Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Eero VolotinenOPENVAS:1361412562310121443
HistoryMar 08, 2016 - 12:00 a.m.

Gentoo Security Advisory GLSA 201603-01

2016-03-0800:00:00
Copyright (C) 2016 Eero Volotinen
plugins.openvas.org
31

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.764

Percentile

98.2%

JSON

Gentoo Linux Local Security Checks GLSA 201603-01

# SPDX-FileCopyrightText: 2016 Eero Volotinen
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.121443");
  script_version("2023-07-20T05:05:17+0000");
  script_tag(name:"creation_date", value:"2016-03-08 07:14:12 +0200 (Tue, 08 Mar 2016)");
  script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
  script_name("Gentoo Security Advisory GLSA 201603-01");
  script_tag(name:"insight", value:"GIMPs network server, scriptfu, is vulnerable to the remote execution of arbitrary code via the python-fu-eval command due to not requiring authentication. Additionally, the X Window Dump (XWD) plugin is vulnerable to multiple buffer overflows possibly allowing the remote execution of arbitrary code or Denial of Service. The XWD plugin is vulnerable due to not validating large color entries.");
  script_tag(name:"solution", value:"Update the affected packages to the latest available version.");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"URL", value:"https://security.gentoo.org/glsa/201603-01");
  script_cve_id("CVE-2012-4245", "CVE-2013-1913", "CVE-2013-1978");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"qod_type", value:"package");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
  script_category(ACT_GATHER_INFO);
  script_tag(name:"summary", value:"Gentoo Linux Local Security Checks GLSA 201603-01");
  script_copyright("Copyright (C) 2016 Eero Volotinen");
  script_family("Gentoo Local Security Checks");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-gentoo.inc");

res = "";
report = "";

if((res=ispkgvuln(pkg:"media-gfx/gimp", unaffected: make_list("ge 2.8.0"), vulnerable: make_list("lt 2.8.0"))) != NULL) {
  report += res;
}

if(report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}

Related

nessus 15
gentoo 1
openvas 18
ubuntu 1
fedora 3
mageia 1
securityvulns 4
redhat 1
veracode 2
centos 1
oraclelinux 2
prion 3
debiancve 3
nvd 3
ubuntucve 3
cve 3
checkpoint_advisories 1
cvelist 3
debian 1
nessus
nessus
GLSA-201603-01 : GIMP: Multiple vulnerabilities
2016-03-07 00:00:00
Fedora 19 : gimp-2.8.10-4.fc19 (2013-22776)
2013-12-17 00:00:00
Mandriva Linux Security Advisory : gimp (MDVSA-2013:293)
2013-12-18 00:00:00
gentoo
gentoo
GIMP: Multiple vulnerabilities
2016-03-06 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2051-1)
2013-12-17 00:00:00
Fedora Update for gimp FEDORA-2013-22701
2014-02-03 00:00:00
Fedora Update for gimp FEDORA-2013-22771
2013-12-17 00:00:00
ubuntu
ubuntu
GIMP vulnerability
2013-12-09 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: gimp-2.8.10-4.fc20
2013-12-14 02:52:35
[SECURITY] Fedora 18 Update: gimp-2.8.10-4.fc18
2013-12-16 22:56:52
[SECURITY] Fedora 19 Update: gimp-2.8.10-4.fc19
2013-12-16 23:03:12
mageia
mageia
Updated gimp package fixes security vulnerabilities
2013-12-07 02:00:45
securityvulns
securityvulns
GNU GIMP memory corruption
2013-12-09 00:00:00
[USN-2051-1] GIMP vulnerability
2013-12-09 00:00:00
GIMP Scriptfu Python Remote Command Execution
2012-08-20 00:00:00
redhat
redhat
(RHSA-2013:1778) Moderate: gimp security update
2013-12-03 00:00:00
veracode
veracode
Integer Overflow
2019-05-02 04:59:20
Arbitrary Code Execution
2019-05-02 04:59:20
centos
centos
gimp security update
2013-12-03 22:52:31
oraclelinux
oraclelinux
gimp security, bug fix, and enhancement update
2016-11-09 00:00:00
gimp security update
2013-12-03 00:00:00
prion
prion
Integer overflow
2013-12-12 18:55:00
Heap overflow
2013-12-12 18:55:00
Command injection
2012-08-31 18:55:00
debiancve
debiancve
CVE-2013-1913
2013-12-12 18:55:10
CVE-2012-4245
2012-08-31 18:55:05
CVE-2013-1978
2013-12-12 18:55:10
nvd
nvd
CVE-2013-1913
2013-12-12 18:55:10
CVE-2013-1978
2013-12-12 18:55:10
CVE-2012-4245
2012-08-31 18:55:05
ubuntucve
ubuntucve
CVE-2013-1913
2013-12-04 00:00:00
CVE-2013-1978
2013-12-04 00:00:00
CVE-2012-4245
2012-08-31 00:00:00
cve
cve
CVE-2013-1913
2013-12-12 18:55:10
CVE-2013-1978
2013-12-12 18:55:10
CVE-2012-4245
2012-08-31 18:55:05
checkpoint_advisories
checkpoint_advisories
GIMP XWD File Handling Heap Buffer Overflow (CVE-2013-1978)
2013-12-22 00:00:00
cvelist
cvelist
CVE-2013-1913
2013-12-12 18:00:00
CVE-2013-1978
2013-12-12 18:00:00
CVE-2012-4245
2012-08-31 18:00:00
debian
debian
[SECURITY] [DSA 2813-1] gimp security update
2013-12-09 17:11:44

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.764

Percentile

98.2%

JSON
Related for OPENVAS:1361412562310121443
nessus15gentoo1openvas18ubuntu1fedora3mageia1securityvulns4redhat1veracode2centos1oraclelinux2prion3debiancve3nvd3ubuntucve3cve3checkpoint_advisories1cvelist3debian1