Vulnerabilities > CVE-2009-2688 - Numeric Errors vulnerability in Xemacs 21.4.22
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-8997.NASL description This update fixes multiple buffer overflows when reading large image files, or maliciously created image files whose headers misrepresent the actual image size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40866 published 2009-09-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40866 title Fedora 10 : xemacs-21.5.28-10.fc10 (2009-8997) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-8997. # include("compat.inc"); if (description) { script_id(40866); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:30"); script_cve_id("CVE-2009-2688"); script_xref(name:"FEDORA", value:"2009-8997"); script_name(english:"Fedora 10 : xemacs-21.5.28-10.fc10 (2009-8997)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes multiple buffer overflows when reading large image files, or maliciously created image files whose headers misrepresent the actual image size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=511994" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/028755.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a44e0934" ); script_set_attribute( attribute:"solution", value:"Update the affected xemacs package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xemacs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC10", reference:"xemacs-21.5.28-10.fc10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xemacs"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-15.NASL description The remote host is affected by the vulnerability described in GLSA-201006-15 (XEmacs: User-assisted execution of arbitrary code) Tielei Wang reported multiple integer overflow vulnerabilities in the tiff_instantiate(), png_instantiate() and jpeg_instantiate() functions in glyphs-eimage.c, all possibly leading to heap-based buffer overflows. Impact : A remote attacker could entice a user to open a specially crafted TIFF, JPEG or PNG file using XEmacs, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46804 published 2010-06-04 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46804 title GLSA-201006-15 : XEmacs: User-assisted execution of arbitrary code NASL family SuSE Local Security Checks NASL id SUSE_11_1_XEMACS-090807.NASL description Specially crafted tiff, png and jpeg images could cause integer overflows in xemacs and possible system compromise. (CVE-2009-2688) Additionally two non-security bugs were fixed that enable xemacs to use the configured fonts. last seen 2020-06-01 modified 2020-06-02 plugin id 40791 published 2009-08-27 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40791 title openSUSE Security Update : xemacs (xemacs-1182) NASL family SuSE Local Security Checks NASL id SUSE_11_XEMACS-090807.NASL description Specially crafted tiff, png and jpeg images could cause integer overflows in xemacs and possible system compromise. (CVE-2009-2688) Additionally two non-security bugs were fixed that enable xeamcs to use the configured fonts. last seen 2020-06-01 modified 2020-06-02 plugin id 41461 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41461 title SuSE 11 Security Update : XEmacs (SAT Patch Number 1183) NASL family SuSE Local Security Checks NASL id SUSE_XEMACS-6413.NASL description Specially crafted tiff, png and jpeg images could cause integer overflows in xemacs and possible system compromise. (CVE-2009-2688) Additionally two non-security bugs were fixed that enable xeamcs to use the configured fonts. last seen 2020-06-01 modified 2020-06-02 plugin id 51765 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51765 title SuSE 10 Security Update : XEmacs (ZYPP Patch Number 6413) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8993.NASL description This update fixes multiple buffer overflows when reading large image files, or maliciously created image files whose headers misrepresent the actual image size. The update also addresses multiple font issues, some of which cause warnings on startup. Some warnings remain, however, unless an ISO8859-13 fonts (e.g., terminus) is installed. Also note that some warnings remain on Rawhide pending a resolution for bz 507637. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40865 published 2009-09-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40865 title Fedora 11 : xemacs-21.5.29-2.fc11 (2009-8993) NASL family SuSE Local Security Checks NASL id SUSE_XEMACS-6412.NASL description Specially crafted tiff, png and jpeg images could cause integer overflows in xemacs and possible system compromise. (CVE-2009-2688) Additionally two non-security bugs were fixed that enable xemacs to use the configured fonts. last seen 2020-06-01 modified 2020-06-02 plugin id 42040 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42040 title openSUSE 10 Security Update : xemacs (xemacs-6412) NASL family SuSE Local Security Checks NASL id SUSE_11_0_XEMACS-090807.NASL description Specially crafted tiff, png and jpeg images could cause integer overflows in xemacs and possible system compromise. (CVE-2009-2688) Additionally two non-security bugs were fixed that enable xemacs to use the configured fonts. last seen 2020-06-01 modified 2020-06-02 plugin id 40785 published 2009-08-27 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40785 title openSUSE Security Update : xemacs (xemacs-1182)
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-08-06 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-2688 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
References
- http://osvdb.org/55298
- http://secunia.com/advisories/35348
- http://tracker.xemacs.org/XEmacs/its/issue534
- http://www.securityfocus.com/bid/35473
- http://www.vupen.com/english/advisories/2009/1666
- https://bugs.gentoo.org/show_bug.cgi?id=275397
- https://bugzilla.redhat.com/show_bug.cgi?id=511994
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51332
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51333
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51334