Lucene search
Copyright (C) 2009 Greenbone Networks GmbHOPENVAS:1361412562310830362HistoryApr 09, 2009 - 12:00 a.m.
Mandriva Update for libexif MDVSA-2008:005 (libexif)
2009-04-0900:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
8
0.022 Low
EPSS
Percentile
88.1%
Check for the Version of libexif
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for libexif MDVSA-2008:005 (libexif)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "An infinite recursion flaw was found in the way that libexif parses
Exif image tags. A carefully crafted Exif image file opened by an
application linked against libexif could cause the application to crash
(CVE-2007-6351).
An integer overflow flaw was also found in how libexif parses
Exif image tags. A carefully crafted Exif image file opened by
an application linked against libexif could cause the application
to crash or execute arbitrary code with the privileges of the user
executing the application (CVE-2007-6352).
The updated packages have been patched to correct these issues.";
tag_affected = "libexif on Mandriva Linux 2007.0,
Mandriva Linux 2007.0/X86_64,
Mandriva Linux 2007.1,
Mandriva Linux 2007.1/X86_64,
Mandriva Linux 2008.0,
Mandriva Linux 2008.0/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2008-01/msg00011.php");
script_oid("1.3.6.1.4.1.25623.1.0.830362");
script_version("$Revision: 9370 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "MDVSA", value: "2008:005");
script_cve_id("CVE-2007-6351", "CVE-2007-6352");
script_name( "Mandriva Update for libexif MDVSA-2008:005 (libexif)");
script_tag(name:"summary", value:"Check for the Version of libexif");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2007.1")
{
if ((res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.13~4.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libexif12-devel", rpm:"libexif12-devel~0.6.13~4.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libexif", rpm:"libexif~0.6.13~4.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64exif12", rpm:"lib64exif12~0.6.13~4.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64exif12-devel", rpm:"lib64exif12-devel~0.6.13~4.3mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2007.0")
{
if ((res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.13~2.3mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libexif12-devel", rpm:"libexif12-devel~0.6.13~2.3mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libexif", rpm:"libexif~0.6.13~2.3mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64exif12", rpm:"lib64exif12~0.6.13~2.3mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64exif12-devel", rpm:"lib64exif12-devel~0.6.13~2.3mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2008.0")
{
if ((res = isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.16~2.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libexif12", rpm:"libexif12~0.6.16~2.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libexif", rpm:"libexif~0.6.16~2.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64exif-devel", rpm:"lib64exif-devel~0.6.16~2.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64exif12", rpm:"lib64exif12~0.6.16~2.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
openvas
openvas
SLES9: Security update for libexif
2009-10-10 00:00:00
SLES10: Security update for libexif
2009-10-13 00:00:00
Ubuntu: Security Advisory (USN-654-1)
2009-03-23 00:00:00
nessus
nessus
SuSE9 Security Update : libexif (YOU Patch Number 12045)
2009-09-24 00:00:00
SuSE 10 Security Update : libexif (ZYPP Patch Number 4884)
2008-01-14 00:00:00
CentOS 5 : libexif (CESA-2007:1165)
2010-01-06 00:00:00
ubuntu
ubuntu
libexif vulnerabilities
2008-10-14 00:00:00
gentoo
gentoo
libexif: Multiple vulnerabilities
2007-12-29 00:00:00
redhat
redhat
(RHSA-2007:1165) Moderate: libexif security update
2007-12-19 00:00:00
(RHSA-2007:1166) Moderate: libexif security update
2007-12-19 00:00:00
oraclelinux
oraclelinux
Moderate:libexif security update
2007-12-19 00:00:00
Moderate: libexif security update
2007-12-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package libexif version 0.6.16-alt2
2007-12-17 00:00:00
securityvulns
securityvulns
centos
centos
libexif security update
2007-12-21 00:49:29
libexif security update
2007-12-19 18:22:27
fedora
fedora
[SECURITY] Fedora 8 Update: libexif-0.6.15-5.fc8
2007-12-20 19:54:00
[SECURITY] Fedora 7 Update: libexif-0.6.15-3.fc7
2007-12-20 19:50:12
osv
osv
libexif - several vulnerabilities
2008-02-08 00:00:00
debian
debian
[SECURITY] [DSA 1487-1] New libexif packages fix several vulnerabilities
2008-02-08 17:25:20
prion
prion
Integer overflow
2007-12-20 02:46:00
Design/Logic Flaw
2007-12-20 02:46:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:22:46
Arbitrary Code Execution
2020-04-10 00:22:47
cve
cve
CVE-2007-6351
2007-12-20 02:46:00
CVE-2007-6352
2007-12-20 02:46:00
ubuntucve
ubuntucve
CVE-2007-6352
2007-12-20 00:00:00
CVE-2007-6351
2007-12-20 00:00:00
debiancve
debiancve
CVE-2007-6352
2007-12-20 02:46:00
CVE-2007-6351
2007-12-20 02:46:00
cvelist
cvelist
CVE-2007-6351
2007-12-20 02:00:00
CVE-2007-6352
2007-12-20 02:00:00