Vulnerabilities > CVE-2009-0723 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-137.NASL description Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK : A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). Further security fixes in the JRE and in the Java API of OpenJDK : A flaw in handling temporary font files by the Java Virtual Machine (JVM) allows remote attackers to cause denial of service (CVE-2006-2426). An integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service (CVE-2009-0794). A flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service (CVE-2009-1093). A flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response (CVE-2009-1094). Buffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet (CVE-2009-1095, CVE-2009-1096). A buffer overflow in the splash screen processing allows a attackers to execute arbitrary code (CVE-2009-1097). A buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image (CVE-2009-1098). A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling allows remote attackers to cause a denial of service on the service endpoint last seen 2020-06-01 modified 2020-06-02 plugin id 39478 published 2009-06-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39478 title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:137. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(39478); script_version ("1.22"); script_cvs_date("Date: 2019/08/02 13:32:52"); script_cve_id( "CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-0794", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102" ); script_bugtraq_id( 34185, 34240, 34411 ); script_xref(name:"MDVSA", value:"2009:137"); script_name(english:"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK : A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). Further security fixes in the JRE and in the Java API of OpenJDK : A flaw in handling temporary font files by the Java Virtual Machine (JVM) allows remote attackers to cause denial of service (CVE-2006-2426). An integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service (CVE-2009-0794). A flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service (CVE-2009-1093). A flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response (CVE-2009-1094). Buffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet (CVE-2009-1095, CVE-2009-1096). A buffer overflow in the splash screen processing allows a attackers to execute arbitrary code (CVE-2009-1097). A buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image (CVE-2009-1098). A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling allows remote attackers to cause a denial of service on the service endpoint's server side (CVE-2009-1101). A flaw in the Java Runtime Environment Virtual Machine code generation allows remote attackers to execute arbitrary code via a crafted applet (CVE-2009-1102). This update provides fixes for these issues. Update : java-1.6.0-openjdk requires rhino packages and these has been further updated." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(16, 20, 94, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-manual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"rhino-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"rhino-demo-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"rhino-javadoc-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"rhino-manual-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"rhino-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"rhino-demo-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"rhino-javadoc-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"rhino-manual-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0377.NASL description From Red Hat Security Advisory 2009:0377 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the last seen 2020-06-01 modified 2020-06-02 plugin id 67831 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67831 title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0377 and # Oracle Linux Security Advisory ELSA-2009-0377 respectively. # include("compat.inc"); if (description) { script_id(67831); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"); script_bugtraq_id(34185, 34240); script_xref(name:"RHSA", value:"2009:0377"); script_name(english:"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:0377 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-April/000953.html" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1.6.0-openjdk packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(16, 20, 94, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.0.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.0.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.0.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.0.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.0.1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0339.NASL description From Red Hat Security Advisory 2009:0339 : Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS, or simply last seen 2020-06-01 modified 2020-06-02 plugin id 67819 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67819 title Oracle Linux 5 : lcms (ELSA-2009-0339) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0339 and # Oracle Linux Security Advisory ELSA-2009-0339 respectively. # include("compat.inc"); if (description) { script_id(67819); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733"); script_xref(name:"RHSA", value:"2009:0339"); script_name(english:"Oracle Linux 5 : lcms (ELSA-2009-0339)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:0339 : Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS, or simply 'lcms') is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733) A memory leak flaw was found in LittleCMS. An application using LittleCMS could use excessive amount of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Red Hat would like to thank Chris Evans from the Google Security Team for reporting these issues. All users of LittleCMS should install these updated packages, which upgrade LittleCMS to version 1.18. All running applications using the lcms library must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-March/000923.html" ); script_set_attribute(attribute:"solution", value:"Update the affected lcms packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:lcms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:lcms-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-lcms"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/23"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"lcms-1.18-0.1.beta1.el5_3.2")) flag++; if (rpm_check(release:"EL5", reference:"lcms-devel-1.18-0.1.beta1.el5_3.2")) flag++; if (rpm_check(release:"EL5", reference:"python-lcms-1.18-0.1.beta1.el5_3.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lcms / lcms-devel / python-lcms"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0377.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the last seen 2020-06-01 modified 2020-06-02 plugin id 36111 published 2009-04-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36111 title RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0377. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(36111); script_version ("1.32"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"); script_bugtraq_id(34185, 34240); script_xref(name:"RHSA", value:"2009:0377"); script_name(english:"RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-2426" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0581" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0723" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0733" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0793" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1093" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1094" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1095" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1096" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1097" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1098" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1101" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1102" ); # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?025abcaa" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:0377" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(16, 20, 94, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:0377"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_11_1_LCMS-090309.NASL description Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733). last seen 2020-06-01 modified 2020-06-02 plugin id 40255 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40255 title openSUSE Security Update : lcms (lcms-581) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update lcms-581. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40255); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733"); script_name(english:"openSUSE Security Update : lcms (lcms-581)"); script_summary(english:"Check for the lcms-581 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=479606" ); script_set_attribute(attribute:"solution", value:"Update the affected lcms packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lcms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-lcms"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"lcms-1.17-44.59.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"liblcms-devel-1.17-44.59.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"liblcms1-1.17-44.59.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"python-lcms-1.17-44.59.1") ) flag++; if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"liblcms-devel-32bit-1.17-44.59.1") ) flag++; if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"liblcms1-32bit-1.17-44.59.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lcms / liblcms-devel / liblcms-devel-32bit / liblcms1 / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2009-3034.NASL description lcms in OpenJDK upgraded to 1.18 fixing many related security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36025 published 2009-03-27 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36025 title Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 (2009-3034) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-3034. # include("compat.inc"); if (description) { script_id(36025); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733"); script_xref(name:"FEDORA", value:"2009-3034"); script_name(english:"Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 (2009-3034)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "lcms in OpenJDK upgraded to 1.18 fixing many related security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=487508" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=487509" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=487512" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021715.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?15f2963b" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1.6.0-openjdk package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0339.NASL description Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS, or simply last seen 2020-06-01 modified 2020-06-02 plugin id 35970 published 2009-03-20 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35970 title RHEL 5 : lcms (RHSA-2009:0339) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1769.NASL description Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. - CVE-2006-2426 Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. - CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 / CVE-2009-0793 Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581 ), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733 ), and a NULL pointer dereference, leading to denial of service (CVE-2009-0793 ). - CVE-2009-1093 The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition. - CVE-2009-1094 The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client. - CVE-2009-1101 The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability. - CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 / CVE-2009-1098 Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless. last seen 2020-06-01 modified 2020-06-02 plugin id 36142 published 2009-04-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36142 title Debian DSA-1769-1 : openjdk-6 - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-744-1.NASL description Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. (CVE-2009-0581) Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2009-0723) Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges. (CVE-2009-0733). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37935 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37935 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : lcms vulnerabilities (USN-744-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LCMS-090309.NASL description Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733). last seen 2020-06-01 modified 2020-06-02 plugin id 40020 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40020 title openSUSE Security Update : lcms (lcms-581) NASL family Fedora Local Security Checks NASL id FEDORA_2009-2910.NASL description Some patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35994 published 2009-03-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35994 title Fedora 9 : lcms-1.18-0.1.beta2.fc9 (2009-2910) NASL family Fedora Local Security Checks NASL id FEDORA_2009-2928.NASL description - Mon Mar 23 2009 kwizart < kwizart at gmail.com > - 1.18-1 - Update to 1.18 (final) - Remove upstreamed patches - Disable autoreconf - patch libtool to prevent rpath issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35996 published 2009-03-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35996 title Fedora 9 : lcms-1.18-1.fc9 (2009-2928) NASL family Fedora Local Security Checks NASL id FEDORA_2009-2983.NASL description Fixes important lcms security bug which gives unwarranted access to malicious users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35997 published 2009-03-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35997 title Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.21.b09.fc9 (2009-2983) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-083-01.NASL description New lcms packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36009 published 2009-03-25 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36009 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : lcms (SSA:2009-083-01) NASL family SuSE Local Security Checks NASL id SUSE_11_LCMS-090317.NASL description Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code. (CVE-2009-0723 / CVE-2009-0581 / CVE-2009-0733) last seen 2020-06-01 modified 2020-06-02 plugin id 41417 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41417 title SuSE 11 Security Update : lcms (SAT Patch Number 635) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-090312.NASL description Specially crafted image files could cause an integer overflow in the lcms library contained in openjdk. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733). last seen 2020-06-01 modified 2020-06-02 plugin id 40239 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40239 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-602) NASL family SuSE Local Security Checks NASL id SUSE9_12361.NASL description Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code. (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733) last seen 2020-06-01 modified 2020-06-02 plugin id 41284 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41284 title SuSE9 Security Update : liblcms (YOU Patch Number 12361) NASL family Scientific Linux Local Security Checks NASL id SL_20090319_LCMS_ON_SL5_X.NASL description Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733) A memory leak flaw was found in LittleCMS. An application using LittleCMS could use excessive amount of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) All running applications using the lcms library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60550 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60550 title Scientific Linux Security Update : lcms on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_6_0-OPENJDK-090312.NASL description Specially crafted image files could cause an integer overflow in the lcms library contained in openjdk. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733). This update also fixes problems with package dependencies that prevented installation of the package. last seen 2020-06-01 modified 2020-06-02 plugin id 40000 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40000 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-603) NASL family SuSE Local Security Checks NASL id SUSE_LIBLCMS-6048.NASL description Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code. (CVE-2009-0723 / CVE-2009-0581 / CVE-2009-0733) last seen 2020-06-01 modified 2020-06-02 plugin id 41544 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41544 title SuSE 10 Security Update : liblcms (ZYPP Patch Number 6048) NASL family Fedora Local Security Checks NASL id FEDORA_2009-2970.NASL description Some patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36384 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36384 title Fedora 10 : lcms-1.18-0.1.beta2.fc10 (2009-2970) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-121.NASL description Multiple security vulnerabilities has been identified and fixed in Little cms : A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). This update provides fixes for these issues. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 38865 published 2009-05-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38865 title Mandriva Linux Security Advisory : lcms (MDVSA-2009:121-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200904-19.NASL description The remote host is affected by the vulnerability described in GLSA-200904-19 (LittleCMS: Multiple vulnerabilities) RedHat reported a NULL pointer dereference flaw while processing monochrome ICC profiles (CVE-2009-0793). Chris Evans of Google discovered the following vulnerabilities: LittleCMS contains severe memory leaks (CVE-2009-0581). LittleCMS is prone to multiple integer overflows, leading to a heap-based buffer overflow (CVE-2009-0723). The ReadSetOfCurves() function is vulnerable to stack-based buffer overflows when called from code paths without a bounds check on channel counts (CVE-2009-0733). Impact : A remote attacker could entice a user or automated system to open a specially crafted file containing a malicious ICC profile, possibly resulting in the execution of arbitrary code with the privileges of the user running the application or memory exhaustion, leading to a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 36198 published 2009-04-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36198 title GLSA-200904-19 : LittleCMS: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_LIBLCMS-6049.NASL description Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733). last seen 2020-06-01 modified 2020-06-02 plugin id 36007 published 2009-03-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36007 title openSUSE 10 Security Update : liblcms (liblcms-6049) NASL family Fedora Local Security Checks NASL id FEDORA_2009-2982.NASL description Fixes important lcms security bug which gives unwarranted access to malicious users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38080 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38080 title Fedora 10 : java-1.6.0-openjdk-1.6.0.0-11.b14.fc10 (2009-2982) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0377.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the last seen 2020-06-01 modified 2020-06-02 plugin id 43736 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43736 title CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1745.NASL description Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. - CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. - CVE-2009-0733 Chris Evans discovered the lack of upper-bounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 35967 published 2009-03-20 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35967 title Debian DSA-1745-1 : lcms - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2009-2903.NASL description - Mon Mar 23 2009 kwizart < kwizart at gmail.com > - 1.18-1 - Update to 1.18 (final) - Remove upstreamed patches - Disable autoreconf - patch libtool to prevent rpath issue - Fri Mar 20 2009 kwizart < kwizart at gmail.com > - 1.18-0.1.beta2 - Update to 1.18beta2 fix bug #487508: CVE-2009-0723 LittleCms integer overflow fix bug #487512: CVE-2009-0733 LittleCms lack of upper-bounds check on sizes fix bug #487509: CVE-2009-0581 LittleCms memory leak - Mon Mar 2 2009 kwizart < kwizart at gmail.com > - 1.17-10 - Fix circle dependency #452352 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.17-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Thu Dec 4 2008 kwizart < kwizart at gmail.com > - 1.17-8 - Fix autoreconf and missing auxiliary files. - Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 1.17-7 - Rebuild for Python 2.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37136 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37136 title Fedora 10 : lcms-1.18-1.fc10 (2009-2903)
Oval
| accepted | 2013-04-29T04:15:44.367-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11780 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34185 CVE(CAN) ID: CVE-2009-0581,CVE-2009-0733,CVE-2009-0723 Little cms是一款小型的开源颜色管理引擎。 LittleCMS中存在多个可导致堆溢出的整数溢出漏洞和多个不充分输入验证错误。攻击者可以利用这些漏洞创建特制的图形文件,如果受害用户打开了该文件,就会导致使用LittleCMS的应用崩溃或执行任意代码。 LittleCMS中存在内存泄露漏洞。如果使用LittleCMS的应用打开了特制图形,就会使用过多的内存,在耗尽所有可用内存后会崩溃。 Little CMS < 1.18 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0339-01)以及相应补丁: RHSA-2009:0339-01:Moderate: lcms security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2009-0339.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0339.html</a> |
| id | SSV:4945 |
| last seen | 2017-11-19 |
| modified | 2009-03-23 |
| published | 2009-03-23 |
| reporter | Root |
| title | Little CMS内存泄露及整数溢出漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://scary.beasts.org/security/CESA-2009-003.html
- http://scary.beasts.org/security/CESA-2009-003.html
- http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
- http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
- http://secunia.com/advisories/34367
- http://secunia.com/advisories/34367
- http://secunia.com/advisories/34382
- http://secunia.com/advisories/34382
- http://secunia.com/advisories/34400
- http://secunia.com/advisories/34400
- http://secunia.com/advisories/34408
- http://secunia.com/advisories/34408
- http://secunia.com/advisories/34418
- http://secunia.com/advisories/34418
- http://secunia.com/advisories/34442
- http://secunia.com/advisories/34442
- http://secunia.com/advisories/34450
- http://secunia.com/advisories/34450
- http://secunia.com/advisories/34454
- http://secunia.com/advisories/34454
- http://secunia.com/advisories/34463
- http://secunia.com/advisories/34463
- http://secunia.com/advisories/34632
- http://secunia.com/advisories/34632
- http://secunia.com/advisories/34675
- http://secunia.com/advisories/34675
- http://secunia.com/advisories/34782
- http://secunia.com/advisories/34782
- http://security.gentoo.org/glsa/glsa-200904-19.xml
- http://security.gentoo.org/glsa/glsa-200904-19.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438
- http://www.debian.org/security/2009/dsa-1745
- http://www.debian.org/security/2009/dsa-1745
- http://www.debian.org/security/2009/dsa-1769
- http://www.debian.org/security/2009/dsa-1769
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:121
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:121
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
- http://www.ocert.org/advisories/ocert-2009-003.html
- http://www.ocert.org/advisories/ocert-2009-003.html
- http://www.redhat.com/support/errata/RHSA-2009-0339.html
- http://www.redhat.com/support/errata/RHSA-2009-0339.html
- http://www.securityfocus.com/archive/1/502018/100/0/threaded
- http://www.securityfocus.com/archive/1/502018/100/0/threaded
- http://www.securityfocus.com/archive/1/502031/100/0/threaded
- http://www.securityfocus.com/archive/1/502031/100/0/threaded
- http://www.securityfocus.com/bid/34185
- http://www.securityfocus.com/bid/34185
- http://www.securitytracker.com/id?1021869
- http://www.securitytracker.com/id?1021869
- http://www.ubuntu.com/usn/USN-744-1
- http://www.ubuntu.com/usn/USN-744-1
- http://www.vupen.com/english/advisories/2009/0775
- http://www.vupen.com/english/advisories/2009/0775
- https://bugzilla.redhat.com/show_bug.cgi?id=487508
- https://bugzilla.redhat.com/show_bug.cgi?id=487508
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49326
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49326
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780
- https://rhn.redhat.com/errata/RHSA-2009-0377.html
- https://rhn.redhat.com/errata/RHSA-2009-0377.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html