Vulnerabilities > CVE-2010-3364 - Unspecified vulnerability in Vips 7.22.2

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

vips

nessus

NVD

Published: 2010-10-20

Updated: 2010-11-03

Summary

The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Vulnerable Configurations

Part	Description	Count
Application	Vips Vips Vips 7.22.2	1

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-10769.NASL
description	7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	55960
published	2011-08-24
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/55960
title	Fedora 16 : nip2-7.24.2-1.fc16 / vips-7.24.7-2.fc16 (2011-10769)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-10769. # include("compat.inc"); if (description) { script_id(55960); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2010-3364"); script_bugtraq_id(44344); script_xref(name:"FEDORA", value:"2011-10769"); script_name(english:"Fedora 16 : nip2-7.24.2-1.fc16 / vips-7.24.7-2.fc16 (2011-10769)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=645471" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064445.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a86044c2" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064446.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3ee32818" ); script_set_attribute( attribute:"solution", value:"Update the affected nip2 and / or vips packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:vips"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"nip2-7.24.2-1.fc16")) flag++; if (rpm_check(release:"FC16", reference:"vips-7.24.7-2.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nip2 / vips"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-10808.NASL
description	7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	55952
published	2011-08-23
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/55952
title	Fedora 15 : nip2-7.24.2-1.fc15 / vips-7.24.7-2.fc15 (2011-10808)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-10808. # include("compat.inc"); if (description) { script_id(55952); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2010-3364"); script_bugtraq_id(44344); script_xref(name:"FEDORA", value:"2011-10808"); script_name(english:"Fedora 15 : nip2-7.24.2-1.fc15 / vips-7.24.7-2.fc15 (2011-10808)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=645471" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064341.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?887e4466" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064342.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b56f8196" ); script_set_attribute( attribute:"solution", value:"Update the affected nip2 and / or vips packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:vips"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"nip2-7.24.2-1.fc15")) flag++; if (rpm_check(release:"FC15", reference:"vips-7.24.7-2.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nip2 / vips"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-10781.NASL
description	7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	55950
published	2011-08-23
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/55950
title	Fedora 14 : nip2-7.24.2-1.fc14 / vips-7.24.7-2.fc14 (2011-10781)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-10781. # include("compat.inc"); if (description) { script_id(55950); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2010-3364"); script_bugtraq_id(44344); script_xref(name:"FEDORA", value:"2011-10781"); script_name(english:"Fedora 14 : nip2-7.24.2-1.fc14 / vips-7.24.7-2.fc14 (2011-10781)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "7.24 series. Run-time code generation Open via disc mode Workspace as Graph mode for nip2 FITS image format VIPS rewrite Better nibs in paintbox Better TIFF and JPEG load Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=645471" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064372.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?19297920" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064373.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?36fd456b" ); script_set_attribute( attribute:"solution", value:"Update the affected nip2 and / or vips packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:vips"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"nip2-7.24.2-1.fc14")) flag++; if (rpm_check(release:"FC14", reference:"vips-7.24.7-2.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nip2 / vips"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201401-29.NASL
description	The remote host is affected by the vulnerability described in GLSA-201401-29 (VIPS: Privilege Escalation) VIPS places a zero-length directory name in the LD_LIBRARY_PATH, which might result in the current working directory (.) to be included when searching for dynamically linked libraries. Impact : A local attacker could gain escalated privileges via a specially crafted shared library. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	72138
published	2014-01-27
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/72138
title	GLSA-201401-29 : VIPS: Privilege Escalation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598296