
2010-07-30 00:00:00
freetype security update
2010-11-16 00:00:00
centos
centos
freetype security update
2010-08-03 00:36:19
freetype security update
2010-08-16 21:19:51
freetype security update
2010-10-04 20:11:54
ubuntu
ubuntu
FreeType vulnerabilities
2010-07-20 00:00:00
FreeType vulnerabilities
2010-08-17 00:00:00
redhat
redhat
(RHSA-2010:0578) Important: freetype security update
2010-07-30 00:00:00
(RHSA-2010:0577) Important: freetype security update
2010-07-30 00:00:00
(RHSA-2010:0864) Important: freetype security update
2010-11-10 00:00:00
osv
osv
freetype - several vulnerabilities
2010-09-07 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-01-23 00:00:00
suse
suse
Security update for freetype2 (important)
2012-04-23 18:08:18
ubuntucve
ubuntucve
CVE-2010-2541
2010-08-12 00:00:00
CVE-2010-2527
2010-07-20 00:00:00
CVE-2010-2499
2010-07-20 00:00:00
cve
cve
CVE-2010-2527
2010-08-19 18:00:00
CVE-2010-2498
2010-08-19 18:00:00
CVE-2010-2499
2010-08-19 18:00:00
prion
prion
Buffer overflow
2010-08-19 18:00:00
Buffer overflow
2010-08-19 18:00:00
Integer overflow
2010-08-19 18:00:00
veracode
veracode
Buffer Overflow
2020-04-10 00:49:48
Arbitrary Code Execution
2020-04-10 00:49:49
Arbitrary Code Execution
2020-04-10 00:49:49
debiancve
debiancve
CVE-2010-2541
2010-08-19 18:00:00
CVE-2010-2499
2010-08-19 18:00:00
CVE-2010-2500
2010-08-19 18:00:00
seebug
seebug
Foxit Reader <= 4.0 pdf Jailbreak Exploit
2014-07-01 00:00:00
Foxit Reader &lt;= 4.0 pdf Jailbreak Exploit
2010-08-25 00:00:00
exploitpack
exploitpack
Foxit Reader 4.0 - .pdf Multiple Stack Based Buffer Overflow Jailbreak
2010-08-24 00:00:00
packetstorm
packetstorm
Foxit Reader 4.0 PDF Jailbreak
2010-08-26 00:00:00
cert
cert
FreeType 2 CFF font stack corruption vulnerability
2010-08-05 00:00:00
exploitdb
exploitdb
Foxit Reader 4.0 - &#039;.pdf&#039; Multiple Stack Based Buffer Overflow &#039;Jailbreak&#039;
2010-08-24 00:00:00
JSON
Related for SUSE_FREETYPE2-7121.NASL
nessus39openvas55fedora4n0where1debian3securityvulns4oraclelinux5centos4ubuntu2redhat6osv1gentoo1suse1ubuntucve14cve14prion15veracode10debiancve14seebug2exploitpack1packetstorm1cert1exploitdb1