Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone Networks GmbHOPENVAS:840026
HistoryMar 23, 2009 - 12:00 a.m.

Ubuntu Update for libgd2 vulnerabilities USN-473-1

2009-03-2300:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
3

0.051 Low

EPSS

Percentile

92.1%

JSON

Ubuntu Update for Linux kernel vulnerabilities USN-473-1

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_473_1.nasl 7969 2017-12-01 09:23:16Z santu $
#
# Ubuntu Update for libgd2 vulnerabilities USN-473-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "A buffer overflow was discovered in libgd2's font renderer.  By tricking
  an application using libgd2 into rendering a specially crafted string
  with a JIS encoded font, a remote attacker could read heap memory or
  crash the application, leading to a denial of service. (CVE-2007-0455)

  Xavier Roche discovered that libgd2 did not correctly validate PNG
  callback results.  If an application were tricked into processing a
  specially crafted PNG image, it would monopolize CPU resources.  Since
  libgd2 is often used in PHP and Perl web applications, this could lead
  to a remote denial of service. (CVE-2007-2756)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-473-1";
tag_affected = "libgd2 vulnerabilities on Ubuntu 6.06 LTS ,
  Ubuntu 6.10 ,
  Ubuntu 7.04";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-473-1/");
  script_id(840026);
  script_version("$Revision: 7969 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "USN", value: "473-1");
  script_cve_id("CVE-2007-0455", "CVE-2007-2756");
  script_name( "Ubuntu Update for libgd2 vulnerabilities USN-473-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU7.04")
{

  if ((res = isdpkgvuln(pkg:"libgd-tools", ver:"2.0.34~rc1-2ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-noxpm-dev", ver:"2.0.34~rc1-2ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-noxpm", ver:"2.0.34~rc1-2ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-xpm-dev", ver:"2.0.34~rc1-2ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-xpm", ver:"2.0.34~rc1-2ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU6.06 LTS")
{

  if ((res = isdpkgvuln(pkg:"libgd-tools", ver:"2.0.33-2ubuntu5.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-noxpm-dev", ver:"2.0.33-2ubuntu5.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-noxpm", ver:"2.0.33-2ubuntu5.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-xpm-dev", ver:"2.0.33-2ubuntu5.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-xpm", ver:"2.0.33-2ubuntu5.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-dev", ver:"2.0.33-2ubuntu5.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2", ver:"2.0.33-2ubuntu5.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU6.10")
{

  if ((res = isdpkgvuln(pkg:"libgd-tools", ver:"2.0.33-4ubuntu2.1", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-noxpm-dev", ver:"2.0.33-4ubuntu2.1", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-noxpm", ver:"2.0.33-4ubuntu2.1", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-xpm-dev", ver:"2.0.33-4ubuntu2.1", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgd2-xpm", ver:"2.0.33-4ubuntu2.1", rls:"UBUNTU6.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

nessus 50
openvas 63
ubuntu 1
ubuntucve 2
fedora 6
cve 2
prion 2
securityvulns 5
veracode 2
debiancve 2
redhat 7
osv 2
oraclelinux 5
centos 5
debian 1
amazon 1
slackware 2
freebsd 1
archlinux 1
gentoo 2
f5 2
suse 1
kitploit 1
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 : libgd2 vulnerabilities (USN-473-1)
2007-11-10 00:00:00
openSUSE 10 Security Update : gd (gd-3747)
2007-10-17 00:00:00
SuSE 10 Security Update : gd (ZYPP Patch Number 3748)
2007-12-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-473-1)
2009-03-23 00:00:00
Mandriva Update for gd MDKSA-2007:035 (gd)
2009-04-09 00:00:00
Mandriva Update for libwmf MDKSA-2007:036 (libwmf)
2009-04-09 00:00:00
ubuntu
ubuntu
libgd2 vulnerabilities
2007-06-12 00:00:00
ubuntucve
ubuntucve
CVE-2007-0455
2007-01-30 00:00:00
CVE-2007-2756
2007-05-18 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: gd-2.0.33-7.fc5
2007-02-12 17:28:03
[SECURITY] Fedora Core 6 Update: gd-2.0.33-10.fc6
2007-02-12 17:26:55
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.5.fc6
2007-04-17 12:45:17
cve
cve
CVE-2007-0455
2007-01-30 17:28:00
CVE-2007-2756
2007-05-18 18:30:00
prion
prion
Buffer overflow
2007-01-30 17:28:00
Code injection
2007-05-18 18:30:00
securityvulns
securityvulns
libgd PNG DoS
2007-06-14 00:00:00
[Full-disclosure] [ MDKSA-2007:122 ] - Updated gd packages fix vulnerability
2007-06-14 00:00:00
libgd graphics library code execution
2007-01-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:20:27
Arbitrary Code Execution
2020-04-10 00:15:21
debiancve
debiancve
CVE-2007-2756
2007-05-18 18:30:00
CVE-2007-0455
2007-01-30 17:28:00
redhat
redhat
(RHSA-2008:0146) Moderate: gd security update
2008-02-28 00:00:00
(RHSA-2007:0153) Moderate: php security update
2007-04-20 00:00:00
(RHSA-2007:0162) Moderate: php security update
2007-04-16 00:00:00
osv
osv
libgd2 - several vulnerabilities
2009-11-17 00:00:00
libgd2 - multiple vulnerabilities
2008-07-22 00:00:00
oraclelinux
oraclelinux
Moderate: gd security update
2008-02-28 00:00:00
Important: php security update
2007-04-16 00:00:00
Moderate: php security update
2007-09-26 00:00:00
centos
centos
gd security update
2008-02-28 19:35:25
php security update
2007-04-21 13:47:06
php security update
2007-09-20 14:31:37
debian
debian
[SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities
2009-11-17 20:52:01
amazon
amazon
Important: libwmf
2015-10-27 13:51:00
slackware
slackware
[slackware-security] php5
2007-06-01 21:19:18
[slackware-security] libwmf
2018-05-01 01:19:49
freebsd
freebsd
libwmf -- multiple vulnerabilities
2004-10-12 00:00:00
archlinux
archlinux
[ASA-201701-1] libwmf: multiple issues
2017-01-01 00:00:00
gentoo
gentoo
GD: Multiple vulnerabilities
2007-08-09 00:00:00
PHP: Multiple vulnerabilities
2007-10-07 00:00:00
f5
f5
K7859 : Multiple PHP vulnerabilities
2013-03-19 00:00:00
SOL7859 - Multiple PHP vulnerabilities
2007-09-16 00:00:00
suse
suse
remote denial of service in php4,php5
2007-07-12 16:26:43
kitploit
kitploit
arch-audit - An utility like pkg-audit for Arch Linux
2016-10-15 14:30:00

0.051 Low

EPSS

Percentile

92.1%

JSON
Related for OPENVAS:840026
nessus50openvas63ubuntu1ubuntucve2fedora6cve2prion2securityvulns5veracode2debiancve2redhat7osv2oraclelinux5centos5debian1amazon1slackware2freebsd1archlinux1gentoo2f52suse1kitploit1