Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2012-127.NASL
HistorySep 06, 2012 - 12:00 a.m.

Mandriva Linux Security Advisory : libtiff (MDVSA-2012:127)

2012-09-0600:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
11

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON

A vulnerability was found and corrected in libtiff :

A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf (application requesting the conversion) as one of parameters for the routine performing the write.
A remote attacker could provide a specially crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary (CVE-2012-3401).

The updated packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2012:127. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(61976);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2012-3401");
  script_bugtraq_id(54601);
  script_xref(name:"MDVSA", value:"2012:127");

  script_name(english:"Mandriva Linux Security Advisory : libtiff (MDVSA-2012:127)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was found and corrected in libtiff :

A heap-based buffer overflow flaw was found in the way tiff2pdf, a
TIFF image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image
format files, performed write of TIFF image content into particular
PDF document file, when not properly initialized T2P context struct
pointer has been provided by tiff2pdf (application requesting the
conversion) as one of parameters for the routine performing the write.
A remote attacker could provide a specially crafted TIFF image format
file, that when processed by tiff2pdf would lead to tiff2pdf
executable crash or, potentially, arbitrary code execution with the
privileges of the user running the tiff2pdf binary (CVE-2012-3401).

The updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tiff3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff-progs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtiff3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/08/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64tiff-devel-3.9.5-1.3-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64tiff-static-devel-3.9.5-1.3-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64tiff3-3.9.5-1.3-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libtiff-devel-3.9.5-1.3-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"libtiff-progs-3.9.5-1.3-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libtiff-static-devel-3.9.5-1.3-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libtiff3-3.9.5-1.3-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinux2011cpe:/o:mandriva:linux:2011
mandrivalinuxlib64tiff-develp-cpe:/a:mandriva:linux:lib64tiff-devel
mandrivalinuxlib64tiff-static-develp-cpe:/a:mandriva:linux:lib64tiff-static-devel
mandrivalinuxlib64tiff3p-cpe:/a:mandriva:linux:lib64tiff3
mandrivalinuxlibtiff-develp-cpe:/a:mandriva:linux:libtiff-devel
mandrivalinuxlibtiff-progsp-cpe:/a:mandriva:linux:libtiff-progs
mandrivalinuxlibtiff-static-develp-cpe:/a:mandriva:linux:libtiff-static-devel
mandrivalinuxlibtiff3p-cpe:/a:mandriva:linux:libtiff3

Related

openvas 28
debiancve 1
nessus 18
securityvulns 2
cvelist 1
veracode 4
nvd 1
ubuntu 1
ubuntucve 1
prion 1
cve 1
fedora 6
altlinux 1
oraclelinux 1
centos 1
amazon 1
redhat 1
debian 1
osv 1
gentoo 1
openvas
openvas
Mandriva Update for libtiff MDVSA-2012:127 (libtiff)
2012-08-09 00:00:00
Mandriva Update for libtiff MDVSA-2012:127 (libtiff)
2012-08-09 00:00:00
Ubuntu Update for tiff USN-1511-1
2012-07-23 00:00:00
debiancve
debiancve
CVE-2012-3401
2012-08-13 20:55:08
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerability (USN-1511-1)
2012-07-20 00:00:00
openSUSE Security Update : tiff (openSUSE-SU-2012:0955-1)
2014-06-13 00:00:00
Fedora 16 : libtiff-3.9.6-2.fc16 (2012-10978)
2012-08-10 00:00:00
securityvulns
securityvulns
libtiff tiff2pdf code execution
2012-08-13 00:00:00
[ MDVSA-2012:127 ] libtiff
2012-08-13 00:00:00
cvelist
cvelist
CVE-2012-3401
2012-08-13 20:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:51:31
Denial Of Service (DoS) And Remote Code Execution (RCE)
2019-05-02 04:42:00
Denial Of Service (DoS) And Remote Code Execution (RCE)
2019-05-02 04:42:00
nvd
nvd
CVE-2012-3401
2012-08-13 20:55:08
ubuntu
ubuntu
tiff vulnerability
2012-07-19 00:00:00
ubuntucve
ubuntucve
CVE-2012-3401
2012-07-19 00:00:00
prion
prion
Heap overflow
2012-08-13 20:55:00
cve
cve
CVE-2012-3401
2012-08-13 20:55:08
fedora
fedora
[SECURITY] Fedora 17 Update: libtiff-3.9.6-2.fc17
2012-07-26 22:24:04
[SECURITY] Fedora 16 Update: libtiff-3.9.6-2.fc16
2012-08-09 23:17:58
[SECURITY] Fedora 18 Update: libtiff-4.0.3-2.fc18
2013-01-12 00:28:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 3.9.6-alt3
2012-08-27 00:00:00
oraclelinux
oraclelinux
libtiff security update
2012-12-18 00:00:00
centos
centos
libtiff security update
2012-12-19 01:20:39
amazon
amazon
Medium: libtiff
2012-12-20 13:55:00
redhat
redhat
(RHSA-2012:1590) Moderate: libtiff security update
2012-12-18 00:00:00
debian
debian
[SECURITY] [DSA 2552-1] tiff security update
2012-09-26 21:55:26
osv
osv
tiff - several
2012-09-26 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2012-09-23 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON
Related for MANDRIVA_MDVSA-2012-127.NASL
openvas28debiancve1nessus18securityvulns2cvelist1veracode4nvd1ubuntu1ubuntucve1prion1cve1fedora6altlinux1oraclelinux1centos1amazon1redhat1debian1osv1gentoo1