Lucene search
Copyright (c) 2010 Greenbone Networks GmbHOPENVAS:840446HistoryJun 25, 2010 - 12:00 a.m.
Ubuntu Update for tiff vulnerabilities USN-954-1
2010-06-2500:00:00
Copyright (c) 2010 Greenbone Networks GmbH
plugins.openvas.org
7
0.051 Low
EPSS
Percentile
92.1%
Ubuntu Update for Linux kernel vulnerabilities USN-954-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_954_1.nasl 7965 2017-12-01 07:38:25Z santu $
#
# Ubuntu Update for tiff vulnerabilities USN-954-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Kevin Finisterre discovered that the TIFF library did not correctly handle
certain image structures. If a user or automated system were tricked
into opening a specially crafted TIFF image, a remote attacker could
execute arbitrary code with user privileges, or crash the application,
leading to a denial of service. (CVE-2010-1411)
Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF
library. If a user or automated system were into opening a specially
crafted TIFF image, a remote attacker could execute arbitrary code
with user privileges, or crash the application, leading to a denial
of service. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065,
CVE-2010-2067)";
tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-954-1";
tag_affected = "tiff vulnerabilities on Ubuntu 6.06 LTS ,
Ubuntu 8.04 LTS ,
Ubuntu 9.04 ,
Ubuntu 9.10 ,
Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-954-1/");
script_id(840446);
script_version("$Revision: 7965 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-06-25 12:25:26 +0200 (Fri, 25 Jun 2010)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "USN", value: "954-1");
script_cve_id("CVE-2010-1411", "CVE-2010-2065", "CVE-2010-2067");
script_name("Ubuntu Update for tiff vulnerabilities USN-954-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU9.10")
{
if ((res = isdpkgvuln(pkg:"libtiff-tools", ver:"3.8.2-13ubuntu0.3", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4-dev", ver:"3.8.2-13ubuntu0.3", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4", ver:"3.8.2-13ubuntu0.3", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiffxx0c2", ver:"3.8.2-13ubuntu0.3", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff-opengl", ver:"3.8.2-13ubuntu0.3", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff-doc", ver:"3.8.2-13ubuntu0.3", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU6.06 LTS")
{
if ((res = isdpkgvuln(pkg:"libtiff-tools", ver:"3.7.4-1ubuntu3.8", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4-dev", ver:"3.7.4-1ubuntu3.8", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4", ver:"3.7.4-1ubuntu3.8", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiffxx0c2", ver:"3.7.4-1ubuntu3.8", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff-opengl", ver:"3.7.4-1ubuntu3.8", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libtiff-tools", ver:"3.9.2-2ubuntu0.3", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4-dev", ver:"3.9.2-2ubuntu0.3", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4", ver:"3.9.2-2ubuntu0.3", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiffxx0c2", ver:"3.9.2-2ubuntu0.3", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff-opengl", ver:"3.9.2-2ubuntu0.3", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff-doc", ver:"3.9.2-2ubuntu0.3", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU9.04")
{
if ((res = isdpkgvuln(pkg:"libtiff-tools", ver:"3.8.2-11ubuntu0.9.04.6", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4-dev", ver:"3.8.2-11ubuntu0.9.04.6", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4", ver:"3.8.2-11ubuntu0.9.04.6", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiffxx0c2", ver:"3.8.2-11ubuntu0.9.04.6", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff-opengl", ver:"3.8.2-11ubuntu0.9.04.6", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff-doc", ver:"3.8.2-11ubuntu0.9.04.6", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU8.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libtiff-tools", ver:"3.8.2-7ubuntu3.6", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4-dev", ver:"3.8.2-7ubuntu3.6", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff4", ver:"3.8.2-7ubuntu3.6", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiffxx0c2", ver:"3.8.2-7ubuntu3.6", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtiff-opengl", ver:"3.8.2-7ubuntu3.6", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
References
Related
ubuntu
ubuntu
tiff vulnerabilities
2010-06-21 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2010-180-02)
2012-09-10 00:00:00
Slackware Advisory SSA:2010-180-02 libtiff
2012-09-11 00:00:00
Ubuntu: Security Advisory (USN-954-1)
2010-06-25 00:00:00
slackware
slackware
[slackware-security] libtiff
2010-06-30 06:40:02
securityvulns
securityvulns
libtiff multiple security vulnerabilities
2010-06-29 00:00:00
[USN-954-1] tiff vulnerabilities
2010-06-23 00:00:00
nessus
nessus
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.0 / 9.1 / current : libtiff (SSA:2010-180-02)
2010-07-01 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : tiff vulnerabilities (USN-954-1)
2010-06-22 00:00:00
Fedora 13 : libtiff-3.9.4-1.fc13 (2010-10334)
2010-07-02 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: libtiff-3.9.4-1.fc12
2010-07-05 22:00:54
[SECURITY] Fedora 13 Update: libtiff-3.9.4-1.fc13
2010-07-01 18:43:16
[SECURITY] Fedora 13 Update: libtiff-3.9.4-4.fc13
2011-04-11 20:58:53
prion
prion
Integer overflow
2010-06-24 12:30:00
Integer overflow
2010-06-17 16:30:00
Stack overflow
2010-06-24 12:30:00
cve
cve
debiancve
debiancve
cvelist
cvelist
osv
osv
tiff - arbitrary code execution
2010-08-03 00:00:00
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:49:24
debian
debian
[SECURITY] [DSA 2084-1] New tiff packages fix arbitrary code execution
2010-08-03 05:31:06
oraclelinux
oraclelinux
libtiff security update
2010-07-08 00:00:00
libtiff security update
2010-07-08 00:00:00
freebsd
freebsd
tiff -- buffer overflow vulnerability
2010-04-15 00:00:00
threatpost
threatpost
WebKit Security Flaws Haunt Apple iTunes
2010-06-17 14:44:15
redhat
redhat
(RHSA-2010:0520) Important: libtiff security update
2010-07-08 00:00:00
(RHSA-2010:0519) Important: libtiff security update
2010-07-08 00:00:00
centos
centos
libtiff security update
2010-08-16 20:25:13
libtiff security update
2010-07-14 22:28:07
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2012-09-23 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00