Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20140227_LIBTIFF_ON_SL6_X.NASL
HistoryFeb 28, 2014 - 12:00 a.m.

Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 (20140227)

2014-02-2800:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.8%

JSON

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)

Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)

A flaw was found in the way libtiff handled OJPEG-encoded TIFF images.
An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash.
(CVE-2010-2596)

Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961)

All running applications linked against libtiff must be restarted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72739);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-2596", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232", "CVE-2013-4243", "CVE-2013-4244");

  script_name(english:"Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 (20140227)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)

Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)

A flaw was found in the way libtiff handled OJPEG-encoded TIFF images.
An attacker could use this flaw to create a specially crafted TIFF
file that would cause an application using libtiff to crash.
(CVE-2010-2596)

Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)

All running applications linked against libtiff must be restarted for
this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1402&L=scientific-linux-errata&T=0&P=3091
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7db8e2c4"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtiff");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtiff-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtiff-static");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"libtiff-3.9.4-10.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"libtiff-debuginfo-3.9.4-10.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"libtiff-devel-3.9.4-10.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"libtiff-static-3.9.4-10.el6_5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-devel / libtiff-static");
}
VendorProductVersionCPE
fermilabscientific_linuxlibtiffp-cpe:/a:fermilab:scientific_linux:libtiff
fermilabscientific_linuxlibtiff-debuginfop-cpe:/a:fermilab:scientific_linux:libtiff-debuginfo
fermilabscientific_linuxlibtiff-develp-cpe:/a:fermilab:scientific_linux:libtiff-devel
fermilabscientific_linuxlibtiff-staticp-cpe:/a:fermilab:scientific_linux:libtiff-static
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 45
openvas 49
veracode 7
oraclelinux 3
centos 2
redhat 3
amazon 2
f5 4
ubuntu 2
fedora 11
securityvulns 7
gentoo 3
debian 7
osv 4
mageia 3
slackware 1
altlinux 1
nvd 7
cvelist 7
prion 7
cve 7
debiancve 7
ubuntucve 7
archlinux 2
kitploit 1
nessus
nessus
Amazon Linux AMI : libtiff (ALAS-2014-307)
2014-03-18 00:00:00
Oracle Linux 6 : libtiff (ELSA-2014-0222)
2014-02-28 00:00:00
RHEL 6 : libtiff (RHSA-2014:0222)
2014-02-28 00:00:00
openvas
openvas
RedHat Update for libtiff RHSA-2014:0222-01
2014-03-04 00:00:00
Oracle: Security Advisory (ELSA-2014-0222)
2015-10-06 00:00:00
CentOS Update for libtiff CESA-2014:0222 centos6
2014-03-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
oraclelinux
oraclelinux
libtiff security update
2014-02-27 00:00:00
libtiff security update
2014-02-27 00:00:00
libtiff security update
2016-08-02 00:00:00
centos
centos
libtiff security update
2014-02-28 00:43:50
libtiff security update
2014-02-28 00:37:27
redhat
redhat
(RHSA-2014:0222) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0223) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0339) Important: rhev-hypervisor6 security update
2014-03-31 00:00:00
amazon
amazon
Medium: libtiff
2014-03-13 18:13:00
Medium: libtiff
2014-06-26 10:31:00
f5
f5
K16715 : Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
SOL16715 - Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
K16718 : libTIFF vulnerability CVE-2010-2596
2015-06-04 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2014-05-06 00:00:00
LibTIFF vulnerabilities
2013-05-21 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mingw-libtiff-4.0.3-4.fc19
2014-06-10 03:14:08
[SECURITY] Fedora 20 Update: mingw-libtiff-4.0.3-4.fc20
2014-06-10 02:56:35
[SECURITY] Fedora 19 Update: libtiff-4.0.3-10.fc19
2014-06-10 03:07:40
securityvulns
securityvulns
[SECURITY] [DSA 2744-1] tiff security update
2013-08-28 00:00:00
libtiff multiple security vulnerabilities
2013-08-28 00:00:00
[ MDVSA-2013:219 ] libtiff
2013-08-28 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2014-02-21 00:00:00
libTIFF: Multiple vulnerabilities
2012-09-23 00:00:00
libTIFF: Multiple vulnerabilities
2017-01-09 00:00:00
debian
debian
[SECURITY] [DSA 2744-1] tiff security update
2013-08-27 15:27:12
[SECURITY] [DSA 2698-1] tiff security update
2013-06-18 19:39:25
tiff security update
2014-07-01 18:01:35
osv
osv
tiff - several
2013-08-27 00:00:00
tiff - buffer overflow
2013-06-18 00:00:00
tiff - security update
2014-07-01 00:00:00
mageia
mageia
Updated libtiff packagess fix multiple security vulnerabilities
2013-08-22 22:20:56
Updated libtiff package fixes security vulnerability
2013-09-25 01:43:52
Updated libtiff packages fix CVE-2013-4244
2013-08-30 21:40:20
slackware
slackware
[slackware-security] libtiff
2013-10-18 19:38:32
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.0.10.0.57.f9fc01c3-alt1
2019-04-09 00:00:00
nvd
nvd
CVE-2010-2596
2010-07-02 12:43:53
CVE-2013-4231
2014-01-19 17:16:28
CVE-2013-1960
2013-07-03 18:55:00
cvelist
cvelist
CVE-2010-2596
2010-07-01 18:00:00
CVE-2013-4231
2014-01-19 15:00:00
CVE-2013-4232
2013-09-10 19:00:00
prion
prion
Input validation
2010-07-02 12:43:00
Design/Logic Flaw
2013-09-10 19:55:00
Buffer overflow
2014-01-19 17:16:00
cve
cve
CVE-2013-4232
2013-09-10 19:55:11
CVE-2010-2596
2010-07-02 12:43:53
CVE-2013-1960
2013-07-03 18:55:00
debiancve
debiancve
CVE-2013-4231
2014-01-19 17:16:28
CVE-2013-4232
2013-09-10 19:55:11
CVE-2010-2596
2010-07-02 12:43:53
ubuntucve
ubuntucve
CVE-2013-4231
2014-01-19 00:00:00
CVE-2013-1960
2013-05-02 00:00:00
CVE-2013-4232
2013-09-10 00:00:00
archlinux
archlinux
[ASA-201611-26] libtiff: multiple issues
2016-11-25 00:00:00
[ASA-201611-27] lib32-libtiff: multiple issues
2016-11-25 00:00:00
kitploit
kitploit
arch-audit - An utility like pkg-audit for Arch Linux
2016-10-15 14:30:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.8%

JSON
Related for SL_20140227_LIBTIFF_ON_SL6_X.NASL
nessus45openvas49veracode7oraclelinux3centos2redhat3amazon2f54ubuntu2fedora11securityvulns7gentoo3debian7osv4mageia3slackware1altlinux1nvd7cvelist7prion7cve7debiancve7ubuntucve7archlinux2kitploit1