Lucene search
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_2_FREETYPE2-101013.NASLHistoryOct 15, 2010 - 12:00 a.m.
openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)
2010-10-1500:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.309
Percentile
97.0%
When loading specially crafted font files applications linked against freetype2 could crash or potentially even execute arbitrary code (CVE-2010-3311, CVE-2010-3053, CVE-2010-3054).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update freetype2-3322.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(49994);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-3053", "CVE-2010-3054", "CVE-2010-3311");
script_name(english:"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)");
script_summary(english:"Check for the freetype2-3322 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"When loading specially crafted font files applications linked against
freetype2 could crash or potentially even execute arbitrary code
(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=633938"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=633943"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=641580"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2010-10/msg00015.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected freetype2 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
script_set_attribute(attribute:"patch_publication_date", value:"2010/10/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.2", reference:"freetype2-2.3.9-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"freetype2-devel-2.3.9-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"freetype2-32bit-2.3.9-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"freetype2-devel-32bit-2.3.9-2.4.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2 / freetype2-32bit / freetype2-devel / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | freetype2 | p-cpe:/a:novell:opensuse:freetype2 |
| novell | opensuse | freetype2-32bit | p-cpe:/a:novell:opensuse:freetype2-32bit |
| novell | opensuse | freetype2-devel | p-cpe:/a:novell:opensuse:freetype2-devel |
| novell | opensuse | freetype2-devel-32bit | p-cpe:/a:novell:opensuse:freetype2-devel-32bit |
| novell | opensuse | 11.2 | cpe:/o:novell:opensuse:11.2 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311
bugzilla.novell.com/show_bug.cgi?id=633938
bugzilla.novell.com/show_bug.cgi?id=633943
bugzilla.novell.com/show_bug.cgi?id=641580
lists.opensuse.org/opensuse-updates/2010-10/msg00015.html
Related
nessus
nessus
openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)
2014-06-13 00:00:00
openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)
2010-10-15 00:00:00
SuSE9 Security Update : freetype2 (YOU Patch Number 12656)
2010-10-11 00:00:00
oraclelinux
oraclelinux
freetype security update
2010-10-04 00:00:00
freetype security update
2010-10-04 00:00:00
freetype security update
2010-11-16 00:00:00
openvas
openvas
RedHat Update for freetype RHSA-2010:0736-01
2010-10-19 00:00:00
CentOS Update for freetype CESA-2010:0736 centos3 i386
2010-10-19 00:00:00
CentOS Update for freetype CESA-2010:0736 centos3 i386
2010-10-19 00:00:00
centos
centos
freetype security update
2010-10-05 15:49:55
freetype security update
2010-10-04 20:11:54
redhat
redhat
(RHSA-2010:0736) Important: freetype security update
2010-10-04 00:00:00
(RHSA-2010:0737) Important: freetype security update
2010-10-04 00:00:00
(RHSA-2010:0864) Important: freetype security update
2010-11-10 00:00:00
prion
prion
Design/Logic Flaw
2010-08-19 18:00:00
Design/Logic Flaw
2010-08-19 18:00:00
Integer overflow
2011-01-07 23:00:00
cvelist
cvelist
nvd
nvd
cve
cve
debian
debian
[SECURITY] [DSA-2116-1] New freetype packages integer overflow
2010-10-04 21:03:33
[SECURITY] [DSA-2116-1] New freetype packages integer overflow
2010-10-04 21:03:33
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
fedora
fedora
[SECURITY] Fedora 14 Update: freetype-2.4.2-3.fc14
2010-10-13 12:47:51
[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12
2010-11-01 20:53:44
[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13
2010-10-19 07:23:19
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:48:58
Denial Of Service (DoS)
2020-04-10 00:48:58
securityvulns
securityvulns
[SECURITY] [DSA-2116-1] New freetype packages integer overflow
2010-10-06 00:00:00
freetype library multiple security vulnerabilities
2011-11-27 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
ubuntu
ubuntu
FreeType vulnerabilities
2010-11-04 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-01-23 00:00:00
osv
osv
freetype - several vulnerabilities
2010-09-07 00:00:00
suse
suse
Security update for freetype2 (important)
2012-04-23 18:08:18
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.309
Percentile
97.0%
Related for SUSE_11_2_FREETYPE2-101013.NASL