Vulnerabilities > CVE-2011-0192 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

apple

microsoft

CWE-119

critical

nessus

NVD

Published: 2011-03-03

Updated: 2014-02-21

Summary

Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Itunes 4.0.0 Apple Itunes 4.0.1 Apple Itunes 4.1.0 Apple Itunes 4.2.0 Apple Itunes 4.5 Apple Itunes 4.5.0 Apple Itunes 4.6 Apple Itunes 4.6.0 Apple Itunes 4.7 Apple Itunes 4.7.0 Apple Itunes 4.7.1 Apple Itunes 4.7.2 Apple Itunes 4.8.0 Apple Itunes 4.9.0 Apple Itunes 5.0 Apple Itunes 5.0.0 Apple Itunes 5.0.1 Apple Itunes 6.0.0 Apple Itunes 6.0.1 Apple Itunes 6.0.2 Apple Itunes 6.0.3 Apple Itunes 6.0.4 Apple Itunes 6.0.4.2 Apple Itunes 6.0.5 Apple Itunes 7.0.0 Apple Itunes 7.0.1 Apple Itunes 7.0.2 Apple Itunes 7.1.0 Apple Itunes 7.1.1 Apple Itunes 7.2.0 Apple Itunes 7.3.0 Apple Itunes 7.3.1 Apple Itunes 7.3.2 Apple Itunes 7.4 Apple Itunes 7.4.0 Apple Itunes 7.4.1 Apple Itunes 7.4.2 Apple Itunes 7.4.3 Apple Itunes 7.5 Apple Itunes 7.5.0 Apple Itunes 7.6 Apple Itunes 7.6.0 Apple Itunes 7.6.1 Apple Itunes 7.6.2 Apple Itunes 7.7 Apple Itunes 7.7.0 Apple Itunes 7.7.1 Apple Itunes 8.0.0 Apple Itunes 8.0.1 Apple Itunes 8.0.2 Apple Itunes 8.1 Apple Itunes 8.1.1 Apple Itunes 8.2 Apple Itunes 8.2.1 Apple Itunes 9.0.0 Apple Itunes 9.0.1 Apple Itunes 9.0.2 Apple Itunes 9.0.3 Apple Itunes 9.2 Apple Itunes 9.2.1 Apple Itunes 10.0 Apple Itunes 10.0.1 Apple Itunes 10.1 Apple Itunes 10.1.1 Apple Itunes - Apple Itunes 9.1 Apple Itunes 9.1.1 Apple Itunes 10.1.1.4 Apple Itunes 10.1.2	162
OS	Microsoft Microsoft Windows * Microsoft Windows 7 * Microsoft Windows Vista * Microsoft Windows XP *	7

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2011-0318.NASL
description	Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) Red Hat would like to thank Apple Product Security for reporting this issue. All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	52510
published	2011-03-03
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/52510
title	CentOS 4 / 5 : libtiff (CESA-2011:0318)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0318 and # CentOS Errata and Security Advisory 2011:0318 respectively. # include("compat.inc"); if (description) { script_id(52510); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:05"); script_cve_id("CVE-2011-0192"); script_xref(name:"RHSA", value:"2011:0318"); script_name(english:"CentOS 4 / 5 : libtiff (CESA-2011:0318)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) Red Hat would like to thank Apple Product Security for reporting this issue. All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2011-April/017361.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?263ab022" ); # https://lists.centos.org/pipermail/centos-announce/2011-April/017362.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4da7d029" ); # https://lists.centos.org/pipermail/centos-announce/2011-March/017256.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e23e971d" ); # https://lists.centos.org/pipermail/centos-announce/2011-March/017257.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e3270f75" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"libtiff-3.6.1-17.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"libtiff-3.6.1-17.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"libtiff-devel-3.6.1-17.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"libtiff-devel-3.6.1-17.el4")) flag++; if (rpm_check(release:"CentOS-5", reference:"libtiff-3.8.2-7.el5_6.6")) flag++; if (rpm_check(release:"CentOS-5", reference:"libtiff-devel-3.8.2-7.el5_6.6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel"); }

NASL family	Windows
NASL id	BLACKBERRY_ES_PNG_KB27244.NASL
description	The version of BlackBerry Enterprise Server on the remote host reportedly contains multiple remote code execution vulnerabilities in its image processing library : - An unspecified error within the BlackBerry MDS Connection Service when processing PNG and TIFF images on a web page being viewed on a BlackBerry smartphone. - An unspecified error within the BlackBerry Messaging Agent when processing embedded PNG and TIFF images in an email sent to a BlackBerry smartphone. When the image processing library is used on a specially crafted PNG or TIFF image, an attacker may be able to execute arbitrary code in the context of the BlackBerry Enterprise Server login account.
last seen	2020-06-01
modified	2020-06-02
plugin id	55819
published	2011-08-11
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/55819
title	BlackBerry Enterprise Server PNG and TIFF Image Processing Vulnerabilities (KB27244)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(55819); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:26"); script_cve_id( "CVE-2010-1205", "CVE-2010-2595", "CVE-2010-3087", "CVE-2011-0192", "CVE-2011-1167" ); script_bugtraq_id(41174, 46658, 46951); script_name(english:"BlackBerry Enterprise Server PNG and TIFF Image Processing Vulnerabilities (KB27244)"); script_summary(english:"Checks version of image.dll."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of BlackBerry Enterprise Server on the remote host reportedly contains multiple remote code execution vulnerabilities in its image processing library : - An unspecified error within the BlackBerry MDS Connection Service when processing PNG and TIFF images on a web page being viewed on a BlackBerry smartphone. - An unspecified error within the BlackBerry Messaging Agent when processing embedded PNG and TIFF images in an email sent to a BlackBerry smartphone. When the image processing library is used on a specially crafted PNG or TIFF image, an attacker may be able to execute arbitrary code in the context of the BlackBerry Enterprise Server login account."); script_set_attribute(attribute:"see_also", value:"https://salesforce.services.blackberry.com/kbredirect/KB27244"); script_set_attribute(attribute:"solution", value: "Install the Interim Security Software Update for August 9th 2011, or upgrade to at least 4.1.7 MR3 or 5.0.1 MR4 for Novell GroupWise / 5.0.3 MR3 for IBM Lotus Domino / 5.0.3 MR3 for Microsoft Exchange."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/11"); script_set_attribute(attribute:"cpe", value:"cpe:/a:rim:blackberry_enterprise_server"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("blackberry_es_installed.nasl", "lotus_domino_installed.nasl"); script_require_keys("SMB/Registry/Enumerated"); script_require_ports(139, 445); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("smb_func.inc"); include("audit.inc"); global_var prod, version; function is_vuln() { local_var matches, mr; # Decide whether the installed version is vulnerable. The KB # article and release notes disagree, so I went with the more # explicit of the two. The vulnerable versions are: # BES for Microsoft Exchange : 5.0 SP1, 5.0 SP2, 5.0 SP3 # BES for IBM Lotus Domino : 5.0 SP1, 5.0 SP2, 5.0 SP3 # BES for Novell GroupWise : 4.1 SP7, 5.0 SP1 # # BES Express for Microsoft Exchange : 5.0 SP1, 5.0 SP2, 5.0 SP3 # BES Express for IBM Lotus Domino : 5.0 SP2, 5.0 SP3 # # And the versions that include the fix are: # BES for Microsoft Exchange : 5.0 SP3 MR3 # BES for IBM Lotus Domino : 5.0 SP3 MR3 # BES for Novell GroupWise : 4.1 SP7 MR3, 5.0 SP1 MR4 mr = "(?: MR ([0-9]+))? "; # Ignore anything that isn't BES. if ("Enterprise Server" >!< prod) return FALSE; if ("Microsoft Exchange" >< prod) { # 5.0 SP1, 5.0 SP2, and 5.0 SP3 are vulnerable. matches = eregmatch(string:version, pattern:"^5\.0\.([1-3])" + mr); # 5.0 SP3 MR3 fixes the issue. if ( isnull(matches) \|\| (matches[1] == 3 && !isnull(matches[2]) && matches[2] >= 3) ) return FALSE; return TRUE; } if ("IBM Lotus Domino" >< prod) { if ("Express" >< prod) { # 5.0 SP2 and 5.0 SP3 are vulnerable. matches = eregmatch(string:version, pattern:"^5\.0\.([2-3])" + mr); # 5.0 SP3 MR3 fixes the issue. if ( isnull(matches) \|\| (matches[1] == 3 && !isnull(matches[2]) && matches[2] >= 3) ) return FALSE; return TRUE; } else { # 5.0 SP1, 5.0 SP2, and 5.0 SP3 are vulnerable. matches = eregmatch(string:version, pattern:"^5\.0\.([1-3])" + mr); # 5.0 SP3 MR3 fixes the issue. if ( isnull(matches) \|\| (matches[1] == 3 && !isnull(matches[2]) && matches[2] >= 3) ) return FALSE; return TRUE; } } if ("Novell GroupWise" >< prod) { if (version =~ "^4") { # 4.1 SP7 is vulnerable. matches = eregmatch(string:version, pattern:"^4\.1\.7" + mr); # 4.1 SP7 MR3 fixes the issue. if ( isnull(matches) \|\| (!isnull(matches[1]) && matches[1] >= 3) ) return FALSE; return TRUE; } else { # 5.0 SP1 is vulnerable. matches = eregmatch(string:version, pattern:"^5\.0\.1" + mr); # 5.0 SP1 MR4 fixes the issue. if ( isnull(matches) \|\| (!isnull(matches[1]) && matches[1] >= 4) ) return FALSE; return TRUE; } } exit(0, prod + " is not on a recognized platform."); } prod = get_kb_item_or_exit("BlackBerry_ES/Product"); version = get_kb_item_or_exit("BlackBerry_ES/Version"); if (!is_vuln()) exit(0, prod + " " + version + " is not vulnerable."); get_kb_item_or_exit("SMB/Registry/Enumerated"); # Connect to the appropriate share. port = kb_smb_transport(); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); # Try to connect to server. if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init'); # The vulnerable DLL can appear in two separate places: # 1) In the BlackBerry MDS Connection Service instance # 2) In the BlackBerry Messaging Agent instance base = get_kb_item_or_exit("BlackBerry_ES/Path"); paths = make_list(base + "\MDS\bin"); if ("IBM Lotus Domino" >< prod) { # For Lotus Domino, one of the DLLs is installed outside of the BES # tree. base = get_kb_item_or_exit("SMB/Domino/Path"); } paths = make_list(paths, base); report = ""; fix = "1.3.0.34"; file = "\image.dll"; foreach path (paths) { # Split the software's location into components. share = ereg_replace(string:path, pattern:"^([A-Za-z]):.", replace:"\1$"); dir = ereg_replace(string:path, pattern:"^[A-Za-z]:(.)", replace:"\1"); NetUseDel(close:FALSE); # Connect to the share software is installed on. rc = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (rc != 1) { NetUseDel(); exit(1, "Failed to connect to " + share + " share."); } fh = CreateFile( file:dir + file, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_NORMAL, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING ); if (isnull(fh)) continue; ver = GetFileVersion(handle:fh); CloseFile(handle:fh); if (isnull(ver)) exit(1, "Failed to extract version information from " + path + file + "."); ver = join(ver, sep:"."); if (ver_compare(ver:ver, fix:fix) < 0) { report += '\nThe following instance of image.dll needs to be updated.' + '\n' + '\n File name : ' + path + file + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; } } # Clean up. NetUseDel(); # Check if fix is installed. if (report == "") exit(0, prod + " " + version + " on the remote host has been fixed and is not affected."); if (report_verbosity > 0) { report = '\n Product : ' + prod + '\n Path : ' + base + '\n Installed version : ' + version + '\n' + report; security_hole(port:port, extra:report); } else security_hole(port);

NASL family	Windows
NASL id	SAFARI_5_0_4.NASL
description	The version of Safari installed on the remote Windows host is earlier than 5.0.4. It therefore is potentially affected by several issues in the following components : - ImageIO - libxml - WebKit
last seen	2020-06-01
modified	2020-06-02
plugin id	52613
published	2011-03-10
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52613
title	Safari < 5.0.4 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(52613); script_version("1.18"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_cve_id( "CVE-2010-1205", "CVE-2010-1824", "CVE-2010-2249", "CVE-2010-4008", "CVE-2010-4494", "CVE-2011-0111", "CVE-2011-0112", "CVE-2011-0113", "CVE-2011-0114", "CVE-2011-0115", "CVE-2011-0116", "CVE-2011-0117", "CVE-2011-0118", "CVE-2011-0119", "CVE-2011-0120", "CVE-2011-0121", "CVE-2011-0122", "CVE-2011-0123", "CVE-2011-0124", "CVE-2011-0125", "CVE-2011-0126", "CVE-2011-0127", "CVE-2011-0128", "CVE-2011-0129", "CVE-2011-0130", "CVE-2011-0131", "CVE-2011-0132", "CVE-2011-0133", "CVE-2011-0134", "CVE-2011-0135", "CVE-2011-0136", "CVE-2011-0137", "CVE-2011-0138", "CVE-2011-0139", "CVE-2011-0140", "CVE-2011-0141", "CVE-2011-0142", "CVE-2011-0143", "CVE-2011-0144", "CVE-2011-0145", "CVE-2011-0146", "CVE-2011-0147", "CVE-2011-0148", "CVE-2011-0149", "CVE-2011-0150", "CVE-2011-0151", "CVE-2011-0152", "CVE-2011-0153", "CVE-2011-0154", "CVE-2011-0155", "CVE-2011-0156", "CVE-2011-0160", "CVE-2011-0161", "CVE-2011-0163", "CVE-2011-0165", "CVE-2011-0166", "CVE-2011-0167", "CVE-2011-0168", "CVE-2011-0169", "CVE-2011-0170", "CVE-2011-0191", "CVE-2011-0192" ); script_bugtraq_id( 41174, 44779, 46657, 46658, 46659, 46677, 46684, 46686, 46687, 46688, 46689, 46690, 46691, 46692, 46693, 46694, 46695, 46696, 46698, 46699, 46700, 46701, 46702, 46704, 46705, 46706, 46707, 46708, 46709, 46710, 46711, 46712, 46713, 46714, 46715, 46716, 46717, 46718, 46719, 46720, 46721, 46722, 46723, 46724, 46725, 46726, 46727, 46728, 46744, 46745, 46746, 46747, 46748, 46749, 46808, 46809, 46811, 46814, 46816 ); script_name(english:"Safari < 5.0.4 Multiple Vulnerabilities"); script_summary(english:"Checks Safari's version number"); script_set_attribute( attribute:"synopsis", value: "The remote host contains a web browser that is affected by several vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Safari installed on the remote Windows host is earlier than 5.0.4. It therefore is potentially affected by several issues in the following components : - ImageIO - libxml - WebKit" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4566"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Mar/msg00004.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Safari 5.0.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/25"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("safari_installed.nasl"); script_require_keys("SMB/Safari/FileVersion"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Safari/FileVersion"); version_ui = get_kb_item("SMB/Safari/ProductVersion"); if (isnull(version_ui)) version_ui = version; if (ver_compare(ver:version, fix:"5.33.20.27") == -1) { if (report_verbosity > 0) { path = get_kb_item("SMB/Safari/Path"); if (isnull(path)) path = "n/a"; report = '\n Path : ' + path + '\n Installed version : ' + version_ui + '\n Fixed version : 5.0.4 (7533.20.27)\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } else exit(0, "The remote host is not affected since Safari " + version_ui + " is installed.");

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20110302_LIBTIFF_ON_SL6_X.NASL
description	A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) All running applications linked against libtiff must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	60978
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60978
title	Scientific Linux Security Update : libtiff on SL6.x i386/x86_64
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60978); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:19"); script_cve_id("CVE-2011-0192"); script_name(english:"Scientific Linux Security Update : libtiff on SL6.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) All running applications linked against libtiff must be restarted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=6779 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bee92ef1" ); script_set_attribute( attribute:"solution", value: "Update the affected libtiff, libtiff-devel and / or libtiff-static packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"libtiff-3.9.4-1.el6_0.1")) flag++; if (rpm_check(release:"SL6", reference:"libtiff-devel-3.9.4-1.el6_0.1")) flag++; if (rpm_check(release:"SL6", reference:"libtiff-static-3.9.4-1.el6_0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_LIBTIFF-DEVEL-110314.NASL
description	specially crafted tiff images could cause buffer overflows in libtiff (CVE-2011-0191, CVE-2011-0192).
last seen	2020-06-01
modified	2020-06-02
plugin id	75925
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/75925
title	openSUSE Security Update : libtiff-devel (libtiff-devel-4144)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libtiff-devel-4144. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75925); script_version("1.3"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-0191", "CVE-2011-0192"); script_name(english:"openSUSE Security Update : libtiff-devel (libtiff-devel-4144)"); script_summary(english:"Check for the libtiff-devel-4144 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "specially crafted tiff images could cause buffer overflows in libtiff (CVE-2011-0191, CVE-2011-0192)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=672510" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"libtiff-devel-3.9.4-3.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtiff3-3.9.4-3.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtiff3-debuginfo-3.9.4-3.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"tiff-3.9.4-3.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"tiff-debuginfo-3.9.4-3.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"tiff-debugsource-3.9.4-3.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtiff-devel-32bit-3.9.4-3.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtiff3-32bit-3.9.4-3.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtiff3-debuginfo-32bit-3.9.4-3.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff-devel / libtiff-devel-32bit / libtiff3 / libtiff3-32bit / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBTIFF-7474.NASL
description	The following bugs have been fixed : - Specially crafted files could cause a heap-based buffer overflows in the JPEG, Fax and Thunder decoders. (CVE-2011-0191 / CVE-2011-0192 / CVE-2011-1167) - Directories with a large number of files could cause an integer overflow in the tiffdump tool. (CVE-2010-4665)
last seen	2020-06-01
modified	2020-06-02
plugin id	57221
published	2011-12-13
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57221
title	SuSE 10 Security Update : libtiff (ZYPP Patch Number 7474)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(57221); script_version ("1.4"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2010-4665", "CVE-2011-0191", "CVE-2011-0192", "CVE-2011-1167"); script_name(english:"SuSE 10 Security Update : libtiff (ZYPP Patch Number 7474)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The following bugs have been fixed : - Specially crafted files could cause a heap-based buffer overflows in the JPEG, Fax and Thunder decoders. (CVE-2011-0191 / CVE-2011-0192 / CVE-2011-1167) - Directories with a large number of files could cause an integer overflow in the tiffdump tool. (CVE-2010-4665)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-4665.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0191.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0192.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1167.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7474."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"libtiff-3.8.2-5.24.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"libtiff-devel-3.8.2-5.24.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"tiff-3.8.2-5.24.1")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"libtiff-32bit-3.8.2-5.24.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"libtiff-3.8.2-5.24.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"libtiff-devel-3.8.2-5.24.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"tiff-3.8.2-5.24.1")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"libtiff-32bit-3.8.2-5.24.1")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"libtiff-devel-32bit-3.8.2-5.24.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2011-0318.NASL
description	From Red Hat Security Advisory 2011:0318 : Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) Red Hat would like to thank Apple Product Security for reporting this issue. All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	68217
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68217
title	Oracle Linux 4 / 5 / 6 : libtiff (ELSA-2011-0318)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0318 and # Oracle Linux Security Advisory ELSA-2011-0318 respectively. # include("compat.inc"); if (description) { script_id(68217); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:09"); script_cve_id("CVE-2011-0192"); script_xref(name:"RHSA", value:"2011:0318"); script_name(english:"Oracle Linux 4 / 5 / 6 : libtiff (ELSA-2011-0318)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2011:0318 : Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) Red Hat would like to thank Apple Product Security for reporting this issue. All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2011-March/001972.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2011-March/001973.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2011-March/001974.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5\|6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", reference:"libtiff-3.6.1-17.el4")) flag++; if (rpm_check(release:"EL4", reference:"libtiff-devel-3.6.1-17.el4")) flag++; if (rpm_check(release:"EL5", reference:"libtiff-3.8.2-7.el5_6.6")) flag++; if (rpm_check(release:"EL5", reference:"libtiff-devel-3.8.2-7.el5_6.6")) flag++; if (rpm_check(release:"EL6", reference:"libtiff-3.9.4-1.el6_0.1")) flag++; if (rpm_check(release:"EL6", reference:"libtiff-devel-3.9.4-1.el6_0.1")) flag++; if (rpm_check(release:"EL6", reference:"libtiff-static-3.9.4-1.el6_0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel / libtiff-static"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_LIBTIFF-DEVEL-110314.NASL
description	specially crafted tiff images could cause buffer overflows in libtiff (CVE-2011-0191, CVE-2011-0192).
last seen	2020-06-01
modified	2020-06-02
plugin id	53760
published	2011-05-05
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/53760
title	openSUSE Security Update : libtiff-devel (libtiff-devel-4143)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libtiff-devel-4143. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(53760); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-0191", "CVE-2011-0192"); script_name(english:"openSUSE Security Update : libtiff-devel (libtiff-devel-4143)"); script_summary(english:"Check for the libtiff-devel-4143 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "specially crafted tiff images could cause buffer overflows in libtiff (CVE-2011-0191, CVE-2011-0192)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=672510" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"libtiff-devel-3.8.2-145.146.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"libtiff3-3.8.2-145.146.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"tiff-3.8.2-145.146.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"libtiff-devel-32bit-3.8.2-145.146.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"libtiff3-32bit-3.8.2-145.146.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff-devel / libtiff-devel-32bit / libtiff3 / libtiff3-32bit / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-3836.NASL
description	Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	53345
published	2011-04-11
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53345
title	Fedora 14 : libtiff-3.9.4-4.fc14 (2011-3836)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-3836. # include("compat.inc"); if (description) { script_id(53345); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2011-0192", "CVE-2011-1167"); script_bugtraq_id(46658, 46951); script_xref(name:"FEDORA", value:"2011-3836"); script_name(english:"Fedora 14 : libtiff-3.9.4-4.fc14 (2011-3836)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=678635" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=684939" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?359d0397" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"libtiff-3.9.4-4.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_LIBTIFF-DEVEL-110314.NASL
description	Two buffer overflows were fixed in libtiff : - vec_ycc_rgb_convert/JPEGDecode:. (CVE-2011-0191) - Fax4Decode: (CVE-2011-0192)
last seen	2020-06-01
modified	2020-06-02
plugin id	52712
published	2011-03-18
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52712
title	SuSE 11.1 Security Update : libtiff (SAT Patch Number 4145)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(52712); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2011-0191", "CVE-2011-0192"); script_name(english:"SuSE 11.1 Security Update : libtiff (SAT Patch Number 4145)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two buffer overflows were fixed in libtiff : - vec_ycc_rgb_convert/JPEGDecode:. (CVE-2011-0191) - Fax4Decode: (CVE-2011-0192)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=672510" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0191.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0192.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4145."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtiff3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtiff3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libtiff3-3.8.2-141.16.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libtiff3-3.8.2-141.16.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libtiff3-32bit-3.8.2-141.16.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libtiff3-3.8.2-141.16.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"tiff-3.8.2-141.16.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libtiff3-32bit-3.8.2-141.16.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libtiff3-32bit-3.8.2-141.16.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-3827.NASL
description	Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	53364
published	2011-04-12
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53364
title	Fedora 13 : libtiff-3.9.4-4.fc13 (2011-3827)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-3827. # include("compat.inc"); if (description) { script_id(53364); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2011-0192", "CVE-2011-1167"); script_bugtraq_id(46658, 46951); script_xref(name:"FEDORA", value:"2011-3827"); script_name(english:"Fedora 13 : libtiff-3.9.4-4.fc13 (2011-3827)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=678635" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=684939" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?459421f0" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"libtiff-3.9.4-4.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff"); }

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2011-098-01.NASL
description	New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	53362
published	2011-04-12
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/53362
title	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.0 / 9.1 / current : libtiff (SSA:2011-098-01)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2011-098-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(53362); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2011-0192", "CVE-2011-1167"); script_bugtraq_id(46658, 46951); script_xref(name:"SSA", value:"2011-098-01"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.0 / 9.1 / current : libtiff (SSA:2011-098-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8f216d76" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libtiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"9.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i386", pkgnum:"3_slack9.0")) flag++; if (slackware_check(osver:"9.1", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"3_slack9.1")) flag++; if (slackware_check(osver:"10.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"3_slack10.0")) flag++; if (slackware_check(osver:"10.1", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"3_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"3_slack10.2")) flag++; if (slackware_check(osver:"11.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"4_slack11.0")) flag++; if (slackware_check(osver:"12.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"5_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"5_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"5_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"i486", pkgnum:"5_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"libtiff", pkgver:"3.8.2", pkgarch:"x86_64", pkgnum:"5_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"libtiff", pkgver:"3.9.4", pkgarch:"i486", pkgnum:"2_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"libtiff", pkgver:"3.9.4", pkgarch:"x86_64", pkgnum:"2_slack13.1")) flag++; if (slackware_check(osver:"current", pkgname:"libtiff", pkgver:"3.9.4", pkgarch:"i486", pkgnum:"2")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libtiff", pkgver:"3.9.4", pkgarch:"x86_64", pkgnum:"2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_6_7.NASL
description	The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11
last seen	2020-06-01
modified	2020-06-02
plugin id	52754
published	2011-03-22
reporter	This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/52754
title	Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs. include("compat.inc"); if (description) { script_id(52754); script_version("1.33"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_cve_id( "CVE-2006-7243", "CVE-2010-0405", "CVE-2010-1323", "CVE-2010-1324", "CVE-2010-1452", "CVE-2010-2068", "CVE-2010-2950", "CVE-2010-3069", "CVE-2010-3089", "CVE-2010-3315", "CVE-2010-3434", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3801", "CVE-2010-3802", "CVE-2010-3814", "CVE-2010-3855", "CVE-2010-3870", "CVE-2010-4008", "CVE-2010-4009", "CVE-2010-4020", "CVE-2010-4021", "CVE-2010-4150", "CVE-2010-4260", "CVE-2010-4261", "CVE-2010-4409", "CVE-2010-4479", "CVE-2010-4494", "CVE-2011-0170", "CVE-2011-0172", "CVE-2011-0173", "CVE-2011-0174", "CVE-2011-0175", "CVE-2011-0176", "CVE-2011-0177", "CVE-2011-0178", "CVE-2011-0179", "CVE-2011-0180", "CVE-2011-0181", "CVE-2011-0182", "CVE-2011-0183", "CVE-2011-0184", "CVE-2011-0186", "CVE-2011-0187", "CVE-2011-0188", "CVE-2011-0189", "CVE-2011-0190", "CVE-2011-0191", "CVE-2011-0192", "CVE-2011-0193", "CVE-2011-0194", "CVE-2011-1417" ); script_bugtraq_id( 40827, 43212, 43555, 43926, 44214, 44605, 44643, 44718, 44779, 44980, 45116, 45117, 45118, 45119, 45122, 45152, 46832, 46965, 46966, 46971, 46972, 46973, 46982, 46984, 46987, 46988, 46989, 46990, 46991, 46992, 46993, 46994, 46995, 46996, 46997, 47023 ); script_xref(name:"EDB-ID", value:"17901"); script_xref(name:"IAVB", value:"2010-B-0083"); script_name(english:"Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4581" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.6.7 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/18"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/22"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing."); if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X."); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (ereg(pattern:"Mac OS X 10\.6($\|\.[0-6]([^0-9]\|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0318.NASL
description	Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) Red Hat would like to thank Apple Product Security for reporting this issue. All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	52524
published	2011-03-03
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/52524
title	RHEL 4 / 5 / 6 : libtiff (RHSA-2011:0318)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-5336.NASL
description	Update to libtiff 3.9.5, incorporating all our previous patches plus other fixes, notably the fix for CVE-2009-5022 Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	53560
published	2011-04-27
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/53560
title	Fedora 15 : libtiff-3.9.5-1.fc15 (2011-5336)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2210.NASL
description	Several vulnerabilities were discovered in the TIFF manipulation and conversion library : - CVE-2011-0191 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. This issue affects the Debian 5.0 Lenny package only. - CVE-2011-0192 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding. - CVE-2011-1167 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder allows to execute arbitrary code via a TIFF file that has an unexpected BitsPerSample value.
last seen	2020-03-17
modified	2011-04-04
plugin id	53260
published	2011-04-04
reporter	This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53260
title	Debian DSA-2210-1 : tiff - several vulnerabilities

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20110302_LIBTIFF_ON_SL4_X.NASL
description	A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) All running applications linked against libtiff must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	60977
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60977
title	Scientific Linux Security Update : libtiff on SL4.x, SL5.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBTIFF-7376.NASL
description	Two buffer overflow were fixed in libtiff : - vec_ycc_rgb_convert/JPEGDecode: CVE-2011-0191 - Fax4Decode: CVE-2011-0192
last seen	2020-06-01
modified	2020-06-02
plugin id	52990
published	2011-03-27
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52990
title	SuSE 10 Security Update : libtiff (ZYPP Patch Number 7376)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-2540.NASL
description	Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	52574
published	2011-03-08
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/52574
title	Fedora 14 : libtiff-3.9.4-3.fc14 (2011-2540)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201209-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	62235
published	2012-09-24
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62235
title	GLSA-201209-02 : libTIFF: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12686.NASL
description	Two buffer overflow have been fixed in libtiff which may be used by an attacker to execute code with the privileges of the user viewing a specially prepared TIFF image : - vec_ycc_rgb_convert/JPEGDecode. (CVE-2011-0191) - Fax4Decode. (CVE-2011-0192)
last seen	2020-06-01
modified	2020-06-02
plugin id	52710
published	2011-03-18
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52710
title	SuSE9 Security Update : libtiff (YOU Patch Number 12686)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_LIBTIFF-DEVEL-110314.NASL
description	specially crafted tiff images could cause buffer overflows in libtiff (CVE-2011-0191, CVE-2011-0192).
last seen	2020-06-01
modified	2020-06-02
plugin id	75620
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/75620
title	openSUSE Security Update : libtiff-devel (libtiff-devel-4143)

NASL family	Windows
NASL id	ITUNES_10_2.NASL
description	The version of Apple iTunes installed on the remote Windows host is older than 10.2. As such, it is affected by numerous issues in the following components : - ImageIO - libxml - WebKit
last seen	2020-06-01
modified	2020-06-02
plugin id	52534
published	2011-03-03
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52534
title	Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)

NASL family	Peer-To-Peer File Sharing
NASL id	ITUNES_10_2_BANNER.NASL
description	The version of Apple iTunes on the remote host is prior to version 10.2. It is, therefore, affected by multiple vulnerabilities in the WebKit, ImageIO, and libxml components. Note that these only affect iTunes for Windows.
last seen	2020-06-01
modified	2020-06-02
plugin id	52535
published	2011-03-03
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52535
title	Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2011-001.NASL
description	The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11
last seen	2020-06-01
modified	2020-06-02
plugin id	52753
published	2011-03-22
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52753
title	Mac OS X Multiple Vulnerabilities (Security Update 2011-001)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2011-043.NASL
description	A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding (CVE-2011-0192). Additionally it was discovered that the fixes for CVE-2009-2347 and CVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2 and being resolved as well. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	52592
published	2011-03-09
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52592
title	Mandriva Linux Security Advisory : libtiff (MDVSA-2011:043)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-2498.NASL
description	Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	52638
published	2011-03-14
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52638
title	Fedora 15 : libtiff-3.9.4-3.fc15 (2011-2498)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1085-1.NASL
description	Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482) Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.10. (CVE-2010-2482) Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2595) Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598) It was discovered that the TIFF library incorrectly validated certain data types. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2630) It was discovered that the TIFF library incorrectly handled downsampled JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-3087) It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. (CVE-2011-0191) It was discovered that the TIFF library incorrectly handled certain TIFF FAX images. If a user or automated system were tricked into opening a specially crafted TIFF FAX image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2011-0191). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	52581
published	2011-03-08
reporter	Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/52581
title	Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : tiff vulnerabilities (USN-1085-1)

Redhat

advisories

bugzilla

id	678635
title	CVE-2011-0192 libtiff: buffer overflow in Fax4Decode

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment libtiff-devel is earlier than 0:3.6.1-17.el4
oval oval:com.redhat.rhsa:tst:20110318001
comment libtiff-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060425004
AND
comment libtiff is earlier than 0:3.6.1-17.el4
oval oval:com.redhat.rhsa:tst:20110318003
comment libtiff is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060425002

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment libtiff-devel is earlier than 0:3.8.2-7.el5_6.6
oval oval:com.redhat.rhsa:tst:20110318006
comment libtiff-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080847004
AND
comment libtiff is earlier than 0:3.8.2-7.el5_6.6
oval oval:com.redhat.rhsa:tst:20110318008
comment libtiff is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080847002

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment libtiff-static is earlier than 0:3.9.4-1.el6_0.1
oval oval:com.redhat.rhsa:tst:20110318011
comment libtiff-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110318012

AND
comment libtiff-devel is earlier than 0:3.9.4-1.el6_0.1
oval oval:com.redhat.rhsa:tst:20110318013
comment libtiff-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110318014
AND
comment libtiff is earlier than 0:3.9.4-1.el6_0.1
oval oval:com.redhat.rhsa:tst:20110318015
comment libtiff is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110318016

rhsa

id	RHSA-2011:0318
released	2011-03-02
severity	Important
title	RHSA-2011:0318: libtiff security update (Important)

rpms

libtiff-0:3.6.1-17.el4
libtiff-0:3.8.2-7.el5_6.6
libtiff-0:3.9.4-1.el6_0.1
libtiff-debuginfo-0:3.6.1-17.el4
libtiff-debuginfo-0:3.8.2-7.el5_6.6
libtiff-debuginfo-0:3.9.4-1.el6_0.1
libtiff-devel-0:3.6.1-17.el4
libtiff-devel-0:3.8.2-7.el5_6.6
libtiff-devel-0:3.9.4-1.el6_0.1
libtiff-static-0:3.9.4-1.el6_0.1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References