The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1667-1 advisory.
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
(CVE-2022-0561)
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. (CVE-2022-0562)
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
(CVE-2022-0865)
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact (CVE-2022-0891)
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
(CVE-2022-0908)
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
(CVE-2022-0909)
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
(CVE-2022-0924)
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
(CVE-2022-1056)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:1667-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(161223);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2022-0561",
"CVE-2022-0562",
"CVE-2022-0865",
"CVE-2022-0891",
"CVE-2022-0908",
"CVE-2022-0909",
"CVE-2022-0924",
"CVE-2022-1056"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:1667-1");
script_name(english:"SUSE SLES12 Security Update : tiff (SUSE-SU-2022:1667-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:1667-1 advisory.
- Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in
tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF
file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
(CVE-2022-0561)
- Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c
in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users
that compile libtiff from sources, a fix is available with commit 561599c. (CVE-2022-0562)
- Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted
tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
(CVE-2022-0865)
- A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0
allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could
result into application crash, potential information disclosure or any other context-dependent impact
(CVE-2022-0891)
- Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in
tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
(CVE-2022-0908)
- Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
(CVE-2022-0909)
- Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
(CVE-2022-0924)
- Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
(CVE-2022-1056)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195964");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195965");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197066");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197068");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197072");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197073");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197631");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0561");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0562");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0865");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0891");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0908");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0909");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0924");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1056");
# https://lists.suse.com/pipermail/sle-security-updates/2022-May/011027.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c92ed81e");
script_set_attribute(attribute:"solution", value:
"Update the affected libtiff-devel, libtiff5, libtiff5-32bit and / or tiff packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0891");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tiff");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'libtiff-devel-4.0.9-44.48.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libtiff5-32bit-4.0.9-44.48.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libtiff5-4.0.9-44.48.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'tiff-4.0.9-44.48.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libtiff-devel-4.0.9-44.48.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libtiff5-32bit-4.0.9-44.48.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libtiff5-4.0.9-44.48.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'tiff-4.0.9-44.48.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff-devel / libtiff5 / libtiff5-32bit / tiff');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | libtiff-devel | p-cpe:/a:novell:suse_linux:libtiff-devel |
novell | suse_linux | libtiff5 | p-cpe:/a:novell:suse_linux:libtiff5 |
novell | suse_linux | libtiff5-32bit | p-cpe:/a:novell:suse_linux:libtiff5-32bit |
novell | suse_linux | tiff | p-cpe:/a:novell:suse_linux:tiff |
novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056
www.nessus.org/u?c92ed81e
bugzilla.suse.com/1195964
bugzilla.suse.com/1195965
bugzilla.suse.com/1197066
bugzilla.suse.com/1197068
bugzilla.suse.com/1197072
bugzilla.suse.com/1197073
bugzilla.suse.com/1197074
bugzilla.suse.com/1197631
www.suse.com/security/cve/CVE-2022-0561
www.suse.com/security/cve/CVE-2022-0562
www.suse.com/security/cve/CVE-2022-0865
www.suse.com/security/cve/CVE-2022-0891
www.suse.com/security/cve/CVE-2022-0908
www.suse.com/security/cve/CVE-2022-0909
www.suse.com/security/cve/CVE-2022-0924
www.suse.com/security/cve/CVE-2022-1056