Vulnerabilities > CVE-2012-1173 - Numeric Errors vulnerability in Libtiff 3.9.4

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Libtiff
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-65.NASL
    descriptionTwo integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173)
    last seen2020-06-01
    modified2020-06-02
    plugin id69672
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69672
    titleAmazon Linux AMI : libtiff (ALAS-2012-65)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2012-65.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69672);
      script_version("1.6");
      script_cvs_date("Date: 2018/04/18 15:09:34");
    
      script_cve_id("CVE-2012-1173");
      script_xref(name:"ALAS", value:"2012-65");
      script_xref(name:"RHSA", value:"2012:0468");
    
      script_name(english:"Amazon Linux AMI : libtiff (ALAS-2012-65)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two integer overflow flaws, leading to heap-based buffer overflows,
    were found in the way libtiff attempted to allocate space for a tile
    in a TIFF image file. An attacker could use these flaws to create a
    specially crafted TIFF file that, when opened, would cause an
    application linked against libtiff to crash or, possibly, execute
    arbitrary code. (CVE-2012-1173)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2012-65.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update libtiff' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"libtiff-3.9.4-5.8.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libtiff-debuginfo-3.9.4-5.8.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libtiff-devel-3.9.4-5.8.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libtiff-static-3.9.4-5.8.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-devel / libtiff-static");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_LIBTIFF_20120710.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. (CVE-2012-1173)
    last seen2020-06-01
    modified2020-06-02
    plugin id80679
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80679
    titleOracle Solaris Third-Party Patch Update : libtiff (cve_2012_1173_numeric_errors)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80679);
      script_version("1.2");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id("CVE-2012-1173");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_1173_numeric_errors)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates :
    
      - Multiple integer overflows in tiff_getimage.c in LibTIFF
        3.9.4 allow remote attackers to execute arbitrary code
        via a crafted tile size in a TIFF file, which is not
        properly handled by the (1) gtTileSeparate or (2)
        gtStripSeparate function, leading to a heap-based buffer
        overflow. (CVE-2012-1173)"
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      # https://blogs.oracle.com/sunsecurity/cve-2012-1173-numeric-errors-vulnerability-in-libtiff
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?19cf5eb2"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 8.5.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libtiff");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^libtiff$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.0.8.0.5.0", sru:"SRU 8.5") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : libtiff\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libtiff");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0468.NASL
    descriptionFrom Red Hat Security Advisory 2012:0468 : Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68509
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68509
    titleOracle Linux 5 / 6 : libtiff (ELSA-2012-0468)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:0468 and 
    # Oracle Linux Security Advisory ELSA-2012-0468 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68509);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/30 10:58:17");
    
      script_cve_id("CVE-2012-1173");
      script_bugtraq_id(52891);
      script_xref(name:"RHSA", value:"2012:0468");
    
      script_name(english:"Oracle Linux 5 / 6 : libtiff (ELSA-2012-0468)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:0468 :
    
    Updated libtiff packages that fix two security issues are now
    available for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The libtiff packages contain a library of functions for manipulating
    Tagged Image File Format (TIFF) files.
    
    Two integer overflow flaws, leading to heap-based buffer overflows,
    were found in the way libtiff attempted to allocate space for a tile
    in a TIFF image file. An attacker could use these flaws to create a
    specially crafted TIFF file that, when opened, would cause an
    application linked against libtiff to crash or, possibly, execute
    arbitrary code. (CVE-2012-1173)
    
    All libtiff users should upgrade to these updated packages, which
    contain a backported patch to resolve these issues. All running
    applications linked against libtiff must be restarted for this update
    to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-April/002735.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-April/002739.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtiff packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"libtiff-3.8.2-14.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"libtiff-devel-3.8.2-14.el5_8")) flag++;
    
    if (rpm_check(release:"EL6", reference:"libtiff-3.9.4-5.el6_2")) flag++;
    if (rpm_check(release:"EL6", reference:"libtiff-devel-3.9.4-5.el6_2")) flag++;
    if (rpm_check(release:"EL6", reference:"libtiff-static-3.9.4-5.el6_2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel / libtiff-static");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-5410.NASL
    descriptionAdd fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-23
    plugin id58818
    published2012-04-23
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58818
    titleFedora 16 : libtiff-3.9.5-3.fc16 (2012-5410)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2012-5410.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58818);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-1173");
      script_bugtraq_id(52891);
      script_xref(name:"FEDORA", value:"2012-5410");
    
      script_name(english:"Fedora 16 : libtiff-3.9.5-3.fc16 (2012-5410)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Add fix for CVE-2012-1173
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=803078"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fad842f7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtiff package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtiff");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC16", reference:"libtiff-3.9.5-3.fc16")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff");
    }
    
  • NASL familyGain a shell remotely
    NASL idAPPLETV_5_1.NASL
    descriptionAccording to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff
    last seen2020-06-01
    modified2020-06-02
    plugin id62357
    published2012-09-27
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62357
    titleApple TV < 5.1 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62357);
      script_version("1.18");
      script_cvs_date("Date: 2018/11/15 20:50:22");
    
      script_cve_id(
        "CVE-2011-1167",
        "CVE-2011-1944",
        "CVE-2011-2821",
        "CVE-2011-2834",
        "CVE-2011-3026",
        "CVE-2011-3048",
        "CVE-2011-3328",
        "CVE-2011-3919",
        "CVE-2011-4599",
        "CVE-2012-0682",
        "CVE-2012-0683",
        "CVE-2012-1173",
        "CVE-2012-3589",
        "CVE-2012-3590",
        "CVE-2012-3591",
        "CVE-2012-3592",
        "CVE-2012-3678",
        "CVE-2012-3679",
        "CVE-2012-3722",
        "CVE-2012-3725",
        "CVE-2012-3726"
      );
      script_bugtraq_id(
        46951,
        48056,
        49279,
        49658,
        49744,
        51006,
        51300,
        52049,
        52830,
        52891,
        54680,
        56264,
        56268,
        56273
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2012-09-24-1");
    
      script_name(english:"Apple TV < 5.1 Multiple Vulnerabilities");
      script_summary(english:"Checks version in banner");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the remote Apple TV 2nd generation or later
    device has a version of iOS that is prior to 5.1. It is, therefore,
    reportedly affected by several vulnerabilities :
    
      - An uninitialized memory access issue in the handling of
        Sorenson encoded movie files could lead to arbitrary
        code execution. (CVE-2012-3722)
    
      - Following the DNAv4 protocol, the device may broadcast
        MAC addresses of previously accessed networks when
        connecting to a Wi-Fi network. (CVE-2012-3725)
    
      - A buffer overflow in libtiff's handling of ThunderScan
        encoded TIFF images could lead to arbitrary code
        execution. (CVE-2011-1167)
    
      - Multiple memory corruption issues in libpng's handling
        of PNG images could lead to arbitrary code execution.
        (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328)
    
      - A double free issue in ImageIO's handling of JPEG
        images could lead to arbitrary code execution.
        (CVE-2012-3726)
    
      - An integer overflow issue in libTIFF's handling of TIFF
        images could lead to arbitrary code execution.
        (CVE-2012-1173)
    
      - A stack-based buffer overflow in the handling of ICU
        locale IDs could lead to arbitrary code execution.
        (CVE-2011-4599)
    
      - Multiple vulnerabilities in libxml could have a variety
        of impacts, including arbitrary code execution.
        (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 /
        CVE-2011-3919)
    
      - Multiple memory corruption issues in JavaScriptCore
        could lead to arbitrary code execution.
        (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 /
        CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 /
        CVE-2012-3678 / CVE-2012-3679)");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT202614");
      script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2012/Sep/msg00006.html");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524229/30/0/threaded");
      script_set_attribute(attribute:"solution", value:"Upgrade the Apple TV to iOS 5.1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/27");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Gain a shell remotely");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("appletv_detect.nasl");
      script_require_keys("www/appletv");
      script_require_ports(3689);
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    
    port = 3689;
    banner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);
    if (
      "DAAP-Server: iTunes/" >!< banner &&
      "RIPT-Server: iTunesLib/" >!< banner
    ) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');
    
    pat = "^DAAP-Server: iTunes/([0-9][0-9.]+)[a-z]([0-9]+) \((Mac )?OS X\)";
    if (
      "DAAP-Server: iTunes/" >< banner &&
      !egrep(pattern:pat, string:banner)
    ) exit(0, "The web server listening on port "+port+" does not appear to be from iTunes on an Apple TV.");
    
    
    fixed_major = "11.0";
    fixed_minor = "46";
    
    report = "";
    
    # Check first for 3rd gen and recent 2nd gen models.
    matches = egrep(pattern:pat, string:banner);
    if (matches)
    {
      foreach line (split(matches, keep:FALSE))
      {
        match = eregmatch(pattern:pat, string:line);
        if (!isnull(match))
        {
          major = match[1];
          minor = match[2];
    
          if (
            ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 ||
            (
              ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 &&
              int(minor) < int(fixed_minor)
            )
          )
          {
            report = '\n  Source                   : ' + line +
                     '\n  Installed iTunes version : ' + major + 'd' + minor +
                     '\n  Fixed iTunes version     : ' + fixed_major + 'd' + fixed_minor +
                     '\n';
          }
          break;
        }
      }
    }
    else
    {
      pat2 = "^RIPT-Server: iTunesLib/([0-9]+)\.";
      matches = egrep(pattern:pat2, string:banner);
      if (matches)
      {
        foreach line (split(matches, keep:FALSE))
        {
          match = eregmatch(pattern:pat2, string:line);
          if (!isnull(match))
          {
            major = int(match[1]);
            if (major < 4) exit(0, "The web server listening on port "+port+" is from iTunes on a 1st generation Apple TV, which is no longer supported.");
            else if (major >= 4 && major <= 9)
            {
              report = '\n  Source : ' + line +
                       '\n';
            }
            break;
          }
        }
      }
    }
    
    
    if (report)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:report);
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-234.NASL
    descriptionspecially crafted tiff files could cause a heap overflow in libtiff
    last seen2020-06-05
    modified2014-06-13
    plugin id74603
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74603
    titleopenSUSE Security Update : tiff (openSUSE-SU-2012:0539-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0468.NASL
    descriptionUpdated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen2020-04-16
    modified2012-04-11
    plugin id58675
    published2012-04-11
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58675
    titleRHEL 5 / 6 : libtiff (RHSA-2012:0468)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0468.NASL
    descriptionUpdated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id58666
    published2012-04-11
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58666
    titleCentOS 5 / 6 : libtiff (CESA-2012:0468)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-5463.NASL
    descriptionAdd fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-12
    plugin id58713
    published2012-04-12
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58713
    titleFedora 17 : libtiff-3.9.5-3.fc17 (2012-5463)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBTIFF-DEVEL-120405.NASL
    descriptionThis update of tiff fixes an issue where specially crafted tiff files could have triggered an integer overflow which would have lead to a heap-based buffer overflow. (CVE-2012-1173)
    last seen2020-06-05
    modified2012-04-18
    plugin id58775
    published2012-04-18
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58775
    titleSuSE 11.1 Security Update : libtiff (SAT Patch Number 6106)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2012-098-01.NASL
    descriptionNew libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id59478
    published2012-06-14
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59478
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 9.0 / 9.1 / current : libtiff (SSA:2012-098-01)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2012-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id62213
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62213
    titleMac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-054.NASL
    descriptionA vulnerability has been found and corrected in libtiff : An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file (CVE-2012-1173). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id58599
    published2012-04-05
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58599
    titleMandriva Linux Security Advisory : libtiff (MDVSA-2012:054)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1416-1.NASL
    descriptionAlexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2012-1173) It was discovered that the tiffdump utility incorrectly handled directory data structures with many directory entries. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2010-4665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58600
    published2012-04-05
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58600
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : tiff vulnerabilities (USN-1416-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2447.NASL
    descriptionAlexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened.
    last seen2020-03-17
    modified2012-04-06
    plugin id58608
    published2012-04-06
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58608
    titleDebian DSA-2447-1 : tiff - integer overflow
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL15863.NASL
    descriptionCVE-2012-1173
    last seen2020-06-01
    modified2020-06-02
    plugin id80447
    published2015-01-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80447
    titleF5 Networks BIG-IP : Libtiff vulnerabilities (SOL15863)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120410_LIBTIFF_ON_SL5_X.NASL
    descriptionThe libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61296
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61296
    titleScientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20120410)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201209-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id62235
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62235
    titleGLSA-201209-02 : libTIFF: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBTIFF-8055.NASL
    descriptionThis update of tiff fixes an issue where specially crafted tiff files could trigger an integer overflow which leads to a heap-based buffer overflow. (CVE-2012-1173)
    last seen2020-06-05
    modified2012-04-18
    plugin id58777
    published2012-04-18
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58777
    titleSuSE 10 Security Update : tiff (ZYPP Patch Number 8055)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB
    last seen2020-06-01
    modified2020-06-02
    plugin id62214
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62214
    titleMac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-5406.NASL
    descriptionAdd fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-19
    plugin id58785
    published2012-04-19
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58785
    titleFedora 15 : libtiff-3.9.5-3.fc15 (2012-5406)

Redhat

advisories
bugzilla
id803078
titleCVE-2012-1173 libtiff: Heap-buffer overflow due to TileSize calculation when parsing tiff files
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibtiff-devel is earlier than 0:3.8.2-14.el5_8
          ovaloval:com.redhat.rhsa:tst:20120468001
        • commentlibtiff-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080847004
      • AND
        • commentlibtiff is earlier than 0:3.8.2-14.el5_8
          ovaloval:com.redhat.rhsa:tst:20120468003
        • commentlibtiff is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080847002
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentlibtiff-devel is earlier than 0:3.9.4-5.el6_2
          ovaloval:com.redhat.rhsa:tst:20120468006
        • commentlibtiff-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110318014
      • AND
        • commentlibtiff-static is earlier than 0:3.9.4-5.el6_2
          ovaloval:com.redhat.rhsa:tst:20120468008
        • commentlibtiff-static is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110318012
      • AND
        • commentlibtiff is earlier than 0:3.9.4-5.el6_2
          ovaloval:com.redhat.rhsa:tst:20120468010
        • commentlibtiff is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110318016
rhsa
idRHSA-2012:0468
released2012-04-10
severityImportant
titleRHSA-2012:0468: libtiff security update (Important)
rpms
  • libtiff-0:3.8.2-14.el5_8
  • libtiff-0:3.9.4-5.el6_2
  • libtiff-debuginfo-0:3.8.2-14.el5_8
  • libtiff-debuginfo-0:3.9.4-5.el6_2
  • libtiff-devel-0:3.8.2-14.el5_8
  • libtiff-devel-0:3.9.4-5.el6_2
  • libtiff-static-0:3.9.4-5.el6_2