Vulnerabilities > CVE-2011-3048 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libpng
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-4902.NASL description This update includes a fix for a potential memory corruption issue (CVE-2011-3048). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-12 plugin id 58705 published 2012-04-12 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58705 title Fedora 17 : libpng10-1.0.59-1.fc17 (2012-4902) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-4902. # include("compat.inc"); if (description) { script_id(58705); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-3048"); script_bugtraq_id(52830); script_xref(name:"FEDORA", value:"2012-4902"); script_name(english:"Fedora 17 : libpng10-1.0.59-1.fc17 (2012-4902)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update includes a fix for a potential memory corruption issue (CVE-2011-3048). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=808139" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c3f6071d" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng10 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"libpng10-1.0.59-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng10"); }
NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_911593_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An input validation error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 70888 published 2013-11-13 reporter This script is (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70888 title ESXi 5.1 < Build 911593 Multiple Vulnerabilities (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70888); script_version("1.11"); script_cvs_date("Date: 2019/09/24 15:02:54"); script_cve_id("CVE-2011-3048", "CVE-2013-1406", "CVE-2013-1659"); script_bugtraq_id(52830, 57867, 58115); script_xref(name:"VMSA", value:"2013-0002"); script_xref(name:"VMSA", value:"2013-0003"); script_name(english:"ESXi 5.1 < Build 911593 Multiple Vulnerabilities (remote check)"); script_summary(english:"Checks ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An input validation error exists in the function 'png_set_text_2' in the libpng library that could allow memory corruption and arbitrary code execution. (CVE-2011-3048) - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI). A local attacker can exploit this, via control code, to change allocated memory, resulting in the escalation of privileges. (CVE-2013-1406) - An error exists related to Network File Copy (NFC) handling that could allow denial of service attacks or arbitrary code execution. (CVE-2013-1659)"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2035775 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7be12280"); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2013-0002.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0003.html"); script_set_attribute(attribute:"solution", value:"Apply ESXi510-201212001-SG."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Misc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 5.1" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.1"); match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) exit(1, 'Failed to extract the ESXi build number.'); build = int(match[1]); fixed_build = 911593; if (build < fixed_build) { if (report_verbosity > 0) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else exit(0, "The host has "+ver+" build "+build+" and thus is not affected.");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-206-01.NASL description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 60112 published 2012-07-25 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60112 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2012-206-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2012-206-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(60112); script_version("1.6"); script_cvs_date("Date: 2019/07/10 16:04:14"); script_cve_id("CVE-2011-3045", "CVE-2011-3048", "CVE-2012-3386"); script_bugtraq_id(52453, 52830, 54418); script_xref(name:"SSA", value:"2012-206-01"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2012-206-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.632705 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45a4879d" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/22"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i386", pkgnum:"1_slack8.1")) flag++; if (slackware_check(osver:"9.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i386", pkgnum:"1_slack9.0")) flag++; if (slackware_check(osver:"9.1", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack9.1")) flag++; if (slackware_check(osver:"10.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++; if (slackware_check(osver:"10.1", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++; if (slackware_check(osver:"11.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++; if (slackware_check(osver:"12.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"current", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-046.NASL description A potential memory corruption has been found and corrected in libpng (CVE-2011-3048). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 58558 published 2012-04-02 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58558 title Mandriva Linux Security Advisory : libpng (MDVSA-2012:046) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2012:046. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(58558); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2011-3048"); script_bugtraq_id(52830); script_xref(name:"MDVSA", value:"2012:046"); script_name(english:"Mandriva Linux Security Advisory : libpng (MDVSA-2012:046)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A potential memory corruption has been found and corrected in libpng (CVE-2011-3048). The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64png-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64png-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64png3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64png-devel-1.2.43-1.5mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64png-static-devel-1.2.43-1.5mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64png3-1.2.43-1.5mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpng-devel-1.2.43-1.5mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"libpng-source-1.2.43-1.5mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpng-static-devel-1.2.43-1.5mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpng3-1.2.43-1.5mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64png-devel-1.2.46-1.3-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64png-static-devel-1.2.46-1.3-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64png3-1.2.46-1.3-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libpng-devel-1.2.46-1.3-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"libpng-source-1.2.46-1.3-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libpng-static-devel-1.2.46-1.3-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libpng3-1.2.46-1.3-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-15.NASL description The remote host is affected by the vulnerability described in GLSA-201206-15 (libpng: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libpng: The “embedded_profile_len()” function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). The “png_format_buffer()” function in pngerror.c contains an off-by-one error (CVE-2011-2501). The “png_rgb_to_gray()” function in pngrtran.c contains an integer overflow error (CVE-2011-2690). The “png_err()” function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). The “png_handle_sCAL()” function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). The “png_decompress_chunk()” function in pngrutil.c contains an integer overflow error (CVE-2011-3026). The “png_inflate()” function in pngrutil.c contains and out of bounds error (CVE-2011-3045). The “png_set_text_2()” function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). The “png_formatted_warning()” function in pngerror.c contains an off-by-one error (CVE-2011-3464). Impact : An attacker could exploit these vulnerabilities to execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user, or to cause programs linked against the library to crash. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59668 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59668 title GLSA-201206-15 : libpng: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201206-15. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59668); script_version("1.13"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-3464"); script_bugtraq_id(48474, 48618, 48660, 51823, 52049, 52453, 52830); script_xref(name:"GLSA", value:"201206-15"); script_name(english:"GLSA-201206-15 : libpng: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201206-15 (libpng: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libpng: The “embedded_profile_len()” function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). The “png_format_buffer()” function in pngerror.c contains an off-by-one error (CVE-2011-2501). The “png_rgb_to_gray()” function in pngrtran.c contains an integer overflow error (CVE-2011-2690). The “png_err()” function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). The “png_handle_sCAL()” function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). The “png_decompress_chunk()” function in pngrutil.c contains an integer overflow error (CVE-2011-3026). The “png_inflate()” function in pngrutil.c contains and out of bounds error (CVE-2011-3045). The “png_set_text_2()” function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). The “png_formatted_warning()” function in pngerror.c contains an off-by-one error (CVE-2011-3464). Impact : An attacker could exploit these vulnerabilities to execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user, or to cause programs linked against the library to crash. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201206-15" ); script_set_attribute( attribute:"solution", value: "All libpng 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.10' All libpng 1.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.49' Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-libs/libpng", unaffected:make_list("ge 1.5.10", "ge 1.2.49"), vulnerable:make_list("lt 1.5.10"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng"); }
NASL family Gain a shell remotely NASL id APPLETV_5_1.NASL description According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 62357 published 2012-09-27 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62357 title Apple TV < 5.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62357); script_version("1.18"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id( "CVE-2011-1167", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3026", "CVE-2011-3048", "CVE-2011-3328", "CVE-2011-3919", "CVE-2011-4599", "CVE-2012-0682", "CVE-2012-0683", "CVE-2012-1173", "CVE-2012-3589", "CVE-2012-3590", "CVE-2012-3591", "CVE-2012-3592", "CVE-2012-3678", "CVE-2012-3679", "CVE-2012-3722", "CVE-2012-3725", "CVE-2012-3726" ); script_bugtraq_id( 46951, 48056, 49279, 49658, 49744, 51006, 51300, 52049, 52830, 52891, 54680, 56264, 56268, 56273 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2012-09-24-1"); script_name(english:"Apple TV < 5.1 Multiple Vulnerabilities"); script_summary(english:"Checks version in banner"); script_set_attribute(attribute:"synopsis", value: "The remote device is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167) - Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution. (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328) - A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution. (CVE-2012-3726) - An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution. (CVE-2012-1173) - A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution. (CVE-2011-4599) - Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution. (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919) - Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution. (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT202614"); script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2012/Sep/msg00006.html"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524229/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Upgrade the Apple TV to iOS 5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/27"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Gain a shell remotely"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("appletv_detect.nasl"); script_require_keys("www/appletv"); script_require_ports(3689); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = 3689; banner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE); if ( "DAAP-Server: iTunes/" >!< banner && "RIPT-Server: iTunesLib/" >!< banner ) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes'); pat = "^DAAP-Server: iTunes/([0-9][0-9.]+)[a-z]([0-9]+) \((Mac )?OS X\)"; if ( "DAAP-Server: iTunes/" >< banner && !egrep(pattern:pat, string:banner) ) exit(0, "The web server listening on port "+port+" does not appear to be from iTunes on an Apple TV."); fixed_major = "11.0"; fixed_minor = "46"; report = ""; # Check first for 3rd gen and recent 2nd gen models. matches = egrep(pattern:pat, string:banner); if (matches) { foreach line (split(matches, keep:FALSE)) { match = eregmatch(pattern:pat, string:line); if (!isnull(match)) { major = match[1]; minor = match[2]; if ( ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 || ( ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 && int(minor) < int(fixed_minor) ) ) { report = '\n Source : ' + line + '\n Installed iTunes version : ' + major + 'd' + minor + '\n Fixed iTunes version : ' + fixed_major + 'd' + fixed_minor + '\n'; } break; } } } else { pat2 = "^RIPT-Server: iTunesLib/([0-9]+)\."; matches = egrep(pattern:pat2, string:banner); if (matches) { foreach line (split(matches, keep:FALSE)) { match = eregmatch(pattern:pat2, string:line); if (!isnull(match)) { major = int(match[1]); if (major < 4) exit(0, "The web server listening on port "+port+" is from iTunes on a 1st generation Apple TV, which is no longer supported."); else if (major >= 4 && major <= 9) { report = '\n Source : ' + line + '\n'; } break; } } } } if (report) { if (report_verbosity > 0) security_hole(port:0, extra:report); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the last seen 2020-06-01 modified 2020-06-02 plugin id 70885 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70885 title ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70885); script_version("1.15"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id( "CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-4180", "CVE-2010-4252", "CVE-2011-0014", "CVE-2011-1089", "CVE-2011-3048", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0864", "CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2013-1406", "CVE-2013-1659" ); script_bugtraq_id( 40063, 45163, 45164, 46264, 46740, 50898, 51281, 51439, 51563, 52201, 52830, 54374, 54982, 57867, 58115 ); script_xref(name:"VMSA", value:"2013-0002"); script_xref(name:"VMSA", value:"2013-0003"); script_xref(name:"VMSA", value:"2012-0013"); script_xref(name:"VMSA", value:"2012-0018"); script_name(english:"ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)"); script_summary(english:"Checks the ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the '--verify' option is used. A remote attacker can exploit this by using a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. (CVE-2010-0830) - A flaw exists in OpenSSL due to a failure to properly prevent modification of the ciphersuite in the session cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. A remote attacker can exploit this to force a downgrade to an unintended cipher by intercepting the network traffic to discover a session identifier. (CVE-2010-4180) - A flaw exists in OpenSSL due to a failure to properly validate the public parameters in the J-PAKE protocol when J-PAKE is enabled. A remote attacker can exploit this, by sending crafted values in each round of the protocol, to bypass the need for knowledge of the shared secret. (CVE-2010-4252) - A out-of-bounds memory error exists in OpenSSL that allows a remote attacker to cause a denial of service or possibly obtain sensitive information by using a malformed ClientHello handshake message. This is also known as the 'OCSP stapling vulnerability'. (CVE-2011-0014) - A flaw exists in the addmntent() function in the glibc library due to a failure to report the error status for failed attempts to write to the /etc/mtab file. A local attacker can exploit this to corrupt the file by using writes from a process with a small RLIMIT_FSIZE value. (CVE-2011-1089) - A flaw exists in the png_set_text_2() function in the file pngset.c in the libpng library due to a failure to properly allocate memory. An unauthenticated, remote attacker can exploit this, via a crafted text chunk in a PNG image file, to trigger a heap-based buffer overflow, resulting in denial of service or the execution of arbitrary code. (CVE-2011-3048) - A flaw exists in the DTLS implementation in OpenSSL due to performing a MAC check only if certain padding is valid. A remote attacker can exploit this, via a padding oracle attack, to recover the plaintext. (CVE-2011-4108) - A double-free error exists in OpenSSL when the X509_V_FLAG_POLICY_CHECK is enabled. A remote attacker can exploit this by triggering a policy check failure, resulting in an unspecified impact. (CVE-2011-4109) - A flaw exists in OpenSSL in the SSL 3.0 implementation due to improper initialization of data structures used for block cipher padding. A remote attacker can exploit this, by decrypting the padding data sent by an SSL peer, to obtain sensitive information. (CVE-2011-4576) - A denial of service vulnerability exists in OpenSSL when RFC 3779 support is enabled. A remote attacker can exploit this to cause an assertion failure, by using an X.509 certificate containing certificate extension data associated with IP address blocks or Autonomous System (AS) identifiers. (CVE-2011-4577) - A denial of service vulnerability exists in the RPC implementation in the glibc library due to a flaw in the svc_run() function. A remote attacker can exploit this, via large number of RPC connections, to exhaust CPU resources. (CVE-2011-4609) - A denial of service vulnerability exists in the Server Gated Cryptography (SGC) implementation in OpenSSL due to a failure to properly handle handshake restarts. A remote attacker can exploit this, via unspecified vectors, to exhaust CPU resources. (CVE-2011-4619) - A denial of service vulnerability exists in OpenSSL due to improper support of DTLS applications. A remote attacker can exploit this, via unspecified vectors related to an out-of-bounds read error. Note that this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - A security bypass vulnerability exists in the glibc library due to an integer overflow condition in the vfprintf() function in file stdio-common/vfprintf.c. An attacker can exploit this, by using a large number of arguments, to bypass the FORTIFY_SOURCE protection mechanism, allowing format string attacks or writing to arbitrary memory. (CVE-2012-0864) - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string that uses positional parameters and many format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus causing stack corruption and a crash. (CVE-2012-3404) - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string with a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering desynchronization within the buffer size handling, resulting in a segmentation fault and crash. (CVE-2012-3405) - A flaw exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly restrict the use of the alloca() function when allocating the SPECS array. An attacker can exploit this, via a crafted format string using positional parameters and a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering a denial of service or the possible execution of arbitrary code. (CVE-2012-3406) - A flaw exists in the glibc library due to multiple integer overflow conditions in the strtod(), strtof(), strtold(), strtod_l(), and other unspecified related functions. A local attacker can exploit these to trigger a stack-based buffer overflow, resulting in an application crash or the possible execution of arbitrary code. (CVE-2012-3480) - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI) due to a failure by control code to properly restrict memory allocation. A local attacker can exploit this, via unspecified vectors, to gain privileges. (CVE-2013-1406) - An error exists in the implementation of the Network File Copy (NFC) protocol. A man-in-the-middle attacker can exploit this, by modifying the client-server data stream, to cause a denial of service or the execution of arbitrary code. (CVE-2013-1659)"); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2013-0002.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0003.html"); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2012-0013.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2012-0018.html"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2033751 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?050fd795"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2033767 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3b1468ad"); script_set_attribute(attribute:"solution", value: "Apply patch ESXi500-201212101-SG according to the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 5.0" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.0"); match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) exit(1, 'Failed to extract the ESXi build number.'); build = int(match[1]); fixed_build = 912577; if (build < fixed_build) { if (report_verbosity > 0) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else exit(0, "The host has "+ver+" build "+build+" and thus is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPNG-DEVEL-120330.NASL description The following security issue has been fixed : - specially crafted png files could have caused a memory corruption in libpng last seen 2020-06-05 modified 2013-01-25 plugin id 64189 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64189 title SuSE 11.1 Security Update : libpng (SAT Patch Number 6077) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64189); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-3048"); script_name(english:"SuSE 11.1 Security Update : libpng (SAT Patch Number 6077)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following security issue has been fixed : - specially crafted png files could have caused a memory corruption in libpng's png_set_text_2() function. (CVE-2011-3048)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=754745" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-3048.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6077."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng12-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libpng-devel-1.2.31-5.29.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libpng12-0-1.2.31-5.29.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng-devel-1.2.31-5.29.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng12-0-1.2.31-5.29.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng12-0-32bit-1.2.31-5.29.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libpng12-0-1.2.31-5.29.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libpng12-0-32bit-1.2.31-5.29.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libpng12-0-32bit-1.2.31-5.29.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1421.NASL description According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048) - The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692) - It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.(CVE-2015-8472) - The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691) - Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540) - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.(CVE-2011-3026) - An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.(CVE-2015-7981) - Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690) - The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124924 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124924 title EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124924); script_version("1.4"); script_cvs_date("Date: 2020/01/17"); script_cve_id( "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3048", "CVE-2015-7981", "CVE-2015-8472", "CVE-2015-8540" ); script_bugtraq_id( 48474, 48618, 48660, 52031, 52049, 52830 ); script_name(english:"EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048) - The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692) - It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.(CVE-2015-8472) - The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691) - Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540) - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.(CVE-2011-3026) - An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.(CVE-2015-7981) - Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690) - The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1421 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d1d8567b"); script_set_attribute(attribute:"solution", value: "Update the affected libpng packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libpng-1.5.13-7.1.h2.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng"); }
NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBPNG_20130313.NASL description The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. (CVE-2011-3026) - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. (CVE-2011-3048) last seen 2020-06-01 modified 2020-06-02 plugin id 80674 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80674 title Oracle Solaris Third-Party Patch Update : libpng (multiple_vulnerabilities_in_libpng2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80674); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2011-3026", "CVE-2011-3048"); script_name(english:"Oracle Solaris Third-Party Patch Update : libpng (multiple_vulnerabilities_in_libpng2)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. (CVE-2011-3026) - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. (CVE-2011-3048)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-libpng script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8b18717c" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libpng"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^libpng$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.0.0.0.0", sru:"SRU 0") > 0) flag++; if (flag) { error_extra = 'Affected package : libpng\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libpng");
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15881.NASL description The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. last seen 2020-06-01 modified 2020-06-02 plugin id 79604 published 2014-11-28 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79604 title F5 Networks BIG-IP : Libpng vulnerability (SOL15881) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL15881. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(79604); script_version("1.4"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2011-3048"); script_bugtraq_id(52830); script_name(english:"F5 Networks BIG-IP : Libpng vulnerability (SOL15881)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K15881" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15881." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL15881"; vmatrix = make_array(); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.4.1"); vmatrix["AFM"]["unaffected"] = make_list("11.5.0-11.6.0"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.4.0-11.4.1"); vmatrix["AM"]["unaffected"] = make_list("11.5.0-11.6.0"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.0.0-11.4.1","10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("11.5.0-11.6.0"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("11.5.0-11.6.0"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.4.1"); vmatrix["AVR"]["unaffected"] = make_list("11.5.0-11.6.0"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["GTM"]["unaffected"] = make_list("11.5.0-11.6.0"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("11.5.0-11.6.0"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("11.5.0-11.6.0"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.4.1"); vmatrix["PEM"]["unaffected"] = make_list("11.5.0-11.6.0"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2012-5518.NASL description Fix minor security issue (CVE-2011-3048) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-25 plugin id 58858 published 2012-04-25 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58858 title Fedora 16 : libpng-1.2.49-1.fc16 (2012-5518) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-5518. # include("compat.inc"); if (description) { script_id(58858); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-3048"); script_bugtraq_id(52830); script_xref(name:"FEDORA", value:"2012-5518"); script_name(english:"Fedora 16 : libpng-1.2.49-1.fc16 (2012-5518)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix minor security issue (CVE-2011-3048) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=808139" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e310499f" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"libpng-1.2.49-1.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1417-1.NASL description It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58617 published 2012-04-06 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58617 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libpng vulnerability (USN-1417-1) NASL family Scientific Linux Local Security Checks NASL id SL_20120425_LIBPNG_ON_SL5_X.NASL description The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Scientific Linux 5, they contain a backported patch. For Scientific Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect. last seen 2020-03-18 modified 2012-08-01 plugin id 61307 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61307 title Scientific Linux Security Update : libpng on SL5.x, SL6.x i386/x86_64 (20120425) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-004.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 62213 published 2012-09-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62213 title Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST) NASL family Fedora Local Security Checks NASL id FEDORA_2012-5526.NASL description Fix minor security issue (CVE-2011-3048) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-12 plugin id 58715 published 2012-04-12 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58715 title Fedora 17 : libpng-1.5.10-1.fc17 (2012-5526) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2446.NASL description It was discovered that incorrect memory handling in the png_set_text2() function of the PNG library could lead to the execution of arbitrary code. last seen 2020-03-17 modified 2012-04-05 plugin id 58598 published 2012-04-05 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58598 title Debian DSA-2446-1 : libpng - incorrect memory handling NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-68.NASL description A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) last seen 2020-06-01 modified 2020-06-02 plugin id 69675 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69675 title Amazon Linux AMI : libpng (ALAS-2012-68) NASL family Fedora Local Security Checks NASL id FEDORA_2012-5080.NASL description This update includes a fix for a potential memory corruption issue (CVE-2011-3048). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-09 plugin id 58637 published 2012-04-09 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58637 title Fedora 16 : libpng10-1.0.59-1.fc16 (2012-5080) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-217.NASL description specially crafted png files could cause a memory corruption in libpng last seen 2020-06-05 modified 2014-06-13 plugin id 74594 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74594 title openSUSE Security Update : libpng (openSUSE-SU-2012:0491-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0523.NASL description Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 58879 published 2012-04-26 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58879 title CentOS 5 / 6 : libpng (CESA-2012:0523) NASL family Fedora Local Security Checks NASL id FEDORA_2012-5515.NASL description Fix minor security issue (CVE-2011-3048) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-25 plugin id 58857 published 2012-04-25 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58857 title Fedora 15 : libpng-1.2.49-1.fc15 (2012-5515) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_262B92FE81C811E18899001EC9578670.NASL description The PNG project reports : libpng fails to correctly handle malloc() failures for text chunks (in png_set_text_2()), which can lead to memory corruption and the possibility of remote code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 58640 published 2012-04-09 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58640 title FreeBSD : png -- memory corruption/possible remote code execution (262b92fe-81c8-11e1-8899-001ec9578670) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0523.NASL description Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 58882 published 2012-04-26 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58882 title RHEL 5 / 6 : libpng (RHSA-2012:0523) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_5.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB last seen 2020-06-01 modified 2020-06-02 plugin id 62214 published 2012-09-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62214 title Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0523.NASL description From Red Hat Security Advisory 2012:0523 : Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68520 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68520 title Oracle Linux 5 / 6 : libpng (ELSA-2012-0523) NASL family Fedora Local Security Checks NASL id FEDORA_2012-5079.NASL description This update includes a fix for a potential memory corruption issue (CVE-2011-3048). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-09 plugin id 58636 published 2012-04-09 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58636 title Fedora 15 : libpng10-1.0.59-1.fc15 (2012-5079) NASL family SuSE Local Security Checks NASL id SUSE_LIBPNG-8043.NASL description The following security issue has been fixed : - specially crafted png files could have caused a memory corruption in libpng last seen 2020-06-05 modified 2012-06-14 plugin id 59494 published 2012-06-14 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59494 title SuSE 10 Security Update : libpng (ZYPP Patch Number 8043)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html
- http://rhn.redhat.com/errata/RHSA-2012-0523.html
- http://secunia.com/advisories/48587
- http://secunia.com/advisories/48644
- http://secunia.com/advisories/48665
- http://secunia.com/advisories/48721
- http://secunia.com/advisories/48983
- http://secunia.com/advisories/49660
- http://security.gentoo.org/glsa/glsa-201206-15.xml
- http://support.apple.com/kb/HT5501
- http://support.apple.com/kb/HT5503
- http://ubuntu.com/usn/usn-1417-1
- http://www.debian.org/security/2012/dsa-2446
- http://www.libpng.org/pub/png/libpng.html
- http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:046
- http://www.osvdb.org/80822
- http://www.securityfocus.com/bid/52830
- http://www.securitytracker.com/id?1026879
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74494