Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libgdiplus vulnerability (USN-993-1)

🗓️ 06 Oct 2010 00:00:00Reported by TenableType

Ubuntu 8.04/9.04/9.10/10.04: libgdiplus vulnerability (USN-993-1). Incorrect handling of image files allows attacker to execute arbitrary code

Reporter	Title	Published	Views	Family All 39
ALT Linux	Security fix for the ALT Linux 6 package libgdiplus version 2.6.7-alt2	14 Mar 201100:00	–	altlinux
BDU FSTEC	The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
CVE	CVE-2010-1526	24 Aug 201020:00	–	cve
Cvelist	CVE-2010-1526	24 Aug 201020:00	–	cvelist
Debian CVE	CVE-2010-1526	24 Aug 201020:00	–	debiancve
EUVD	EUVD-2010-1553	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 13 Update: libgdiplus-2.6.7-2.fc13	9 Sep 201001:21	–	fedora
Fedora	[SECURITY] Fedora 14 Update: libgdiplus-2.6.7-3.fc14	9 Sep 201004:33	–	fedora
Fedora	[SECURITY] Fedora 12 Update: libgdiplus-2.4.2-4.fc12	9 Sep 201001:18	–	fedora
Tenable Nessus	Fedora 14 : libgdiplus-2.6.7-3.fc14 (2010-13676)	9 Sep 201000:00	–	nessus

Source	Link
usn	www.usn.ubuntu.com/993-1/
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-993-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(49762);
  script_version("1.12");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-1526");
  script_bugtraq_id(42602);
  script_xref(name:"USN", value:"993-1");

  script_name(english:"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libgdiplus vulnerability (USN-993-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Stefan Cornelius discovered that libgdiplus incorrectly handled
certain image files. If a user or automated system were tricked into
opening a crafted image file, an attacker could cause a denial of
service or possibly execute arbitrary code with the privileges of the
user invoking the program.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/993-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libgdiplus package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgdiplus");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|9\.04|9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 9.04 / 9.10 / 10.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"libgdiplus", pkgver:"1.2.6-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libgdiplus", pkgver:"2.0-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libgdiplus", pkgver:"2.4.2-1ubuntu0.9.10.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libgdiplus", pkgver:"2.4.2-1ubuntu0.10.04.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgdiplus");
}

19 Sep 2019 12:54Current

6.1Medium risk

Vulners AI Score6.1

CVSS 26.8

EPSS0.01951