Vulnerabilities > CVE-2012-1173 - Numeric Errors vulnerability in Libtiff 3.9.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-65.NASL description Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) last seen 2020-06-01 modified 2020-06-02 plugin id 69672 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69672 title Amazon Linux AMI : libtiff (ALAS-2012-65) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2012-65. # include("compat.inc"); if (description) { script_id(69672); script_version("1.6"); script_cvs_date("Date: 2018/04/18 15:09:34"); script_cve_id("CVE-2012-1173"); script_xref(name:"ALAS", value:"2012-65"); script_xref(name:"RHSA", value:"2012:0468"); script_name(english:"Amazon Linux AMI : libtiff (ALAS-2012-65)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2012-65.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update libtiff' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"libtiff-3.9.4-5.8.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libtiff-debuginfo-3.9.4-5.8.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libtiff-devel-3.9.4-5.8.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libtiff-static-3.9.4-5.8.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-devel / libtiff-static"); }
NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBTIFF_20120710.NASL description The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. (CVE-2012-1173) last seen 2020-06-01 modified 2020-06-02 plugin id 80679 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80679 title Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_1173_numeric_errors) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80679); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-1173"); script_name(english:"Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_1173_numeric_errors)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. (CVE-2012-1173)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/cve-2012-1173-numeric-errors-vulnerability-in-libtiff script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?19cf5eb2" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 8.5."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libtiff"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^libtiff$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.8.0.5.0", sru:"SRU 8.5") > 0) flag++; if (flag) { error_extra = 'Affected package : libtiff\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libtiff");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0468.NASL description From Red Hat Security Advisory 2012:0468 : Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68509 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68509 title Oracle Linux 5 / 6 : libtiff (ELSA-2012-0468) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0468 and # Oracle Linux Security Advisory ELSA-2012-0468 respectively. # include("compat.inc"); if (description) { script_id(68509); script_version("1.8"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-1173"); script_bugtraq_id(52891); script_xref(name:"RHSA", value:"2012:0468"); script_name(english:"Oracle Linux 5 / 6 : libtiff (ELSA-2012-0468)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:0468 : Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-April/002735.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-April/002739.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/04"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"libtiff-3.8.2-14.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"libtiff-devel-3.8.2-14.el5_8")) flag++; if (rpm_check(release:"EL6", reference:"libtiff-3.9.4-5.el6_2")) flag++; if (rpm_check(release:"EL6", reference:"libtiff-devel-3.9.4-5.el6_2")) flag++; if (rpm_check(release:"EL6", reference:"libtiff-static-3.9.4-5.el6_2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel / libtiff-static"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2012-5410.NASL description Add fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-23 plugin id 58818 published 2012-04-23 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58818 title Fedora 16 : libtiff-3.9.5-3.fc16 (2012-5410) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-5410. # include("compat.inc"); if (description) { script_id(58818); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-1173"); script_bugtraq_id(52891); script_xref(name:"FEDORA", value:"2012-5410"); script_name(english:"Fedora 16 : libtiff-3.9.5-3.fc16 (2012-5410)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Add fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=803078" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fad842f7" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"libtiff-3.9.5-3.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff"); }
NASL family Gain a shell remotely NASL id APPLETV_5_1.NASL description According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 62357 published 2012-09-27 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62357 title Apple TV < 5.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62357); script_version("1.18"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id( "CVE-2011-1167", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3026", "CVE-2011-3048", "CVE-2011-3328", "CVE-2011-3919", "CVE-2011-4599", "CVE-2012-0682", "CVE-2012-0683", "CVE-2012-1173", "CVE-2012-3589", "CVE-2012-3590", "CVE-2012-3591", "CVE-2012-3592", "CVE-2012-3678", "CVE-2012-3679", "CVE-2012-3722", "CVE-2012-3725", "CVE-2012-3726" ); script_bugtraq_id( 46951, 48056, 49279, 49658, 49744, 51006, 51300, 52049, 52830, 52891, 54680, 56264, 56268, 56273 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2012-09-24-1"); script_name(english:"Apple TV < 5.1 Multiple Vulnerabilities"); script_summary(english:"Checks version in banner"); script_set_attribute(attribute:"synopsis", value: "The remote device is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167) - Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution. (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328) - A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution. (CVE-2012-3726) - An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution. (CVE-2012-1173) - A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution. (CVE-2011-4599) - Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution. (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919) - Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution. (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT202614"); script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2012/Sep/msg00006.html"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524229/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Upgrade the Apple TV to iOS 5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/27"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Gain a shell remotely"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("appletv_detect.nasl"); script_require_keys("www/appletv"); script_require_ports(3689); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = 3689; banner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE); if ( "DAAP-Server: iTunes/" >!< banner && "RIPT-Server: iTunesLib/" >!< banner ) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes'); pat = "^DAAP-Server: iTunes/([0-9][0-9.]+)[a-z]([0-9]+) \((Mac )?OS X\)"; if ( "DAAP-Server: iTunes/" >< banner && !egrep(pattern:pat, string:banner) ) exit(0, "The web server listening on port "+port+" does not appear to be from iTunes on an Apple TV."); fixed_major = "11.0"; fixed_minor = "46"; report = ""; # Check first for 3rd gen and recent 2nd gen models. matches = egrep(pattern:pat, string:banner); if (matches) { foreach line (split(matches, keep:FALSE)) { match = eregmatch(pattern:pat, string:line); if (!isnull(match)) { major = match[1]; minor = match[2]; if ( ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 || ( ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 && int(minor) < int(fixed_minor) ) ) { report = '\n Source : ' + line + '\n Installed iTunes version : ' + major + 'd' + minor + '\n Fixed iTunes version : ' + fixed_major + 'd' + fixed_minor + '\n'; } break; } } } else { pat2 = "^RIPT-Server: iTunesLib/([0-9]+)\."; matches = egrep(pattern:pat2, string:banner); if (matches) { foreach line (split(matches, keep:FALSE)) { match = eregmatch(pattern:pat2, string:line); if (!isnull(match)) { major = int(match[1]); if (major < 4) exit(0, "The web server listening on port "+port+" is from iTunes on a 1st generation Apple TV, which is no longer supported."); else if (major >= 4 && major <= 9) { report = '\n Source : ' + line + '\n'; } break; } } } } if (report) { if (report_verbosity > 0) security_hole(port:0, extra:report); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-234.NASL description specially crafted tiff files could cause a heap overflow in libtiff last seen 2020-06-05 modified 2014-06-13 plugin id 74603 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74603 title openSUSE Security Update : tiff (openSUSE-SU-2012:0539-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0468.NASL description Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-04-16 modified 2012-04-11 plugin id 58675 published 2012-04-11 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58675 title RHEL 5 / 6 : libtiff (RHSA-2012:0468) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0468.NASL description Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 58666 published 2012-04-11 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58666 title CentOS 5 / 6 : libtiff (CESA-2012:0468) NASL family Fedora Local Security Checks NASL id FEDORA_2012-5463.NASL description Add fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-12 plugin id 58713 published 2012-04-12 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58713 title Fedora 17 : libtiff-3.9.5-3.fc17 (2012-5463) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBTIFF-DEVEL-120405.NASL description This update of tiff fixes an issue where specially crafted tiff files could have triggered an integer overflow which would have lead to a heap-based buffer overflow. (CVE-2012-1173) last seen 2020-06-05 modified 2012-04-18 plugin id 58775 published 2012-04-18 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58775 title SuSE 11.1 Security Update : libtiff (SAT Patch Number 6106) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-098-01.NASL description New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59478 published 2012-06-14 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59478 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 9.0 / 9.1 / current : libtiff (SSA:2012-098-01) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-004.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 62213 published 2012-09-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62213 title Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-054.NASL description A vulnerability has been found and corrected in libtiff : An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file (CVE-2012-1173). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 58599 published 2012-04-05 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58599 title Mandriva Linux Security Advisory : libtiff (MDVSA-2012:054) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1416-1.NASL description Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2012-1173) It was discovered that the tiffdump utility incorrectly handled directory data structures with many directory entries. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2010-4665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58600 published 2012-04-05 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58600 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : tiff vulnerabilities (USN-1416-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2447.NASL description Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened. last seen 2020-03-17 modified 2012-04-06 plugin id 58608 published 2012-04-06 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58608 title Debian DSA-2447-1 : tiff - integer overflow NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15863.NASL description CVE-2012-1173 last seen 2020-06-01 modified 2020-06-02 plugin id 80447 published 2015-01-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80447 title F5 Networks BIG-IP : Libtiff vulnerabilities (SOL15863) NASL family Scientific Linux Local Security Checks NASL id SL_20120410_LIBTIFF_ON_SL5_X.NASL description The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-03-18 modified 2012-08-01 plugin id 61296 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61296 title Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20120410) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-02.NASL description The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62235 published 2012-09-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62235 title GLSA-201209-02 : libTIFF: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-8055.NASL description This update of tiff fixes an issue where specially crafted tiff files could trigger an integer overflow which leads to a heap-based buffer overflow. (CVE-2012-1173) last seen 2020-06-05 modified 2012-04-18 plugin id 58777 published 2012-04-18 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58777 title SuSE 10 Security Update : tiff (ZYPP Patch Number 8055) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_5.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB last seen 2020-06-01 modified 2020-06-02 plugin id 62214 published 2012-09-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62214 title Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST) NASL family Fedora Local Security Checks NASL id FEDORA_2012-5406.NASL description Add fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-19 plugin id 58785 published 2012-04-19 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58785 title Fedora 15 : libtiff-3.9.5-3.fc15 (2012-5406)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://secunia.com/advisories/48757
- http://secunia.com/advisories/48893
- http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff
- http://bugzilla.maptools.org/show_bug.cgi?id=2369
- http://www.debian.org/security/2012/dsa-2447
- https://hermes.opensuse.org/messages/14302713
- http://rhn.redhat.com/errata/RHSA-2012-0468.html
- http://www.securityfocus.com/bid/52891
- https://downloads.avaya.com/css/P8/documents/100161772
- http://www.osvdb.org/81025
- http://secunia.com/advisories/48684
- http://secunia.com/advisories/48735
- http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt
- http://ubuntu.com/usn/usn-1416-1
- http://secunia.com/advisories/48722
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://support.apple.com/kb/HT5501
- http://support.apple.com/kb/HT5503
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://www.securitytracker.com/id?1026895
- http://secunia.com/advisories/50726
- http://security.gentoo.org/glsa/glsa-201209-02.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74656
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:054