Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.SUSE_LIBLCMS-6049.NASL
HistoryMar 24, 2009 - 12:00 a.m.

openSUSE 10 Security Update : liblcms (liblcms-6049)

2009-03-2400:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
16
JSON

Specially crafted image files could cause an integer overflow in lcms.
Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update liblcms-6049.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(36007);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733");

  script_name(english:"openSUSE 10 Security Update : liblcms (liblcms-6049)");
  script_summary(english:"Check for the liblcms-6049 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Specially crafted image files could cause an integer overflow in lcms.
Attackers could potentially exploit that to crash applications using
lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581,
CVE-2009-0733)."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected liblcms packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(119, 189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.3", reference:"liblcms-1.16-39.4") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"liblcms-devel-1.16-39.4") ) flag++;
if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"liblcms-32bit-1.16-39.4") ) flag++;
if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"liblcms-devel-32bit-1.16-39.4") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "liblcms / liblcms-32bit / liblcms-devel / liblcms-devel-32bit");
}
VendorProductVersionCPE
novellopensuseliblcmsp-cpe:/a:novell:opensuse:liblcms
novellopensuseliblcms-32bitp-cpe:/a:novell:opensuse:liblcms-32bit
novellopensuseliblcms-develp-cpe:/a:novell:opensuse:liblcms-devel
novellopensuseliblcms-devel-32bitp-cpe:/a:novell:opensuse:liblcms-devel-32bit
novellopensuse10.3cpe:/o:novell:opensuse:10.3

Related

nessus 27
oraclelinux 2
fedora 9
openvas 57
ubuntu 1
seebug 1
debian 3
osv 2
slackware 1
redhat 2
securityvulns 3
gentoo 1
ubuntucve 3
veracode 3
prion 3
cve 3
centos 1
nessus
nessus
Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 (2009-3034)
2009-03-27 00:00:00
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-603)
2009-07-21 00:00:00
SuSE 10 Security Update : liblcms (ZYPP Patch Number 6048)
2009-09-24 00:00:00
oraclelinux
oraclelinux
lcms security update
2009-03-19 00:00:00
java-1.6.0-openjdk security update
2009-04-07 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-11.b14.fc10
2009-03-24 05:31:44
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9
2009-03-25 16:13:51
[SECURITY] Fedora 10 Update: lcms-1.18-1.fc10
2009-03-23 15:53:15
openvas
openvas
Fedora Core 9 FEDORA-2009-2983 (java-1.6.0-openjdk)
2009-03-31 00:00:00
Debian: Security Advisory (DSA-1745-1)
2009-03-31 00:00:00
Fedora Core 9 FEDORA-2009-3034 (java-1.6.0-openjdk)
2009-03-31 00:00:00
ubuntu
ubuntu
LittleCMS vulnerabilities
2009-03-23 00:00:00
seebug
seebug
Little CMSε†…ε­˜ζ³„ιœ²εŠζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2009-03-23 00:00:00
debian
debian
[SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution
2009-03-20 09:17:19
[SECURITY] [DSA 1745-2] New lcms packages fix regression
2009-03-25 11:32:42
[SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution
2009-04-11 14:38:44
osv
osv
lcms - arbitrary code execution
2009-03-20 00:00:00
openjdk-6 - arbitrary code execution
2009-04-11 00:00:00
slackware
slackware
lcms
2009-03-24 16:43:23
redhat
redhat
(RHSA-2009:0339) Moderate: lcms security update
2009-03-19 00:00:00
(RHSA-2009:0377) Important: java-1.6.0-openjdk security update
2009-04-07 00:00:00
securityvulns
securityvulns
[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities
2009-04-20 00:00:00
lcms multiple security vulnerabilities
2009-05-25 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-04-20 00:00:00
gentoo
gentoo
LittleCMS: Multiple vulnerabilities
2009-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2009-0733
2009-03-23 00:00:00
CVE-2009-0581
2009-03-23 00:00:00
CVE-2009-0723
2009-03-23 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:30:32
Denial Of Service (DoS)
2020-04-10 00:30:31
Arbitrary Code Execution
2020-04-10 00:30:32
prion
prion
Memory corruption
2009-03-23 14:19:00
Stack overflow
2009-03-23 14:19:00
Integer overflow
2009-03-23 14:19:00
cve
cve
CVE-2009-0581
2009-03-23 14:19:00
CVE-2009-0733
2009-03-23 14:19:00
CVE-2009-0723
2009-03-23 14:19:00
centos
centos
java security update
2009-04-08 11:56:07
JSON
Related for SUSE_LIBLCMS-6049.NASL
nessus27oraclelinux2fedora9openvas57ubuntu1seebug1debian3osv2slackware1redhat2securityvulns3gentoo1ubuntucve3veracode3prion3cve3centos1