Vulnerabilities > CVE-2005-0639

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xli
altlinux
suse
nessus

Summary

Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-694.NASL
    descriptionSeveral vulnerabilities have been discovered in xloadimage, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0638 Tavis Ormandy of the Gentoo Linux Security Audit Team has reported a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. - CAN-2005-0639 Insufficient validation of image properties have been discovered which could potentially result in buffer management errors.
    last seen2020-06-01
    modified2020-06-02
    plugin id17577
    published2005-03-21
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17577
    titleDebian DSA-694-1 : xloadimage - missing input sanitising, integer overflow
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-694. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17577);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2005-0638", "CVE-2005-0639");
      script_xref(name:"DSA", value:"694");
    
      script_name(english:"Debian DSA-694-1 : xloadimage - missing input sanitising, integer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in xloadimage, an image
    viewer for X11. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CAN-2005-0638
        Tavis Ormandy of the Gentoo Linux Security Audit Team
        has reported a flaw in the handling of compressed
        images, where shell meta-characters are not adequately
        escaped.
    
      - CAN-2005-0639
    
        Insufficient validation of image properties have been
        discovered which could potentially result in buffer
        management errors."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298926"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-694"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the xloadimage package.
    
    For the stable distribution (woody) these problems have been fixed in
    version 4.1-10woody1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xloadimage");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/21");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"xloadimage", reference:"4.1-10woody1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200503-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200503-05 (xli, xloadimage: Multiple vulnerabilities) Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. Rob Holland of the Gentoo Linux Security Audit Team has reported that an xloadimage vulnerability in the handling of Faces Project images discovered by zen-parse in 2001 remained unpatched in xli. Additionally, it has been reported that insufficient validation of image properties in xli could potentially result in buffer management errors. Impact : Successful exploitation would permit a remote attacker to execute arbitrary shell commands, or arbitrary code with the privileges of the xloadimage or xli user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17261
    published2005-03-04
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17261
    titleGLSA-200503-05 : xli, xloadimage: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-695.NASL
    descriptionSeveral vulnerabilities have been discovered in xli, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2001-0775 A buffer overflow in the decoder for FACES format images could be exploited by an attacker to execute arbitrary code. This problem has already been fixed in xloadimage in DSA 069. - CAN-2005-0638 Tavis Ormandy of the Gentoo Linux Security Audit Team has reported a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. - CAN-2005-0639 Insufficient validation of image properties in have been discovered which could potentially result in buffer management errors.
    last seen2020-06-01
    modified2020-06-02
    plugin id17578
    published2005-03-21
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17578
    titleDebian DSA-695-1 : xli - buffer overflow, input sanitising, integer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-076.NASL
    descriptionA number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CVE-2005-0638). It was also found that insufficient validation of image properties could potentially result in buffer management errors (CVE-2005-0639). The updated packages have been patched to correct these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id18106
    published2005-04-21
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18106
    titleMandrake Linux Security Advisory : xli (MDKSA-2005:076)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-060.NASL
    descriptionA number of vulnerabilities were discovered by Stefano Di Paola in the MySQL server : If an authenticated user had INSERT privileges on the
    last seen2020-06-01
    modified2020-06-02
    plugin id17601
    published2005-03-23
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17601
    titleMandrake Linux Security Advisory : MySQL (MDKSA-2005:060)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_BFBBD5053BD6409C8C67445D3635CF4B.NASL
    descriptionTavis Ormandy discovered several integer overflows in xli
    last seen2020-06-01
    modified2020-06-02
    plugin id19107
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19107
    titleFreeBSD : xli -- integer overflows in image size calculations (bfbbd505-3bd6-409c-8c67-445d3635cf4b)