Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1559-1.NASL
HistorySep 11, 2012 - 12:00 a.m.

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1)

2012-09-1100:00:00
Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236)

Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.
(CVE-2012-3403)

Matthias Weckbecker discovered that GIMP incorrectly handled malformed GIF image files. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.
(CVE-2012-3481).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1559-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(62037);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2012-3236", "CVE-2012-3403", "CVE-2012-3481");
  script_bugtraq_id(54246, 55101);
  script_xref(name:"USN", value:"1559-1");

  script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Joseph Sheridan discovered that GIMP incorrectly handled certain
malformed headers in FIT files. If a user were tricked into opening a
specially crafted FIT image file, an attacker could cause GIMP to
crash. (CVE-2012-3236)

Murray McAllister discovered that GIMP incorrectly handled malformed
KiSS palette files. If a user were tricked into opening a specially
crafted KiSS palette file, an attacker could cause GIMP to crash, or
possibly execute arbitrary code with the user's privileges.
(CVE-2012-3403)

Matthias Weckbecker discovered that GIMP incorrectly handled malformed
GIF image files. If a user were tricked into opening a specially
crafted GIF image file, an attacker could cause GIMP to crash, or
possibly execute arbitrary code with the user's privileges.
(CVE-2012-3481).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1559-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected gimp package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gimp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/09/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"gimp", pkgver:"2.6.8-2ubuntu1.5")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"gimp", pkgver:"2.6.11-1ubuntu6.3")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"gimp", pkgver:"2.6.11-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"gimp", pkgver:"2.6.12-1ubuntu1.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
}
VendorProductVersionCPE
canonicalubuntu_linuxgimpp-cpe:/a:canonical:ubuntu_linux:gimp
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux11.04cpe:/o:canonical:ubuntu_linux:11.04
canonicalubuntu_linux11.10cpe:/o:canonical:ubuntu_linux:11.10
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04:-:lts

Related

openvas 25
securityvulns 4
ubuntu 1
nessus 25
suse 4
kaspersky 1
fedora 4
osv 1
centos 2
redhat 2
oraclelinux 2
gentoo 1
debian 1
debiancve 3
ubuntucve 3
prion 3
cve 3
exploitpack 1
seebug 1
exploitdb 1
openvas
openvas
Ubuntu Update for gimp USN-1559-1
2012-09-11 00:00:00
Ubuntu: Security Advisory (USN-1559-1)
2012-09-11 00:00:00
SuSE Update for gimp openSUSE-SU-2012:1080-1 (gimp)
2012-12-13 00:00:00
securityvulns
securityvulns
gimp multiple security vulnereabilities
2012-09-19 00:00:00
[USN-1559-1] GIMP vulnerabilities
2012-09-19 00:00:00
[ MDVSA-2012:142 ] gimp
2012-08-27 00:00:00
ubuntu
ubuntu
GIMP vulnerabilities
2012-09-10 00:00:00
nessus
nessus
openSUSE Security Update : gimp (openSUSE-SU-2012:1080-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : gimp (MDVSA-2013:082)
2013-04-20 00:00:00
Mandriva Linux Security Advisory : gimp (MDVSA-2012:142)
2012-09-06 00:00:00
suse
suse
gimp to fix various issues (important)
2012-09-03 11:09:17
Security update for gimp (important)
2012-08-23 16:08:28
Security update for gimp (important)
2012-08-24 23:08:35
kaspersky
kaspersky
KLA10167 DoS vulnerabilities in GIMP
2012-08-25 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: gimp-2.8.2-1.fc17
2012-08-28 23:28:57
[SECURITY] Fedora 16 Update: gimp-2.6.12-2.fc16
2012-09-02 00:25:41
[SECURITY] Fedora 18 Update: gimp-2.8.2-1.fc18
2012-09-17 23:09:59
osv
osv
gimp - several
2013-12-09 00:00:00
centos
centos
gimp security update
2012-08-20 16:23:59
gimp security update
2012-08-20 15:14:54
redhat
redhat
(RHSA-2012:1180) Moderate: gimp security update
2012-08-20 00:00:00
(RHSA-2012:1181) Moderate: gimp security update
2012-08-20 00:00:00
oraclelinux
oraclelinux
gimp security update
2012-08-20 00:00:00
gimp security update
2012-08-20 00:00:00
gentoo
gentoo
GIMP: Multiple vulnerabilities
2013-11-10 00:00:00
debian
debian
[SECURITY] [DSA 2813-1] gimp security update
2013-12-09 17:12:13
debiancve
debiancve
CVE-2012-3236
2012-07-12 21:55:00
CVE-2012-3403
2012-08-25 10:29:00
CVE-2012-3481
2012-08-25 10:29:00
ubuntucve
ubuntucve
CVE-2012-3403
2012-08-25 00:00:00
CVE-2012-3236
2012-06-29 00:00:00
CVE-2012-3481
2012-08-25 00:00:00
prion
prion
Null pointer dereference
2012-07-12 21:55:00
Heap overflow
2012-08-25 10:29:00
Integer overflow
2012-08-25 10:29:00
cve
cve
CVE-2012-3236
2012-07-12 21:55:00
CVE-2012-3403
2012-08-25 10:29:00
CVE-2012-3481
2012-08-25 10:29:00
exploitpack
exploitpack
GIMP 2.8.0 - .FIT File Format Denial of Service
2012-06-30 00:00:00
seebug
seebug
GIMP 2.8.0 FIT File Format DoS
2014-07-01 00:00:00
exploitdb
exploitdb
GIMP 2.8.0 - &#039;.FIT&#039; File Format Denial of Service
2012-06-30 00:00:00
JSON
Related for UBUNTU_USN-1559-1.NASL
openvas25securityvulns4ubuntu1nessus25suse4kaspersky1fedora4osv1centos2redhat2oraclelinux2gentoo1debian1debiancve3ubuntucve3prion3cve3exploitpack1seebug1exploitdb1