Vulnerabilities > CVE-2008-0554 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netpbm

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

netpbm

CWE-119

nessus

NVD

Published: 2008-02-08

Updated: 2017-09-29

Summary

Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

Vulnerable Configurations

Part	Description	Count
Application	Netpbm Netpbm Netpbm *	1

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080228_NETPBM_ON_SL3_X.NASL
description	An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554)
last seen	2020-06-01
modified	2020-06-02
plugin id	60368
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60368
title	Scientific Linux Security Update : netpbm on SL3.x, SL4.x i386/x86_64
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60368); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2008-0554"); script_name(english:"Scientific Linux Security Update : netpbm on SL3.x, SL4.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0802&L=scientific-linux-errata&T=0&P=1781 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8de0da47" ); script_set_attribute( attribute:"solution", value: "Update the affected netpbm, netpbm-devel and / or netpbm-progs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"netpbm-9.24-11.30.5")) flag++; if (rpm_check(release:"SL3", reference:"netpbm-devel-9.24-11.30.5")) flag++; if (rpm_check(release:"SL3", reference:"netpbm-progs-9.24-11.30.5")) flag++; if (rpm_check(release:"SL4", reference:"netpbm-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"SL4", reference:"netpbm-devel-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"SL4", reference:"netpbm-progs-10.25-2.EL4.6.el4_6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-665-1.NASL
description	It was discovered that Netpbm could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	38074
published	2009-04-23
reporter	Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/38074
title	Ubuntu 6.06 LTS / 7.10 : netpbm-free vulnerability (USN-665-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-665-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(38074); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-0554"); script_xref(name:"USN", value:"665-1"); script_name(english:"Ubuntu 6.06 LTS / 7.10 : netpbm-free vulnerability (USN-665-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Netpbm could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/665-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnetpbm10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnetpbm10-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnetpbm9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnetpbm9-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:netpbm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06\|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"libnetpbm10", pkgver:"10.0-10ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnetpbm10-dev", pkgver:"10.0-10ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnetpbm9", pkgver:"10.0-10ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libnetpbm9-dev", pkgver:"10.0-10ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"netpbm", pkgver:"2:10.0-10ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libnetpbm10", pkgver:"10.0-11ubuntu0.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libnetpbm10-dev", pkgver:"10.0-11ubuntu0.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libnetpbm9", pkgver:"10.0-11ubuntu0.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libnetpbm9-dev", pkgver:"10.0-11ubuntu0.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"netpbm", pkgver:"2:10.0-11ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnetpbm10 / libnetpbm10-dev / libnetpbm9 / libnetpbm9-dev / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0131.NASL
description	From Red Hat Security Advisory 2008:0131 : Updated netpbm packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. The package includes no interactive tools and is primarily used by other programs (eg CGI scripts that manage website images). An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554) All users are advised to upgrade to these updated packages which contain a backported patch which resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	67652
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67652
title	Oracle Linux 3 / 4 : netpbm (ELSA-2008-0131)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0131 and # Oracle Linux Security Advisory ELSA-2008-0131 respectively. # include("compat.inc"); if (description) { script_id(67652); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2008-0554"); script_xref(name:"RHSA", value:"2008:0131"); script_name(english:"Oracle Linux 3 / 4 : netpbm (ELSA-2008-0131)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0131 : Updated netpbm packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. The package includes no interactive tools and is primarily used by other programs (eg CGI scripts that manage website images). An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554) All users are advised to upgrade to these updated packages which contain a backported patch which resolves this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000529.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000532.html" ); script_set_attribute( attribute:"solution", value:"Update the affected netpbm packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:netpbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:netpbm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:netpbm-progs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3\|4)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"netpbm-9.24-11.30.5")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"netpbm-9.24-11.30.5")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"netpbm-devel-9.24-11.30.5")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"netpbm-devel-9.24-11.30.5")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"netpbm-progs-9.24-11.30.5")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"netpbm-progs-9.24-11.30.5")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"netpbm-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"netpbm-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"netpbm-devel-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"netpbm-devel-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"netpbm-progs-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"netpbm-progs-10.25-2.EL4.6.el4_6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "netpbm / netpbm-devel / netpbm-progs"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12068.NASL
description	Specially crafted GIF images could cause a buffer overflow and crash netpbm. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code. (CVE-2008-0554)
last seen	2020-06-01
modified	2020-06-02
plugin id	41194
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41194
title	SuSE9 Security Update : netpbm (YOU Patch Number 12068)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41194); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-0554"); script_name(english:"SuSE9 Security Update : netpbm (YOU Patch Number 12068)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Specially crafted GIF images could cause a buffer overflow and crash netpbm. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code. (CVE-2008-0554)" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2008-0554/" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12068."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"libnetpbm-1.0.0-618.16")) flag++; if (rpm_check(release:"SUSE9", reference:"netpbm-10.11.4-172.16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1579.NASL
description	A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	32380
published	2008-05-19
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/32380
title	Debian DSA-1579-1 : netpbm-free - insufficient input sanitizing
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1579. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(32380); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2008-0554"); script_xref(name:"DSA", value:"1579"); script_name(english:"Debian DSA-1579-1 : netpbm-free - insufficient input sanitizing"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1579" ); script_set_attribute( attribute:"solution", value: "Upgrade the netpbm packages. For the stable distribution (etch), these problems have been fixed in version 2:10.0-11.1+etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:netpbm-free"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libnetpbm10", reference:"2:10.0-11.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnetpbm10-dev", reference:"2:10.0-11.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnetpbm9", reference:"2:10.0-11.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnetpbm9-dev", reference:"2:10.0-11.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"netpbm", reference:"2:10.0-11.1+etch1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0131.NASL
description	Updated netpbm packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. The package includes no interactive tools and is primarily used by other programs (eg CGI scripts that manage website images). An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554) All users are advised to upgrade to these updated packages which contain a backported patch which resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	31305
published	2008-02-28
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31305
title	RHEL 2.1 / 3 / 4 : netpbm (RHSA-2008:0131)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0131. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(31305); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-0554"); script_xref(name:"RHSA", value:"2008:0131"); script_name(english:"RHEL 2.1 / 3 / 4 : netpbm (RHSA-2008:0131)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated netpbm packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. The package includes no interactive tools and is primarily used by other programs (eg CGI scripts that manage website images). An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554) All users are advised to upgrade to these updated packages which contain a backported patch which resolves this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0554" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0131" ); script_set_attribute( attribute:"solution", value: "Update the affected netpbm, netpbm-devel and / or netpbm-progs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netpbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netpbm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netpbm-progs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1\|3\|4)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0131"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"netpbm-9.24-9.AS21.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"netpbm-devel-9.24-9.AS21.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"netpbm-progs-9.24-9.AS21.7")) flag++; if (rpm_check(release:"RHEL3", reference:"netpbm-9.24-11.30.5")) flag++; if (rpm_check(release:"RHEL3", reference:"netpbm-devel-9.24-11.30.5")) flag++; if (rpm_check(release:"RHEL3", reference:"netpbm-progs-9.24-11.30.5")) flag++; if (rpm_check(release:"RHEL4", reference:"netpbm-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"RHEL4", reference:"netpbm-devel-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"RHEL4", reference:"netpbm-progs-10.25-2.EL4.6.el4_6.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "netpbm / netpbm-devel / netpbm-progs"); } }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0131.NASL
description	Updated netpbm packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. The package includes no interactive tools and is primarily used by other programs (eg CGI scripts that manage website images). An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554) All users are advised to upgrade to these updated packages which contain a backported patch which resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	31301
published	2008-02-28
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31301
title	CentOS 3 / 4 : netpbm (CESA-2008:0131)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0131 and # CentOS Errata and Security Advisory 2008:0131 respectively. # include("compat.inc"); if (description) { script_id(31301); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-0554"); script_xref(name:"RHSA", value:"2008:0131"); script_name(english:"CentOS 3 / 4 : netpbm (CESA-2008:0131)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated netpbm packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. The package includes no interactive tools and is primarily used by other programs (eg CGI scripts that manage website images). An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554) All users are advised to upgrade to these updated packages which contain a backported patch which resolves this issue." ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014718.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?375723a1" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014719.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?06c68e04" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014722.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?25201b88" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014723.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f063c6ea" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014734.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7c9f0912" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014735.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?36963c27" ); script_set_attribute( attribute:"solution", value:"Update the affected netpbm packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:netpbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:netpbm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:netpbm-progs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3\|4)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"netpbm-9.24-11.30.5")) flag++; if (rpm_check(release:"CentOS-3", reference:"netpbm-devel-9.24-11.30.5")) flag++; if (rpm_check(release:"CentOS-3", reference:"netpbm-progs-9.24-11.30.5")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"netpbm-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"netpbm-10.25-2.EL4.6.c4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"netpbm-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"netpbm-devel-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"netpbm-devel-10.25-2.EL4.6.c4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"netpbm-devel-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"netpbm-progs-10.25-2.EL4.6.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"netpbm-progs-10.25-2.EL4.6.c4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"netpbm-progs-10.25-2.EL4.6.el4_6.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "netpbm / netpbm-devel / netpbm-progs"); }

Oval

accepted

2013-04-29T04:10:23.574-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10975

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	431525
title	CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment netpbm-progs is earlier than 0:10.25-2.EL4.6.el4_6.1
oval oval:com.redhat.rhsa:tst:20080131001
comment netpbm-progs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20080131002
AND
comment netpbm is earlier than 0:10.25-2.EL4.6.el4_6.1
oval oval:com.redhat.rhsa:tst:20080131003
comment netpbm is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20080131004
AND
comment netpbm-devel is earlier than 0:10.25-2.EL4.6.el4_6.1
oval oval:com.redhat.rhsa:tst:20080131005
comment netpbm-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20080131006

rhsa

id	RHSA-2008:0131
released	2008-02-28
severity	Moderate
title	RHSA-2008:0131: netpbm security update (Moderate)

rpms

netpbm-0:10.25-2.EL4.6.el4_6.1
netpbm-0:9.24-11.30.5
netpbm-0:9.24-9.AS21.7
netpbm-debuginfo-0:10.25-2.EL4.6.el4_6.1
netpbm-debuginfo-0:9.24-11.30.5
netpbm-devel-0:10.25-2.EL4.6.el4_6.1
netpbm-devel-0:9.24-11.30.5
netpbm-devel-0:9.24-9.AS21.7
netpbm-progs-0:10.25-2.EL4.6.el4_6.1
netpbm-progs-0:9.24-11.30.5
netpbm-progs-0:9.24-9.AS21.7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

References