{"id": "OPENVAS:136141256231065372", "type": "openvas", "bulletinFamily": "scanner", "title": "SLES9: Security update for libexif", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libexif\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010513 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 2.6}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065372", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-0664"], "lastseen": "2018-04-06T11:37:37", "viewCount": 0, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2018-04-06T11:37:37", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0664"]}, {"type": "nessus", "idList": ["SOLARIS10_121095-05.NASL", "REDHAT-RHSA-2005-300.NASL", "DEBIAN_DSA-709.NASL", "GENTOO_GLSA-200503-17.NASL", "FREEBSD_PKG_624FE633900611D9A22C0001020EED82.NASL", "MANDRAKE_MDKSA-2005-064.NASL", "SOLARIS10_X86_121096.NASL", "SOLARIS10_X86_121096-04.NASL", "SOLARIS9_X86_121093.NASL", "SOLARIS10_121095.NASL"]}, {"type": "redhat", "idList": ["RHSA-2005:300"]}, {"type": "ubuntu", "idList": ["USN-91-1"]}, {"type": "osvdb", "idList": ["OSVDB:14607"]}, {"type": "freebsd", "idList": ["624FE633-9006-11D9-A22C-0001020EED82"]}, {"type": "openvas", "idList": ["OPENVAS:855186", "OPENVAS:54882", "OPENVAS:65372", "OPENVAS:1361412562310855574", "OPENVAS:1361412562310855186", "OPENVAS:855574", "OPENVAS:53534", "OPENVAS:52162"]}, {"type": "debian", "idList": ["DEBIAN:DSA-709-1:0A797"]}, {"type": "gentoo", "idList": ["GLSA-200503-17"]}], "modified": "2018-04-06T11:37:37", "rev": 2}, "vulnersScore": 5.9}, "pluginID": "136141256231065372", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010513.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for libexif\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libexif\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010513 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65372\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-0664\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for libexif\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libexif\", rpm:\"libexif~0.5.12~118.7\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:24:35", "description": "Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.", "edition": 4, "cvss3": {}, "published": "2005-05-02T04:00:00", "title": "CVE-2005-0664", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0664"], "modified": "2018-10-03T21:29:00", "cpe": ["cpe:/a:libexif:libexif:0.6.9"], "id": "CVE-2005-0664", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0664", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libexif:libexif:0.6.9:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T19:44:09", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0664"], "description": "Sylvain Defresne discovered that the EXIF library did not properly \nvalidate the structure of the EXIF tags. By tricking a user to load an \nimage with a malicious EXIF tag, an attacker could exploit this to \ncrash the process using the library, or even execute arbitrary code \nwith the privileges of the process.", "edition": 15, "modified": "2005-03-08T00:00:00", "published": "2005-03-08T00:00:00", "id": "USN-91-1", "href": "https://ubuntu.com/security/notices/USN-91-1", "title": "EXIF library vulnerability", "type": "ubuntu", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:32", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0664"], "edition": 1, "description": "### Background\n\nlibexif is a library for parsing, editing and saving EXIF data. \n\n### Description\n\nlibexif contains a buffer overflow vulnerability in the EXIF tag validation code. When opening an image with a specially crafted EXIF tag, the lack of validation can cause applications linked to libexif to crash. \n\n### Impact\n\nA specially crafted EXIF file could crash applications making use of libexif, potentially allowing the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libexif users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libexif-0.5.12-r1\"", "modified": "2005-03-12T00:00:00", "published": "2005-03-12T00:00:00", "id": "GLSA-200503-17", "href": "https://security.gentoo.org/glsa/200503-17", "type": "gentoo", "title": "libexif: Buffer overflow vulnerability", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:10", "bulletinFamily": "software", "cvelist": ["CVE-2005-0664"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1013398\n[Secunia Advisory ID:14574](https://secuniaresearch.flexerasoftware.com/advisories/14574/)\n[Secunia Advisory ID:14666](https://secuniaresearch.flexerasoftware.com/advisories/14666/)\n[Secunia Advisory ID:17705](https://secuniaresearch.flexerasoftware.com/advisories/17705/)\n[Secunia Advisory ID:14518](https://secuniaresearch.flexerasoftware.com/advisories/14518/)\n[Secunia Advisory ID:14796](https://secuniaresearch.flexerasoftware.com/advisories/14796/)\n[Secunia Advisory ID:14504](https://secuniaresearch.flexerasoftware.com/advisories/14504/)\n[Secunia Advisory ID:14541](https://secuniaresearch.flexerasoftware.com/advisories/14541/)\n[Secunia Advisory ID:15563](https://secuniaresearch.flexerasoftware.com/advisories/15563/)\n[Secunia Advisory ID:14987](https://secuniaresearch.flexerasoftware.com/advisories/14987/)\n[Secunia Advisory ID:14991](https://secuniaresearch.flexerasoftware.com/advisories/14991/)\nRedHat RHSA: RHSA-2005:300\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200503-17.xml\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102041-1\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000960\nOther Advisory URL: http://www.debian.org/security/2005/dsa-709\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-91-1\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:064\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Apr/0005.html\n[CVE-2005-0664](https://vulners.com/cve/CVE-2005-0664)\n", "modified": "2005-03-07T07:40:29", "published": "2005-03-07T07:40:29", "href": "https://vulners.com/osvdb/OSVDB:14607", "id": "OSVDB:14607", "type": "osvdb", "title": "libexif Malformed EXIF Tag Arbitrary Command Execution", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52162", "href": "http://plugins.openvas.org/nasl.php?oid=52162", "type": "openvas", "title": "FreeBSD Ports: libexif", "sourceData": "#\n#VID 624fe633-9006-11d9-a22c-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libexif\n\nCVE-2005-0664\nBuffer overflow in the EXIF library (libexif) 0.6.9 does not properly\nvalidate the structure of the EXIF tags, which allows remote attackers\nto cause a denial of service (application crash) and possibly execute\narbitrary code via an image with a crafted EXIF tag.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152\nhttp://www.vuxml.org/freebsd/624fe633-9006-11d9-a22c-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52162);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0664\");\n script_bugtraq_id(12744);\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: libexif\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libexif\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.6.10_1\")<0) {\n txt += 'Package libexif version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "description": "The remote host is missing an update to libexif\nannounced via advisory DSA 709-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53534", "href": "http://plugins.openvas.org/nasl.php?oid=53534", "type": "openvas", "title": "Debian Security Advisory DSA 709-1 (libexif)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_709_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 709-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sylvain Defresne discovered a buffer overflow in libexif, a library\nthat parses EXIF files (such as JPEG files with extra tags). This bug\ncould be exploited to crash the application and maybe to execute\narbitrary code as well.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.5.0-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.6.9-5.\n\nWe recommend that you upgrade your libexif package.\";\ntag_summary = \"The remote host is missing an update to libexif\nannounced via advisory DSA 709-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20709-1\";\n\nif(description)\n{\n script_id(53534);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-0664\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 709-1 (libexif)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libexif-dev\", ver:\"0.5.0-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libexif5\", ver:\"0.5.0-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libexif\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010513 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65372", "href": "http://plugins.openvas.org/nasl.php?oid=65372", "type": "openvas", "title": "SLES9: Security update for libexif", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010513.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for libexif\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libexif\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010513 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65372);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-0664\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for libexif\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libexif\", rpm:\"libexif~0.5.12~118.7\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200503-17.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54882", "href": "http://plugins.openvas.org/nasl.php?oid=54882", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200503-17 (libexif)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libexif fails to validate certain inputs, making it vulnerable to buffer\noverflows.\";\ntag_solution = \"All libexif users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libexif-0.5.12-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200503-17\nhttp://bugs.gentoo.org/show_bug.cgi?id=84076\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200503-17.\";\n\n \n\nif(description)\n{\n script_id(54882);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-0664\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200503-17 (libexif)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/libexif\", unaffected: make_list(\"ge 0.5.12-r1\"), vulnerable: make_list(\"lt 0.5.12-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6352", "CVE-2005-0664", "CVE-2007-6351"], "description": "Check for the Version of GNOME 2.6.0", "modified": "2017-02-20T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:855186", "href": "http://plugins.openvas.org/nasl.php?oid=855186", "type": "openvas", "title": "Solaris Update for GNOME 2.6.0 121095-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GNOME 2.6.0 121095-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GNOME 2.6.0 on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GNOME 2.6.0\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855186);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"121095-02\");\n script_cve_id(\"CVE-2007-6351\", \"CVE-2007-6352\", \"CVE-2005-0664\");\n script_name( \"Solaris Update for GNOME 2.6.0 121095-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-121095-02-1\");\n\n script_summary(\"Check for the Version of GNOME 2.6.0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121095-02\", package:\"SUNWlibexif\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6352", "CVE-2005-0664", "CVE-2007-6351"], "description": "Check for the Version of GNOME EXIF tag parsing library for digital cameras", "modified": "2017-02-20T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:855574", "href": "http://plugins.openvas.org/nasl.php?oid=855574", "type": "openvas", "title": "Solaris Update for GNOME EXIF tag parsing library for digital cameras 121096-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GNOME EXIF tag parsing library for digital cameras 121096-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GNOME EXIF tag parsing library for digital cameras on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GNOME EXIF tag parsing library for digital cameras\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855574);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"121096-02\");\n script_cve_id(\"CVE-2007-6351\", \"CVE-2007-6352\", \"CVE-2005-0664\");\n script_name( \"Solaris Update for GNOME EXIF tag parsing library for digital cameras 121096-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-121096-02-1\");\n\n script_summary(\"Check for the Version of GNOME EXIF tag parsing library for digital cameras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"121096-02\", package:\"SUNWlibexif\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6352", "CVE-2005-0664", "CVE-2007-6351"], "description": "Check for the Version of GNOME EXIF tag parsing library for digital cameras", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855574", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855574", "type": "openvas", "title": "Solaris Update for GNOME EXIF tag parsing library for digital cameras 121096-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GNOME EXIF tag parsing library for digital cameras 121096-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GNOME EXIF tag parsing library for digital cameras on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GNOME EXIF tag parsing library for digital cameras\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855574\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"121096-02\");\n script_cve_id(\"CVE-2007-6351\", \"CVE-2007-6352\", \"CVE-2005-0664\");\n script_name( \"Solaris Update for GNOME EXIF tag parsing library for digital cameras 121096-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-121096-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of GNOME EXIF tag parsing library for digital cameras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"121096-02\", package:\"SUNWlibexif\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6352", "CVE-2005-0664", "CVE-2007-6351"], "description": "Check for the Version of GNOME 2.6.0", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855186", "type": "openvas", "title": "Solaris Update for GNOME 2.6.0 121095-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GNOME 2.6.0 121095-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GNOME 2.6.0 on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GNOME 2.6.0\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855186\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"121095-02\");\n script_cve_id(\"CVE-2007-6351\", \"CVE-2007-6352\", \"CVE-2005-0664\");\n script_name( \"Solaris Update for GNOME 2.6.0 121095-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-121095-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of GNOME 2.6.0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121095-02\", package:\"SUNWlibexif\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0664"], "description": "The libexif package contains the EXIF library. Applications use this\nlibrary to parse EXIF image files.\n\nA bug was found in the way libexif parses EXIF tags. An attacker could\ncreate a carefully crafted EXIF image file which could cause image viewers\nlinked against libexif to crash. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2005-0664 to this issue.\n\nUsers of libexif should upgrade to these updated packages, which contain a\nbackported patch and are not vulnerable to this issue.", "modified": "2017-09-08T12:19:26", "published": "2005-03-21T05:00:00", "id": "RHSA-2005:300", "href": "https://access.redhat.com/errata/RHSA-2005:300", "type": "redhat", "title": "(RHSA-2005:300) libexif security update", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0664"], "description": "\nSylvain Defresne reports that libexif is vulnerable to a\n\t buffer overflow vulnerability due to insufficient input\n\t checking. This could lead crash of applications using\n\t libexif.\n", "edition": 4, "modified": "2005-03-03T00:00:00", "published": "2005-03-03T00:00:00", "id": "624FE633-9006-11D9-A22C-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/624fe633-9006-11d9-a22c-0001020eed82.html", "title": "libexif -- buffer overflow vulnerability", "type": "freebsd", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:27:01", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0664"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 709-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 15th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libexif\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0664\nDebian Bug : 298464\n\nSylvain Defresne discovered a buffer overflow in libexif, a library\nthat parses EXIF files (such as JPEG files with extra tags). This bug\ncould be exploited to crash the application and maybe to execute\narbitrary code as well.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.5.0-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.6.9-5.\n\nWe recommend that you upgrade your libexif package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.dsc\n Size/MD5 checksum: 588 c5f9941eb60839a174b36ca5ef2e05ab\n http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.diff.gz\n Size/MD5 checksum: 2414 64f21ec303cd05c2d0bf15521e7707a0\n http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0.orig.tar.gz\n Size/MD5 checksum: 178556 76dd5547de0f0e707d5049fe751c4679\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_alpha.deb\n Size/MD5 checksum: 33402 68eca22ffef823e64bedf3db14c7778a\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_alpha.deb\n Size/MD5 checksum: 27170 f8b1016e5dc5acad95e315d6efb8c639\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_arm.deb\n Size/MD5 checksum: 26968 3f551f779beb9881bda8a0cdf5c2914b\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_arm.deb\n Size/MD5 checksum: 22208 6097611fbdc6de79c47569f3e3b6722f\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_i386.deb\n Size/MD5 checksum: 25932 42107613e27b51fab7d912d8fefdc064\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_i386.deb\n Size/MD5 checksum: 22334 c02b68cc168a284783c027d7d24d699b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_ia64.deb\n Size/MD5 checksum: 35582 390a36964cfcd55de7038226565012c7\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_ia64.deb\n Size/MD5 checksum: 31536 0f2278ae6a257b58071b2e2ffa6eb3f9\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_hppa.deb\n Size/MD5 checksum: 30670 861713e3c4e355071c42087c9621dad1\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_hppa.deb\n Size/MD5 checksum: 25502 f8d1d59f8d9c61e0b1392d102dcc2b13\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_m68k.deb\n Size/MD5 checksum: 25280 34e605f3bbaa451da389328383948887\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_m68k.deb\n Size/MD5 checksum: 22670 610afa47c67a3bbbe3e214f2be62eba2\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mips.deb\n Size/MD5 checksum: 29450 96459f3d71b380ebc8f77e21355cf817\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mips.deb\n Size/MD5 checksum: 22534 52575f793b537c62e759c7f3abef57be\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mipsel.deb\n Size/MD5 checksum: 29252 8b2f66fbacd87d306cb004c927469fce\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mipsel.deb\n Size/MD5 checksum: 22274 3e29e52d3ab8df5b32527be2d4322d7a\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_powerpc.deb\n Size/MD5 checksum: 30602 17fcace29b3eceb732c244b4dba36e5c\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_powerpc.deb\n Size/MD5 checksum: 24140 ebc50f77e7085340b37dacd6dd9f62d7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_s390.deb\n Size/MD5 checksum: 26324 0d9e42b9723d95844b63a24f2fdfe369\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_s390.deb\n Size/MD5 checksum: 23288 876b66520ca55e4791fdf4fc3f58aed2\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_sparc.deb\n Size/MD5 checksum: 28568 dd158a4009865418c60a6124292264c0\n http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_sparc.deb\n Size/MD5 checksum: 26168 06671f5d93b1ffa49b90bce5f36a33c5\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 3, "modified": "2005-04-15T00:00:00", "published": "2005-04-15T00:00:00", "id": "DEBIAN:DSA-709-1:0A797", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00089.html", "title": "[SECURITY] [DSA 709-1] New libexif packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T11:51:26", "description": "A buffer overflow was discovered in the way libexif parses EXIF tags.\nAn attacker could exploit this by creating a special EXIF image file\nwhich could cause image viewers linked against libexif to crash.\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2005-04-01T00:00:00", "title": "Mandrake Linux Security Advisory : libexif (MDKSA-2005:064)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "modified": "2005-04-01T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:libexif9-devel", "p-cpe:/a:mandriva:linux:lib64exif9-devel", "p-cpe:/a:mandriva:linux:libexif9", "p-cpe:/a:mandriva:linux:lib64exif9"], "id": "MANDRAKE_MDKSA-2005-064.NASL", "href": "https://www.tenable.com/plugins/nessus/17670", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:064. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17670);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0664\");\n script_xref(name:\"MDKSA\", value:\"2005:064\");\n\n script_name(english:\"Mandrake Linux Security Advisory : libexif (MDKSA-2005:064)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in the way libexif parses EXIF tags.\nAn attacker could exploit this by creating a special EXIF image file\nwhich could cause image viewers linked against libexif to crash.\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64exif9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64exif9-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexif9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexif9-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64exif9-0.5.12-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64exif9-devel-0.5.12-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libexif9-0.5.12-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libexif9-devel-0.5.12-3.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64exif9-0.5.12-3.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64exif9-devel-0.5.12-3.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libexif9-0.5.12-3.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libexif9-devel-0.5.12-3.1.101mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T10:03:18", "description": "Sylvain Defresne discovered a buffer overflow in libexif, a library\nthat parses EXIF files (such as JPEG files with extra tags). This bug\ncould be exploited to crash the application and maybe to execute\narbitrary code as well.", "edition": 25, "published": "2005-04-15T00:00:00", "title": "Debian DSA-709-1 : libexif - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "modified": "2005-04-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libexif", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-709.NASL", "href": "https://www.tenable.com/plugins/nessus/18056", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-709. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18056);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-0664\");\n script_xref(name:\"DSA\", value:\"709\");\n\n script_name(english:\"Debian DSA-709-1 : libexif - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sylvain Defresne discovered a buffer overflow in libexif, a library\nthat parses EXIF files (such as JPEG files with extra tags). This bug\ncould be exploited to crash the application and maybe to execute\narbitrary code as well.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-709\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libexif package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.5.0-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexif\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libexif-dev\", reference:\"0.5.0-1woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libexif5\", reference:\"0.5.0-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:01:39", "description": "GNOME 2.6.0_x86: libexif Patch.\nDate this patch was last updated by Sun : Nov/15/05", "edition": 21, "published": "2006-11-06T00:00:00", "title": "Solaris 9 (x86) : 121093-01", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "modified": "2006-11-06T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_121093.NASL", "href": "https://www.tenable.com/plugins/nessus/23620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23620);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-0664\");\n\n script_name(english:\"Solaris 9 (x86) : 121093-01\");\n script_summary(english:\"Check for patch 121093-01\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121093-01\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNOME 2.6.0_x86: libexif Patch.\nDate this patch was last updated by Sun : Nov/15/05\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/121093-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"121093-01\", obsoleted_by:\"\", package:\"SUNWlibexif\", version:\"2.6.0,REV=9.7.2.2004.08.23.05.49\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:solaris_get_report());\n else security_note(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:44:53", "description": "Sylvain Defresne reports that libexif is vulnerable to a buffer\noverflow vulnerability due to insufficient input checking. This could\nlead crash of applications using libexif.", "edition": 24, "published": "2005-07-13T00:00:00", "title": "FreeBSD : libexif -- buffer overflow vulnerability (624fe633-9006-11d9-a22c-0001020eed82)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "modified": "2005-07-13T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libexif"], "id": "FREEBSD_PKG_624FE633900611D9A22C0001020EED82.NASL", "href": "https://www.tenable.com/plugins/nessus/18957", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18957);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0664\");\n script_bugtraq_id(12744);\n\n script_name(english:\"FreeBSD : libexif -- buffer overflow vulnerability (624fe633-9006-11d9-a22c-0001020eed82)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sylvain Defresne reports that libexif is vulnerable to a buffer\noverflow vulnerability due to insufficient input checking. This could\nlead crash of applications using libexif.\"\n );\n # https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.launchpad.net/ubuntu/+source/libexif/+bug/13499\"\n );\n # https://vuxml.freebsd.org/freebsd/624fe633-9006-11d9-a22c-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2bea5802\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libexif\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libexif<0.6.10_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:51:55", "description": "The remote host is affected by the vulnerability described in GLSA-200503-17\n(libexif: Buffer overflow vulnerability)\n\n libexif contains a buffer overflow vulnerability in the EXIF tag\n validation code. When opening an image with a specially crafted EXIF\n tag, the lack of validation can cause applications linked to libexif to\n crash.\n \nImpact :\n\n A specially crafted EXIF file could crash applications making use\n of libexif, potentially allowing the execution of arbitrary code with\n the privileges of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2005-03-14T00:00:00", "title": "GLSA-200503-17 : libexif: Buffer overflow vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "modified": "2005-03-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libexif"], "id": "GENTOO_GLSA-200503-17.NASL", "href": "https://www.tenable.com/plugins/nessus/17319", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-17.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17319);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0664\");\n script_xref(name:\"GLSA\", value:\"200503-17\");\n\n script_name(english:\"GLSA-200503-17 : libexif: Buffer overflow vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-17\n(libexif: Buffer overflow vulnerability)\n\n libexif contains a buffer overflow vulnerability in the EXIF tag\n validation code. When opening an image with a specially crafted EXIF\n tag, the lack of validation can cause applications linked to libexif to\n crash.\n \nImpact :\n\n A specially crafted EXIF file could crash applications making use\n of libexif, potentially allowing the execution of arbitrary code with\n the privileges of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libexif users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libexif-0.5.12-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libexif\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libexif\", unaffected:make_list(\"ge 0.5.12-r1\"), vulnerable:make_list(\"lt 0.5.12-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libexif\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:26", "description": "Updated libexif packages that fix a buffer overflow issue are now\navailable.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe libexif package contains the EXIF library. Applications use this\nlibrary to parse EXIF image files.\n\nA bug was found in the way libexif parses EXIF tags. An attacker could\ncreate a carefully crafted EXIF image file which could cause image\nviewers linked against libexif to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0664 to this issue.\n\nUsers of libexif should upgrade to these updated packages, which\ncontain a backported patch and are not vulnerable to this issue.", "edition": 27, "published": "2005-03-21T00:00:00", "title": "RHEL 4 : libexif (RHSA-2005:300)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0664"], "modified": "2005-03-21T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libexif", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:libexif-devel"], "id": "REDHAT-RHSA-2005-300.NASL", "href": "https://www.tenable.com/plugins/nessus/17591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:300. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17591);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-0664\");\n script_xref(name:\"RHSA\", value:\"2005:300\");\n\n script_name(english:\"RHEL 4 : libexif (RHSA-2005:300)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libexif packages that fix a buffer overflow issue are now\navailable.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe libexif package contains the EXIF library. Applications use this\nlibrary to parse EXIF image files.\n\nA bug was found in the way libexif parses EXIF tags. An attacker could\ncreate a carefully crafted EXIF image file which could cause image\nviewers linked against libexif to crash. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0664 to this issue.\n\nUsers of libexif should upgrade to these updated packages, which\ncontain a backported patch and are not vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:300\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libexif and / or libexif-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libexif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libexif-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:300\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"libexif-0.5.12-5.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"libexif-devel-0.5.12-5.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libexif / libexif-devel\");\n }\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:00:26", "description": "GNOME 2.6.0: GNOME EXIF tag parsing library for digital cameras.\nDate this patch was last updated by Sun : Feb/11/16", "edition": 22, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 121095-05", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6352", "CVE-2005-0664"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:121095", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_121095-05.NASL", "href": "https://www.tenable.com/plugins/nessus/107372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107372);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-0664\", \"CVE-2007-6352\");\n\n script_name(english:\"Solaris 10 (sparc) : 121095-05\");\n script_summary(english:\"Check for patch 121095-05\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121095-05\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNOME 2.6.0: GNOME EXIF tag parsing library for digital cameras.\nDate this patch was last updated by Sun : Feb/11/16\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/121095-05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 121095-05 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-6352\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:121095\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121095-05\", obsoleted_by:\"\", package:\"SUNWlibexif\", version:\"2.6.0,REV=10.0.3.2004.12.15.17.11\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWlibexif\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-02-21T01:09:34", "description": "GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital camera.\nDate this patch was last updated by Sun : Feb/11/16\n\nThis plugin has been deprecated and either replaced with individual 121096 patch-revision plugins, or deemed non-security related.", "edition": 8, "published": "2006-11-06T00:00:00", "title": "Solaris 10 (x86) : 121096-05 (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6352", "CVE-2005-0664"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_121096.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22998", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22998);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/07/30 13:40:15\");\n\n script_cve_id(\"CVE-2005-0664\", \"CVE-2007-6352\");\n\n script_name(english:\"Solaris 10 (x86) : 121096-05 (deprecated)\");\n script_summary(english:\"Check for patch 121096-05\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital camera.\nDate this patch was last updated by Sun : Feb/11/16\n\nThis plugin has been deprecated and either replaced with individual\n121096 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/121096-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 121096 instead.\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-01-17T14:00:39", "description": "GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital camera.\nDate this patch was last updated by Sun : Jul/11/13", "edition": 22, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 121096-04", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6352", "CVE-2005-0664"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:121096", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_121096-04.NASL", "href": "https://www.tenable.com/plugins/nessus/107873", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107873);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-0664\", \"CVE-2007-6352\");\n\n script_name(english:\"Solaris 10 (x86) : 121096-04\");\n script_summary(english:\"Check for patch 121096-04\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121096-04\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital camera.\nDate this patch was last updated by Sun : Jul/11/13\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/121096-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 121096-04 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-6352\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:121096\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"121096-04\", obsoleted_by:\"\", package:\"SUNWlibexif\", version:\"2.6.0,REV=10.0.3.2004.12.16.15.42\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWlibexif\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:00:39", "description": "GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital camera.\nDate this patch was last updated by Sun : Feb/11/16", "edition": 22, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 121096-05", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6352", "CVE-2005-0664"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:121096", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_121096-05.NASL", "href": "https://www.tenable.com/plugins/nessus/107874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107874);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-0664\", \"CVE-2007-6352\");\n\n script_name(english:\"Solaris 10 (x86) : 121096-05\");\n script_summary(english:\"Check for patch 121096-05\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121096-05\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital camera.\nDate this patch was last updated by Sun : Feb/11/16\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/121096-05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 121096-05 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-6352\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:121096\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"121096-05\", obsoleted_by:\"\", package:\"SUNWlibexif\", version:\"2.6.0,REV=10.0.3.2004.12.16.15.42\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWlibexif\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}