openSUSE 10 Security Update : libpng (libpng-2322)

2007-10-17T00:00:00
ID SUSE_LIBPNG-2322.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
Modified 2007-10-17T00:00:00

Description

The sPLT chunk handling in libpng was incorrect and a handcrafted PNG file could be use to cause an out-of-bounds read, effectively crashing the PNG viewer or webbrowser. (CVE-2006-5793)

Additionaly a 2 byte stackoverflow was fixed which we do not believe to be exploitable. It will cause an abort of the viewer or webbrowser in SUSE Linux 10.0 and newer due to string overflow checking. (CVE-2006-3334)

                                        
                                            #%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libpng-2322.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27329);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-3334", "CVE-2006-5793");

  script_name(english:"openSUSE 10 Security Update : libpng (libpng-2322)");
  script_summary(english:"Check for the libpng-2322 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The sPLT chunk handling in libpng was incorrect and a handcrafted PNG
file could be use to cause an out-of-bounds read, effectively crashing
the PNG viewer or webbrowser. (CVE-2006-5793)

Additionaly a 2 byte stackoverflow was fixed which we do not believe
to be exploitable. It will cause an abort of the viewer or webbrowser
in SUSE Linux 10.0 and newer due to string overflow checking.
(CVE-2006-3334)"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libpng packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/11/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"libpng-1.2.8-19.5") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"libpng-devel-1.2.8-19.5") ) flag++;
if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"libpng-32bit-1.2.8-19.5") ) flag++;
if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"libpng-devel-32bit-1.2.8-19.5") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng");
}