Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-4371-1.NASL
HistoryNov 07, 2023 - 12:00 a.m.

SUSE SLES12 Security Update : tiff (SUSE-SU-2023:4371-1)

2023-11-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
suse sles12
tiff vulnerabilities
denial-of-service
arbitrary code
libtiff 4.0.10
libtiff 4.5.0
heap buffer overflow
buffer overflow
segmentation fault
cve-2020-18768
cve-2023-25433
cve-2023-26966
cve-2023-2908
cve-2023-3316
cve-2023-3576
cve-2023-3618
security update
nessus scanner.

7.3 High

AI Score

Confidence

High

JSON

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4371-1 advisory.

  • There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. (CVE-2020-18768)

  • libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)

  • libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. (CVE-2023-26966)

  • A null pointer dereference issue was found in Libtiff’s tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
    (CVE-2023-2908)

  • A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)

  • A memory leak flaw was found in Libtiff’s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
    (CVE-2023-3576)

  • A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
    (CVE-2023-3618)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:4371-1. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(184800);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");

  script_cve_id(
    "CVE-2020-18768",
    "CVE-2023-2908",
    "CVE-2023-3316",
    "CVE-2023-3576",
    "CVE-2023-3618",
    "CVE-2023-25433",
    "CVE-2023-26966",
    "CVE-2023-38288",
    "CVE-2023-38289"
  );
  script_xref(name:"SuSE", value:"SUSE-SU-2023:4371-1");

  script_name(english:"SUSE SLES12 Security Update : tiff (SUSE-SU-2023:4371-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:4371-1 advisory.

  - There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an
    attacker to cause a denial-of-service through a crafted tiff file. (CVE-2020-18768)

  - libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of
    buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)

  - libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian
    TIFF file and specifies the output to be big-endian. (CVE-2023-26966)

  - A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker
    to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes
    undefined behavior. This will result in an application crash, eventually leading to a denial of service.
    (CVE-2023-2908)

  - A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path
    or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)

  - A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a
    TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes
    this memory leak issue, resulting an application crash, eventually leading to a denial of service.
    (CVE-2023-3576)

  - A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a
    buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
    (CVE-2023-3618)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212535");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212881");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212883");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212888");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213273");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213274");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213589");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213590");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214574");
  # https://lists.suse.com/pipermail/sle-security-updates/2023-November/016999.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3fdc180a");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-18768");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-25433");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-26966");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2908");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3316");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3576");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3618");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-38288");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-38289");
  script_set_attribute(attribute:"solution", value:
"Update the affected libtiff-devel, libtiff5, libtiff5-32bit and / or tiff packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3618");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tiff");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'libtiff-devel-4.0.9-44.71.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
    {'reference':'libtiff5-32bit-4.0.9-44.71.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
    {'reference':'libtiff5-4.0.9-44.71.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
    {'reference':'tiff-4.0.9-44.71.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
    {'reference':'libtiff-devel-4.0.9-44.71.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
    {'reference':'libtiff5-32bit-4.0.9-44.71.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
    {'reference':'libtiff5-4.0.9-44.71.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
    {'reference':'tiff-4.0.9-44.71.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff-devel / libtiff5 / libtiff5-32bit / tiff');
}
VendorProductVersionCPE
novellsuse_linuxlibtiff-develp-cpe:/a:novell:suse_linux:libtiff-devel
novellsuse_linuxlibtiff5p-cpe:/a:novell:suse_linux:libtiff5
novellsuse_linuxlibtiff5-32bitp-cpe:/a:novell:suse_linux:libtiff5-32bit
novellsuse_linuxtiffp-cpe:/a:novell:suse_linux:tiff
novellsuse_linux12cpe:/o:novell:suse_linux:12

References

Related

openvas 38
nessus 48
debian 3
ubuntu 3
osv 16
mageia 1
cloudfoundry 2
almalinux 2
oraclelinux 2
redhat 4
photon 4
ibm 4
ubuntucve 9
prion 9
cve 9
veracode 6
redhatcve 9
debiancve 9
cbl_mariner 10
amazon 8
alpinelinux 1
redos 1
hp 1
openvas
openvas
openSUSE: Security Advisory for tiff (SUSE-SU-2023:4370-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4371-1)
2023-11-07 00:00:00
Debian: Security Advisory (DLA-3513-1)
2023-08-01 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tiff (SUSE-SU-2023:4370-1)
2023-11-07 00:00:00
Debian DLA-3513-1 : tiff - LTS security update
2023-08-01 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : LibTIFF vulnerabilities (USN-6290-1)
2023-08-16 00:00:00
debian
debian
[SECURITY] [DLA 3513-1] tiff security update
2023-07-31 23:56:45
[SECURITY] [DLA 3758-1] tiff security update
2024-03-11 12:38:50
[SECURITY] [DSA 5567-1] tiff security update
2023-11-27 05:04:24
ubuntu
ubuntu
LibTIFF vulnerabilities
2023-08-15 00:00:00
LibTIFF vulnerabilities
2023-07-13 00:00:00
LibTIFF vulnerabilities
2023-11-23 00:00:00
osv
osv
tiff vulnerabilities
2023-08-15 21:02:25
tiff - security update
2023-07-31 00:00:00
tiff vulnerabilities
2023-07-13 17:32:04
mageia
mageia
Updated libtiff packages fix security vulnerability
2023-09-11 16:07:54
cloudfoundry
cloudfoundry
USN-6229-1: LibTIFF vulnerabilities | Cloud Foundry
2023-08-10 00:00:00
USN-6512-1: LibTIFF vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-11-07 00:00:00
Moderate: libtiff security update
2024-04-30 00:00:00
oraclelinux
oraclelinux
libtiff security update
2023-11-11 00:00:00
libtiff security update
2024-05-02 00:00:00
redhat
redhat
(RHSA-2023:6575) Moderate: libtiff security update
2023-11-07 06:08:53
(RHSA-2024:2289) Moderate: libtiff security update
2024-04-30 06:15:17
(RHSA-2024:1027) Moderate: Migration Toolkit for Applications security update
2024-02-28 18:11:53
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0610
2023-07-07 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0044
2023-07-05 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0607
2023-07-04 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Datacap
2023-12-08 13:45:04
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities in libtiff
2023-07-27 15:49:30
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Libtiff
2024-02-28 22:30:09
ubuntucve
ubuntucve
CVE-2023-38288
2023-07-31 00:00:00
CVE-2023-38289
2023-07-31 00:00:00
CVE-2020-18768
2023-08-22 00:00:00
prion
prion
Security feature bypass
2023-08-24 09:15:00
Heap overflow
2023-08-22 19:15:00
Security feature bypass
2023-08-24 09:15:00
cve
cve
CVE-2020-18768
2023-08-22 19:15:00
CVE-2023-38289
2023-08-24 09:15:10
CVE-2023-38288
2023-08-24 09:15:10
veracode
veracode
Denial Of Service (DoS)
2023-10-10 09:32:59
Heap-based Buffer Overflow
2023-07-11 13:11:55
Buffer Overflow
2023-07-10 11:18:10
redhatcve
redhatcve
CVE-2023-25433
2023-07-10 15:20:56
CVE-2023-38289
2023-07-24 07:41:38
CVE-2023-38288
2023-07-24 07:16:17
debiancve
debiancve
CVE-2023-38288
2023-08-01 06:03:07
CVE-2023-38289
2023-08-24 09:15:00
CVE-2020-18768
2023-08-22 19:15:00
cbl_mariner
cbl_mariner
CVE-2023-38289 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2023-38288 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2023-25433 affecting package libtiff for versions less than 4.5.1-1
2023-08-03 02:51:21
amazon
amazon
Medium: libtiff
2023-07-19 22:14:00
Medium: libtiff
2023-07-20 17:28:00
Medium: libtiff
2023-07-17 17:39:00
alpinelinux
alpinelinux
CVE-2023-3316
2023-06-19 12:15:09
redos
redos
ROS-20230908-06
2023-09-08 00:00:00
hp
hp
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00

7.3 High

AI Score

Confidence

High

JSON
Related for SUSE_SU-2023-4371-1.NASL
openvas38nessus48debian3ubuntu3osv16mageia1cloudfoundry2almalinux2oraclelinux2redhat4photon4ibm4ubuntucve9prion9cve9veracode6redhatcve9debiancve9cbl_mariner10amazon8alpinelinux1redos1hp1