Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1402-1.NASL
HistoryMar 23, 2012 - 12:00 a.m.

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libpng vulnerability (USN-1402-1)

2012-03-2300:00:00
Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1402-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58443);
  script_version("1.9");
  script_cvs_date("Date: 2019/09/19 12:54:27");

  script_cve_id("CVE-2011-3045");
  script_bugtraq_id(52453);
  script_xref(name:"USN", value:"1402-1");

  script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libpng vulnerability (USN-1402-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that libpng did not properly process compressed
chunks. If a user or automated system using libpng were tricked into
opening a specially crafted image, an attacker could exploit this to
cause a denial of service or execute code with the privileges of the
user invoking the program.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1402-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libpng12-0 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng12-0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/23");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"libpng12-0", pkgver:"1.2.15~beta5-3ubuntu0.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libpng12-0", pkgver:"1.2.42-1ubuntu2.4")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libpng12-0", pkgver:"1.2.44-1ubuntu0.3")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"libpng12-0", pkgver:"1.2.44-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"libpng12-0", pkgver:"1.2.46-3ubuntu1.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng12-0");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibpng12-0p-cpe:/a:canonical:ubuntu_linux:libpng12-0
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux10.10cpe:/o:canonical:ubuntu_linux:10.10
canonicalubuntu_linux11.04cpe:/o:canonical:ubuntu_linux:11.04
canonicalubuntu_linux11.10cpe:/o:canonical:ubuntu_linux:11.10
canonicalubuntu_linux8.04cpe:/o:canonical:ubuntu_linux:8.04:-:lts

Related

nessus 22
veracode 1
openvas 48
redhat 2
ubuntu 1
oraclelinux 1
altlinux 1
centos 1
fedora 10
checkpoint_advisories 1
amazon 1
debian 1
prion 1
cve 1
ubuntucve 1
securityvulns 1
slackware 1
threatpost 1
suse 1
gentoo 1
chrome 1
freebsd 1
ibm 1
nessus
nessus
Fedora 16 : libpng-1.2.48-1.fc16 (2012-3739)
2012-03-26 00:00:00
Fedora 15 : libpng10-1.0.58-1.fc15 (2012-3536)
2012-03-19 00:00:00
openSUSE Security Update : libpng12 / libpng14 (openSUSE-SU-2012:0432-1)
2014-06-13 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:11:53
openvas
openvas
Fedora Update for libpng10 FEDORA-2012-3507
2012-08-30 00:00:00
Mandriva Update for libpng MDVSA-2012:033 (libpng)
2012-08-03 00:00:00
RedHat Update for libpng RHSA-2012:0407-01
2012-03-22 00:00:00
redhat
redhat
(RHSA-2012:0407) Moderate: libpng security update
2012-03-20 00:00:00
(RHSA-2012:0488) Important: rhev-hypervisor5 security and bug fix update
2012-04-17 00:00:00
ubuntu
ubuntu
libpng vulnerability
2012-03-22 00:00:00
oraclelinux
oraclelinux
libpng security update
2012-03-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package libpng version 1.2.48-alt1
2012-03-23 00:00:00
centos
centos
libpng security update
2012-03-20 23:39:58
fedora
fedora
[SECURITY] Fedora 17 Update: libpng-1.5.9-1.fc17
2012-03-16 21:25:52
[SECURITY] Fedora 17 Update: libpng10-1.0.58-1.fc17
2012-03-13 18:44:11
[SECURITY] Fedora 16 Update: libpng-1.2.48-1.fc16
2012-03-24 00:42:16
checkpoint_advisories
checkpoint_advisories
libpng png_inflate Buffer Overflow (CVE-2011-3045)
2012-05-14 00:00:00
amazon
amazon
Medium: libpng
2012-03-23 14:13:00
debian
debian
[SECURITY] [DSA 2439-1] libpng security update
2012-03-22 22:22:28
prion
prion
Integer overflow
2012-03-22 16:55:00
cve
cve
CVE-2011-3045
2012-03-22 16:55:00
ubuntucve
ubuntucve
CVE-2011-3045
2012-03-20 00:00:00
securityvulns
securityvulns
libpng integer overflow
2012-02-22 00:00:00
slackware
slackware
[slackware-security] libpng
2012-07-25 03:00:37
threatpost
threatpost
Six High-Risk Flaws Fixed in Google Chrome
2012-03-22 11:55:24
suse
suse
update for chromium, v8 (important)
2012-04-04 18:08:16
gentoo
gentoo
libpng: Multiple vulnerabilities
2012-06-22 00:00:00
chrome
chrome
Stable Channel Update
2012-03-21 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-03-21 00:00:00
ibm
ibm
Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS
2022-06-03 14:32:29
JSON
Related for UBUNTU_USN-1402-1.NASL
nessus22veracode1openvas48redhat2ubuntu1oraclelinux1altlinux1centos1fedora10checkpoint_advisories1amazon1debian1prion1cve1ubuntucve1securityvulns1slackware1threatpost1suse1gentoo1chrome1freebsd1ibm1