Lucene search

HistoryApr 26, 2006 - 12:00 a.m.

GLSA-200510-26 : XLI, Xloadimage: Buffer overflow

2006-04-2600:00:00

www.tenable.com

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.9%

JSON

The remote host is affected by the vulnerability described in GLSA-200510-26 (XLI, Xloadimage: Buffer overflow)

When XLI or Xloadimage process an image, they create a new image     object to contain the new image, copying the title from the old image     to the newly created image. Ariel Berkman reported that the 'zoom',     'reduce', and 'rotate' functions use a fixed length buffer to contain     the new title, which could be overwritten by the NIFF or XPM image     processors.

Impact :

A malicious user could craft a malicious XPM or NIFF file and     entice a user to view it using XLI, or manipulate it using Xloadimage,     potentially resulting in the execution of arbitrary code with the     permissions of the user running XLI or Xloadimage.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200510-26.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(21275);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-3178");
  script_xref(name:"GLSA", value:"200510-26");

  script_name(english:"GLSA-200510-26 : XLI, Xloadimage: Buffer overflow");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200510-26
(XLI, Xloadimage: Buffer overflow)

    When XLI or Xloadimage process an image, they create a new image
    object to contain the new image, copying the title from the old image
    to the newly created image. Ariel Berkman reported that the 'zoom',
    'reduce', and 'rotate' functions use a fixed length buffer to contain
    the new title, which could be overwritten by the NIFF or XPM image
    processors.
  
Impact :

    A malicious user could craft a malicious XPM or NIFF file and
    entice a user to view it using XLI, or manipulate it using Xloadimage,
    potentially resulting in the execution of arbitrary code with the
    permissions of the user running XLI or Xloadimage.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200510-26"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All XLI users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=media-gfx/xli-1.17.0-r2'
    All Xloadimage users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=media-gfx/xloadimage-4.1-r4'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xloadimage");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/10/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"media-gfx/xloadimage", unaffected:make_list("ge 4.1-r4"), vulnerable:make_list("lt 4.1-r4"))) flag++;
if (qpkg_check(package:"media-gfx/xli", unaffected:make_list("ge 1.17.0-r2"), vulnerable:make_list("lt 1.17.0-r2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XLI / Xloadimage");
}

VendorProductVersionCPE
gentoolinuxxlip-cpe:/a:gentoo:linux:xli
gentoolinuxxloadimagep-cpe:/a:gentoo:linux:xloadimage
gentoolinuxcpe:/o:gentoo:linux

Vendor	Product	Version	CPE
gentoo	linux	xli	p-cpe:/a:gentoo:linux:xli
gentoo	linux	xloadimage	p-cpe:/a:gentoo:linux:xloadimage
gentoo	linux		cpe:/o:gentoo:linux

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3178

security.gentoo.org/glsa/200510-26

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.9%

JSON

Related for GENTOO_GLSA-200510-26.NASL