Lucene search

K
openvasCopyright (C) 2008 E-Soft Inc.OPENVAS:136141256231058459
HistorySep 24, 2008 - 12:00 a.m.

Gentoo Security Advisory GLSA 200707-06 (xnview)

2008-09-2400:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
4

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.263

Percentile

96.8%

The remote host is missing updates announced in
advisory GLSA 200707-06.

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.58459");
  script_version("2023-07-19T05:05:15+0000");
  script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
  script_cve_id("CVE-2007-2194");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Gentoo Security Advisory GLSA 200707-06 (xnview)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("Gentoo Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
  script_tag(name:"insight", value:"XnView is vulnerable to a stack-based buffer overflow and possible remote
code execution when handling XPM image files.");
  script_tag(name:"solution", value:"No update appears to be forthcoming from the XnView developer and XnView is
proprietary, so the XnView package has been masked in Portage. We recommend
that users select an alternate graphics viewer and conversion utility, and
unmerge XnView:

    # emerge --unmerge xnview");

  script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200707-06");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=175670");
  script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200707-06.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");

res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"x11-misc/xnview", unaffected: make_list(), vulnerable: make_list("lt 1.70"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.263

Percentile

96.8%