Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-972-1.NASL
HistoryAug 18, 2010 - 12:00 a.m.

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1)

2010-08-1800:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-972-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(48361);
  script_version("1.22");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-1797", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808");
  script_bugtraq_id(42241, 42285, 60740);
  script_xref(name:"USN", value:"972-1");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash or
possibly execute arbitrary code with user privileges.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/972-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected freetype2-demos, libfreetype6 and / or
libfreetype6-dev packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreetype6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/08/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06|8\.04|9\.04|9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"freetype2-demos", pkgver:"2.1.10-1ubuntu2.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libfreetype6", pkgver:"2.1.10-1ubuntu2.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libfreetype6-dev", pkgver:"2.1.10-1ubuntu2.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"freetype2-demos", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libfreetype6", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libfreetype6-dev", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"freetype2-demos", pkgver:"2.3.9-4ubuntu0.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libfreetype6", pkgver:"2.3.9-4ubuntu0.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libfreetype6-dev", pkgver:"2.3.9-4ubuntu0.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"freetype2-demos", pkgver:"2.3.9-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libfreetype6", pkgver:"2.3.9-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libfreetype6-dev", pkgver:"2.3.9-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"freetype2-demos", pkgver:"2.3.11-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libfreetype6", pkgver:"2.3.11-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libfreetype6-dev", pkgver:"2.3.11-1ubuntu2.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2-demos / libfreetype6 / libfreetype6-dev");
}
VendorProductVersionCPE
canonicalubuntu_linuxfreetype2-demosp-cpe:/a:canonical:ubuntu_linux:freetype2-demos
canonicalubuntu_linuxlibfreetype6p-cpe:/a:canonical:ubuntu_linux:libfreetype6
canonicalubuntu_linuxlibfreetype6-devp-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux6.06cpe:/o:canonical:ubuntu_linux:6.06:-:lts
canonicalubuntu_linux8.04cpe:/o:canonical:ubuntu_linux:8.04:-:lts
canonicalubuntu_linux9.04cpe:/o:canonical:ubuntu_linux:9.04
canonicalubuntu_linux9.10cpe:/o:canonical:ubuntu_linux:9.10

Related

securityvulns 4
openvas 55
ubuntu 1
nessus 42
debian 2
osv 1
redhat 7
oraclelinux 5
fedora 4
centos 5
ubuntucve 7
prion 8
debiancve 7
cve 8
veracode 5
gentoo 1
exploitpack 1
seebug 2
packetstorm 1
cert 1
exploitdb 1
threatpost 1
suse 1
securityvulns
securityvulns
[USN-972-1] FreeType vulnerabilities
2010-08-19 00:00:00
freetype library multiple security vulnerabilities
2011-11-27 00:00:00
[CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch
2010-11-10 00:00:00
openvas
openvas
Ubuntu Update for freetype vulnerabilities USN-972-1
2010-08-20 00:00:00
Ubuntu: Security Advisory (USN-972-1)
2010-08-20 00:00:00
Debian: Security Advisory (DSA-2105-1)
2023-03-08 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2010-08-17 00:00:00
nessus
nessus
Debian DSA-2105-1 : freetype - several vulnerabilities
2010-09-09 00:00:00
Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:157)
2010-08-23 00:00:00
Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:156)
2010-08-23 00:00:00
debian
debian
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
osv
osv
freetype - several vulnerabilities
2010-09-07 00:00:00
redhat
redhat
(RHSA-2010:0864) Important: freetype security update
2010-11-10 00:00:00
(RHSA-2010:0737) Important: freetype security update
2010-10-04 00:00:00
(RHSA-2010:0607) Important: freetype security update
2010-08-05 00:00:00
oraclelinux
oraclelinux
freetype security update
2010-11-16 00:00:00
freetype security update
2010-10-04 00:00:00
freetype security update
2010-08-05 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13
2010-10-19 07:23:19
[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12
2010-11-01 20:53:44
[SECURITY] Fedora 12 Update: freetype-2.3.11-7.fc12
2010-11-21 21:56:42
centos
centos
freetype security update
2010-10-04 20:11:54
freetype security update
2010-08-06 11:36:59
freetype security update
2010-08-16 21:19:51
ubuntucve
ubuntucve
CVE-2010-2541
2010-08-12 00:00:00
CVE-2010-2806
2010-08-12 00:00:00
CVE-2010-1797
2010-08-12 00:00:00
prion
prion
Buffer overflow
2010-08-19 18:00:00
Heap overflow
2010-08-19 18:00:00
Stack overflow
2010-08-16 18:39:00
debiancve
debiancve
CVE-2010-2541
2010-08-19 18:00:00
CVE-2010-2806
2010-08-19 18:00:00
CVE-2010-1797
2010-08-16 18:39:00
cve
cve
CVE-2010-2541
2010-08-19 18:00:00
CVE-2010-2806
2010-08-19 18:00:00
CVE-2010-1797
2010-08-16 18:39:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:49:49
Arbitrary Code Execution
2020-04-10 00:48:57
Arbitrary Code Execution
2020-04-10 00:47:01
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-01-23 00:00:00
exploitpack
exploitpack
Foxit Reader 4.0 - .pdf Multiple Stack Based Buffer Overflow Jailbreak
2010-08-24 00:00:00
seebug
seebug
Foxit Reader &lt;= 4.0 pdf Jailbreak Exploit
2010-08-25 00:00:00
Foxit Reader <= 4.0 pdf Jailbreak Exploit
2014-07-01 00:00:00
packetstorm
packetstorm
Foxit Reader 4.0 PDF Jailbreak
2010-08-26 00:00:00
cert
cert
FreeType 2 CFF font stack corruption vulnerability
2010-08-05 00:00:00
exploitdb
exploitdb
Foxit Reader 4.0 - &#039;.pdf&#039; Multiple Stack Based Buffer Overflow &#039;Jailbreak&#039;
2010-08-24 00:00:00
threatpost
threatpost
Apple Zaps JailbreakMe Bugs in Record Time
2010-08-11 19:43:56
suse
suse
Security update for freetype2 (important)
2012-04-23 18:08:18
JSON
Related for UBUNTU_USN-972-1.NASL
securityvulns4openvas55ubuntu1nessus42debian2osv1redhat7oraclelinux5fedora4centos5ubuntucve7prion8debiancve7cve8veracode5gentoo1exploitpack1seebug2packetstorm1cert1exploitdb1threatpost1suse1