Vulnerabilities > CVE-2002-0660 - Unspecified vulnerability in Greg Roelofs Libpng and Libpng3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
greg-roelofs
nessus

Summary

Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.

Vulnerable Configurations

Part Description Count
Application
Greg_Roelofs
2

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-140.NASL
    descriptionDevelopers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications which could potentially allow an attacker to execute malicious code. Programs such as Galeon, Konqueror and various others make use of these libraries. In addition to that, the packages below fix another potential buffer overflow. The PNG libraries implement a safety margin which is also included in a newer upstream release. Thanks to Glenn Randers-Pehrson for informing us. To find out which packages depend on this library, you may want to execute the following commands : apt-cache showpkg libpng2 apt-cache showpkg libpng3
    last seen2020-06-01
    modified2020-06-02
    plugin id14977
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14977
    titleDebian DSA-140-2 : libpng - buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-140. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14977);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:16");
    
      script_cve_id("CVE-2002-0660", "CVE-2002-0728");
      script_xref(name:"DSA", value:"140");
    
      script_name(english:"Debian DSA-140-2 : libpng - buffer overflow");
      script_summary(english:"Checks dpkg output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Developers of the PNG library have fixed a buffer overflow in the
    progressive reader when the PNG datastream contains more IDAT data
    than indicated by the IHDR chunk. Such deliberately malformed
    datastreams would crash applications which could potentially allow an
    attacker to execute malicious code. Programs such as Galeon, Konqueror
    and various others make use of these libraries.
    
    In addition to that, the packages below fix another potential buffer
    overflow. The PNG libraries implement a safety margin which is also
    included in a newer upstream release. Thanks to Glenn Randers-Pehrson
    for informing us.
    
    To find out which packages depend on this library, you may want to
    execute the following commands :
    
        apt-cache showpkg libpng2 apt-cache showpkg libpng3"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2002/dsa-140"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libpng packages immediately and restart programs and
    daemons that link to these libraries and read external data, such as
    web browsers.
    
    This problem has been fixed in version 1.0.12-3.woody.2 of libpng and
    version 1.2.1-1.1.woody.2 of libpng3 for the current stable
    distribution (woody) and in version 1.0.12-4 of libpng and version
    1.2.1-2 of libpng3 for the unstable distribution (sid). The potato
    release of Debian does not seem to be vulnerable."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpng");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpng3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2002/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"libpng-dev", reference:"1.2.1-1.1.woody.2")) flag++;
    if (deb_check(release:"3.0", prefix:"libpng2", reference:"1.0.12-3.woody.2")) flag++;
    if (deb_check(release:"3.0", prefix:"libpng2-dev", reference:"1.0.12-3.woody.2")) flag++;
    if (deb_check(release:"3.0", prefix:"libpng3", reference:"1.2.1-1.1.woody.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2002-152.NASL
    descriptionUpdated libpng packages are available that fix a buffer overflow vulnerability. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. Versions of libpng prior to 1.0.14 contain a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications linked to libpng such as Mozilla that use the progressive reading feature. Packages within Red Hat Linux Advanced Server , such as Mozilla, make use of the shared libpng library, therefore all users are advised to upgrade to the errata packages which contain libpng 1.0.14. Libpng 1.0.14 is not vulnerable to this issue and contains fixes for other bugs including a number of memory leaks.
    last seen2020-06-01
    modified2020-06-02
    plugin id12313
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12313
    titleRHEL 2.1 : libpng (RHSA-2002:152)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2002:152. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12313);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:09");
    
      script_cve_id("CVE-2002-0660", "CVE-2002-0728");
      script_xref(name:"RHSA", value:"2002:152");
    
      script_name(english:"RHEL 2.1 : libpng (RHSA-2002:152)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated libpng packages are available that fix a buffer overflow
    vulnerability.
    
    The libpng package contains a library of functions for creating and
    manipulating PNG (Portable Network Graphics) image format files. PNG
    is a bit-mapped graphics format similar to the GIF format.
    
    Versions of libpng prior to 1.0.14 contain a buffer overflow in the
    progressive reader when the PNG datastream contains more IDAT data
    than indicated by the IHDR chunk. Such deliberately malformed
    datastreams would crash applications linked to libpng such as Mozilla
    that use the progressive reading feature.
    
    Packages within Red Hat Linux Advanced Server , such as Mozilla, make
    use of the shared libpng library, therefore all users are advised to
    upgrade to the errata packages which contain libpng 1.0.14. Libpng
    1.0.14 is not vulnerable to this issue and contains fixes for other
    bugs including a number of memory leaks."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-0660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-0728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2002:152"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng and / or libpng-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2002/08/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2002/08/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2002:152";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libpng-1.0.14-0.7x.3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libpng-devel-1.0.14-0.7x.3")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng / libpng-devel");
      }
    }
    

Redhat

advisories
  • rhsa
    idRHSA-2002:151
  • rhsa
    idRHSA-2002:152