Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SLACKWARE_SSA_2006-230-01.NASL
HistoryAug 21, 2006 - 12:00 a.m.

Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : libtiff (SSA:2006-230-01)

2006-08-2100:00:00
This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.362 Low

EPSS

Percentile

97.2%

JSON

New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program’s user. Thanks to Tavis Ormandy and the Google Security Team.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2006-230-01. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22236);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-3459", "CVE-2006-3460", "CVE-2006-3461", "CVE-2006-3462", "CVE-2006-3463", "CVE-2006-3464", "CVE-2006-3465");
  script_bugtraq_id(19287);
  script_xref(name:"SSA", value:"2006-230-01");

  script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : libtiff (SSA:2006-230-01)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New libtiff packages are available for Slackware 9.0, 9.1, 10.0,
10.1, 10.2, and -current to fix security issues. These issues could be
used to crash programs linked to libtiff or possibly to execute code
as the program's user. Thanks to Tavis Ormandy and the Google Security
Team."
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?27722a90"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libtiff package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Apple iOS MobileMail LibTIFF Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libtiff");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/08/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"9.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i386", pkgnum:"1_slack9.0")) flag++;

if (slackware_check(osver:"9.1", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"1_slack9.1")) flag++;

if (slackware_check(osver:"10.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++;

if (slackware_check(osver:"10.1", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++;

if (slackware_check(osver:"10.2", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++;

if (slackware_check(osver:"current", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
slackwareslackware_linuxlibtiffp-cpe:/a:slackware:slackware_linux:libtiff
slackwareslackware_linuxcpe:/o:slackware:slackware_linux
slackwareslackware_linux10.0cpe:/o:slackware:slackware_linux:10.0
slackwareslackware_linux10.1cpe:/o:slackware:slackware_linux:10.1
slackwareslackware_linux10.2cpe:/o:slackware:slackware_linux:10.2
slackwareslackware_linux9.0cpe:/o:slackware:slackware_linux:9.0
slackwareslackware_linux9.1cpe:/o:slackware:slackware_linux:9.1

Related

gentoo 1
openvas 9
debian 1
suse 1
ubuntu 1
nessus 16
slackware 1
osv 1
centos 4
securityvulns 2
seebug 2
oraclelinux 2
redhat 2
cvelist 8
cve 8
nvd 8
veracode 7
ubuntucve 7
debiancve 7
zdi 1
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2006-08-04 00:00:00
openvas
openvas
Debian Security Advisory DSA 1137-1 (tiff)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1137-1)
2008-01-17 00:00:00
Slackware Advisory SSA:2006-230-01 libtiff
2012-09-11 00:00:00
debian
debian
[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities
2006-08-02 18:28:12
suse
suse
possible remote code execution in libtiff
2006-08-01 16:39:12
ubuntu
ubuntu
tiff vulnerabilities
2006-08-03 00:00:00
nessus
nessus
GLSA-200608-07 : libTIFF: Multiple vulnerabilities
2006-08-07 00:00:00
Ubuntu 5.04 / 5.10 / 6.06 LTS : tiff vulnerabilities (USN-330-1)
2007-11-10 00:00:00
Debian DSA-1137-1 : tiff - several vulnerabilities
2006-10-14 00:00:00
slackware
slackware
[slackware-security] libtiff
2006-08-18 08:00:57
osv
osv
tiff - several vulnerabilities
2006-08-02 00:00:00
centos
centos
libtiff security update
2006-08-04 19:40:44
libtiff security update
2006-08-03 03:41:45
kdegraphics security update
2006-08-28 13:40:53
securityvulns
securityvulns
[ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities
2006-08-02 00:00:00
ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability
2011-10-31 00:00:00
seebug
seebug
Libtiff图形库多个安全漏洞
2006-11-04 00:00:00
Adobe Reader和Acrobat TIFF图像处理缓冲区溢出漏洞
2010-02-20 00:00:00
oraclelinux
oraclelinux
kdegraphics security update
2007-03-22 00:00:00
libtiff security update
2007-03-22 00:00:00
redhat
redhat
(RHSA-2006:0603) libtiff security update
2006-08-02 00:00:00
(RHSA-2006:0648) kdegraphics security update
2006-08-28 00:00:00
cvelist
cvelist
CVE-2006-4507
2006-08-31 23:00:00
CVE-2006-3465
2006-08-03 01:00:00
CVE-2006-3463
2006-08-03 01:00:00
cve
cve
CVE-2006-4507
2006-08-31 23:04:00
CVE-2006-3463
2006-08-03 01:04:00
CVE-2006-3465
2006-08-03 01:04:00
nvd
nvd
CVE-2006-4507
2006-08-31 23:04:00
CVE-2006-3463
2006-08-03 01:04:00
CVE-2006-3465
2006-08-03 01:04:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:11:52
Arbitrary Code Execution
2020-04-10 00:11:53
Arbitrary Code Execution
2020-04-10 00:11:52
ubuntucve
ubuntucve
CVE-2006-3463
2006-08-03 00:00:00
CVE-2006-3465
2006-08-03 00:00:00
CVE-2006-3462
2006-08-03 00:00:00
debiancve
debiancve
CVE-2006-3465
2006-08-03 01:04:00
CVE-2006-3460
2006-08-03 01:04:00
CVE-2006-3462
2006-08-03 01:04:00
zdi
zdi
Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability
2011-10-26 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.362 Low

EPSS

Percentile

97.2%

JSON
Related for SLACKWARE_SSA_2006-230-01.NASL
gentoo1openvas9debian1suse1ubuntu1nessus16slackware1osv1centos4securityvulns2seebug2oraclelinux2redhat2cvelist8cve8nvd8veracode7ubuntucve7debiancve7zdi1