Vulnerabilities > CVE-2005-0639
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-694.NASL description Several vulnerabilities have been discovered in xloadimage, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0638 Tavis Ormandy of the Gentoo Linux Security Audit Team has reported a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. - CAN-2005-0639 Insufficient validation of image properties have been discovered which could potentially result in buffer management errors. last seen 2020-06-01 modified 2020-06-02 plugin id 17577 published 2005-03-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17577 title Debian DSA-694-1 : xloadimage - missing input sanitising, integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-694. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(17577); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-0638", "CVE-2005-0639"); script_xref(name:"DSA", value:"694"); script_name(english:"Debian DSA-694-1 : xloadimage - missing input sanitising, integer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in xloadimage, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0638 Tavis Ormandy of the Gentoo Linux Security Audit Team has reported a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. - CAN-2005-0639 Insufficient validation of image properties have been discovered which could potentially result in buffer management errors." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298926" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-694" ); script_set_attribute( attribute:"solution", value: "Upgrade the xloadimage package. For the stable distribution (woody) these problems have been fixed in version 4.1-10woody1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xloadimage"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/21"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"xloadimage", reference:"4.1-10woody1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-05.NASL description The remote host is affected by the vulnerability described in GLSA-200503-05 (xli, xloadimage: Multiple vulnerabilities) Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. Rob Holland of the Gentoo Linux Security Audit Team has reported that an xloadimage vulnerability in the handling of Faces Project images discovered by zen-parse in 2001 remained unpatched in xli. Additionally, it has been reported that insufficient validation of image properties in xli could potentially result in buffer management errors. Impact : Successful exploitation would permit a remote attacker to execute arbitrary shell commands, or arbitrary code with the privileges of the xloadimage or xli user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17261 published 2005-03-04 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17261 title GLSA-200503-05 : xli, xloadimage: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-695.NASL description Several vulnerabilities have been discovered in xli, an image viewer for X11. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2001-0775 A buffer overflow in the decoder for FACES format images could be exploited by an attacker to execute arbitrary code. This problem has already been fixed in xloadimage in DSA 069. - CAN-2005-0638 Tavis Ormandy of the Gentoo Linux Security Audit Team has reported a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. - CAN-2005-0639 Insufficient validation of image properties in have been discovered which could potentially result in buffer management errors. last seen 2020-06-01 modified 2020-06-02 plugin id 17578 published 2005-03-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17578 title Debian DSA-695-1 : xli - buffer overflow, input sanitising, integer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-076.NASL description A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CVE-2005-0638). It was also found that insufficient validation of image properties could potentially result in buffer management errors (CVE-2005-0639). The updated packages have been patched to correct these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 18106 published 2005-04-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18106 title Mandrake Linux Security Advisory : xli (MDKSA-2005:076) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-060.NASL description A number of vulnerabilities were discovered by Stefano Di Paola in the MySQL server : If an authenticated user had INSERT privileges on the last seen 2020-06-01 modified 2020-06-02 plugin id 17601 published 2005-03-23 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17601 title Mandrake Linux Security Advisory : MySQL (MDKSA-2005:060) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BFBBD5053BD6409C8C67445D3635CF4B.NASL description Tavis Ormandy discovered several integer overflows in xli last seen 2020-06-01 modified 2020-06-02 plugin id 19107 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19107 title FreeBSD : xli -- integer overflows in image size calculations (bfbbd505-3bd6-409c-8c67-445d3635cf4b)