Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-717.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : openjpeg (openSUSE-SU-2012:1370-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.5%

JSON

This update fixes a heap-based buffer overflow in OpenJPEG which could allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-717.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74783);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-3535");

  script_name(english:"openSUSE Security Update : openjpeg (openSUSE-SU-2012:1370-1)");
  script_summary(english:"Check for the openSUSE-2012-717 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes a heap-based buffer overflow in OpenJPEG which could
allow remote attackers to cause a denial of service (application
crash) and possibly execute arbitrary code via a crafted JPEG2000
file."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=777445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-10/msg00061.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected openjpeg packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenjpeg1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenjpeg1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"libopenjpeg1-1.5.0-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libopenjpeg1-debuginfo-1.5.0-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"openjpeg-1.5.0-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"openjpeg-debuginfo-1.5.0-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"openjpeg-debugsource-1.5.0-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"openjpeg-devel-1.5.0-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libopenjpeg1-32bit-1.5.0-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libopenjpeg1-debuginfo-32bit-1.5.0-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"openjpeg-devel-32bit-1.5.0-2.7.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg");
}
VendorProductVersionCPE
novellopensuseopenjpeg-debugsourcep-cpe:/a:novell:opensuse:openjpeg-debugsource
novellopensuseopenjpeg-develp-cpe:/a:novell:opensuse:openjpeg-devel
novellopensuseopenjpeg-devel-32bitp-cpe:/a:novell:opensuse:openjpeg-devel-32bit
novellopensuse12.2cpe:/o:novell:opensuse:12.2
novellopensuselibopenjpeg1p-cpe:/a:novell:opensuse:libopenjpeg1
novellopensuselibopenjpeg1-32bitp-cpe:/a:novell:opensuse:libopenjpeg1-32bit
novellopensuselibopenjpeg1-debuginfop-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo
novellopensuselibopenjpeg1-debuginfo-32bitp-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo-32bit
novellopensuseopenjpegp-cpe:/a:novell:opensuse:openjpeg
novellopensuseopenjpeg-debuginfop-cpe:/a:novell:opensuse:openjpeg-debuginfo

Related

cve 1
redhat 1
fedora 4
centos 1
nessus 13
cvelist 1
openvas 17
veracode 1
nvd 1
oraclelinux 1
prion 1
amazon 1
ubuntucve 1
gentoo 1
securityvulns 1
debian 1
osv 1
freebsd 1
cve
cve
CVE-2012-3535
2012-09-05 23:55:02
redhat
redhat
(RHSA-2012:1283) Important: openjpeg security update
2012-09-17 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: openjpeg-1.5.0-5.fc18
2012-10-16 03:36:56
[SECURITY] Fedora 17 Update: openjpeg-1.4-14.fc17
2012-11-02 03:18:21
[SECURITY] Fedora 16 Update: openjpeg-1.4-14.fc16
2012-10-23 01:51:32
centos
centos
openjpeg security update
2012-09-17 20:46:30
nessus
nessus
Fedora 16 : openjpeg-1.4-14.fc16 (2012-14707)
2012-10-23 00:00:00
RHEL 6 : openjpeg (RHSA-2012:1283)
2012-09-18 00:00:00
Scientific Linux Security Update : openjpeg on SL6.x i386/x86_64 (20120917)
2012-09-18 00:00:00
cvelist
cvelist
CVE-2012-3535
2012-09-05 23:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2012-125)
2015-09-08 00:00:00
Mandriva Update for openjpeg MDVSA-2012:157 (openjpeg)
2012-10-05 00:00:00
RedHat Update for openjpeg RHSA-2012:1283-01
2012-09-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:51
nvd
nvd
CVE-2012-3535
2012-09-05 23:55:02
oraclelinux
oraclelinux
openjpeg security update
2012-09-17 00:00:00
prion
prion
Heap overflow
2012-09-05 23:55:00
amazon
amazon
Important: openjpeg
2012-09-22 21:35:00
ubuntucve
ubuntucve
CVE-2012-3535
2012-09-05 00:00:00
gentoo
gentoo
OpenJPEG: User-assisted execution of arbitrary code
2013-10-10 00:00:00
securityvulns
securityvulns
openjpeg library security vulnerabilities
2013-03-02 00:00:00
debian
debian
[SECURITY] [DSA 2629-1] openjpeg security update
2013-02-25 19:07:06
osv
osv
openjpeg - several issues
2013-02-25 00:00:00
freebsd
freebsd
openjpeg -- Multiple vulnerabilities
2012-05-13 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.5%

JSON
Related for OPENSUSE-2012-717.NASL
cve1redhat1fedora4centos1nessus13cvelist1openvas17veracode1nvd1oraclelinux1prion1amazon1ubuntucve1gentoo1securityvulns1debian1osv1freebsd1