Vulnerabilities > CVE-2016-9537 - Out-of-bounds Write vulnerability in Libtiff 4.0.6

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
libtiff
CWE-787
critical
nessus

Summary

tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.

Vulnerable Configurations

Part Description Count
Application
Libtiff
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3212-3.NASL
    descriptionUSN-3212-1 and USN-3212-2 fixed a vulnerabilitiy in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101833
    published2017-07-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101833
    titleUbuntu 12.04 LTS : tiff vulnerabilities (USN-3212-3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3212-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101833);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2015-7554", "CVE-2015-8668", "CVE-2016-10092", "CVE-2016-3623", "CVE-2016-3624", "CVE-2016-3632", "CVE-2016-3990", "CVE-2016-3991", "CVE-2016-5321", "CVE-2016-5322", "CVE-2016-8331", "CVE-2016-9453", "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9536", "CVE-2016-9537");
      script_xref(name:"USN", value:"3212-3");
    
      script_name(english:"Ubuntu 12.04 LTS : tiff vulnerabilities (USN-3212-3)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3212-1 and USN-3212-2 fixed a vulnerabilitiy in LibTIFF. This
    update provides a subset of corresponding update for Ubuntu 12.04 ESM.
    
    It was discovered that LibTIFF incorrectly handled certain malformed
    images. If a user or automated system were tricked into opening a
    specially crafted image, a remote attacker could crash the
    application, leading to a denial of service, or possibly execute
    arbitrary code with user privileges.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3212-3/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtiff-tools and / or libtiff4 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libtiff-tools", pkgver:"3.9.5-2ubuntu1.10")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libtiff4", pkgver:"3.9.5-2ubuntu1.10")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff-tools / libtiff4");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0225.NASL
    descriptionAn update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)
    last seen2020-06-01
    modified2020-06-02
    plugin id96948
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96948
    titleRHEL 6 / 7 : libtiff (RHSA-2017:0225)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0225. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96948);
      script_version("3.8");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2015-8870", "CVE-2016-5652", "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9540");
      script_xref(name:"RHSA", value:"2017:0225");
    
      script_name(english:"RHEL 6 / 7 : libtiff (RHSA-2017:0225)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for libtiff is now available for Red Hat Enterprise Linux 6
    and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The libtiff packages contain a library of functions for manipulating
    Tagged Image File Format (TIFF) files.
    
    Security Fix(es) :
    
    * Multiple flaws have been discovered in libtiff. A remote attacker
    could exploit these flaws to cause a crash or memory corruption and,
    possibly, execute arbitrary code by tricking an application linked
    against libtiff into processing specially crafted files.
    (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)
    
    * Multiple flaws have been discovered in various libtiff tools
    (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into
    processing a specially crafted file, a remote attacker could exploit
    these flaws to cause a crash or memory corruption and, possibly,
    execute arbitrary code with the privileges of the user running the
    libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540,
    CVE-2016-9537, CVE-2016-9536)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:0225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9533"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9537"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9540"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:0225";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"libtiff-3.9.4-21.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"libtiff-debuginfo-3.9.4-21.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"libtiff-devel-3.9.4-21.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libtiff-static-3.9.4-21.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libtiff-static-3.9.4-21.el6_8")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libtiff-static-3.9.4-21.el6_8")) flag++;
    
    
      if (rpm_check(release:"RHEL7", reference:"libtiff-4.0.3-27.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libtiff-debuginfo-4.0.3-27.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libtiff-devel-4.0.3-27.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libtiff-static-4.0.3-27.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libtiff-tools-4.0.3-27.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libtiff-tools-4.0.3-27.el7_3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-devel / libtiff-static / etc");
      }
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_12_4.NASL
    descriptionThe remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id99134
    published2017-03-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99134
    titlemacOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99134);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2016-0736",
        "CVE-2016-2161",
        "CVE-2016-3619",
        "CVE-2016-4688",
        "CVE-2016-5387",
        "CVE-2016-5636",
        "CVE-2016-7056",
        "CVE-2016-7585",
        "CVE-2016-7922",
        "CVE-2016-7923",
        "CVE-2016-7924",
        "CVE-2016-7925",
        "CVE-2016-7926",
        "CVE-2016-7927",
        "CVE-2016-7928",
        "CVE-2016-7929",
        "CVE-2016-7930",
        "CVE-2016-7931",
        "CVE-2016-7932",
        "CVE-2016-7933",
        "CVE-2016-7934",
        "CVE-2016-7935",
        "CVE-2016-7936",
        "CVE-2016-7937",
        "CVE-2016-7938",
        "CVE-2016-7939",
        "CVE-2016-7940",
        "CVE-2016-7973",
        "CVE-2016-7974",
        "CVE-2016-7975",
        "CVE-2016-7983",
        "CVE-2016-7984",
        "CVE-2016-7985",
        "CVE-2016-7986",
        "CVE-2016-7992",
        "CVE-2016-7993",
        "CVE-2016-8574",
        "CVE-2016-8575",
        "CVE-2016-8740",
        "CVE-2016-8743",
        "CVE-2016-9533",
        "CVE-2016-9535",
        "CVE-2016-9536",
        "CVE-2016-9537",
        "CVE-2016-9538",
        "CVE-2016-9539",
        "CVE-2016-9540",
        "CVE-2016-9586",
        "CVE-2016-9935",
        "CVE-2016-10009",
        "CVE-2016-10010",
        "CVE-2016-10011",
        "CVE-2016-10012",
        "CVE-2016-10158",
        "CVE-2016-10159",
        "CVE-2016-10160",
        "CVE-2016-10161",
        "CVE-2017-2379",
        "CVE-2017-2381",
        "CVE-2017-2388",
        "CVE-2017-2390",
        "CVE-2017-2398",
        "CVE-2017-2401",
        "CVE-2017-2402",
        "CVE-2017-2403",
        "CVE-2017-2406",
        "CVE-2017-2407",
        "CVE-2017-2408",
        "CVE-2017-2409",
        "CVE-2017-2410",
        "CVE-2017-2413",
        "CVE-2017-2416",
        "CVE-2017-2417",
        "CVE-2017-2418",
        "CVE-2017-2420",
        "CVE-2017-2421",
        "CVE-2017-2422",
        "CVE-2017-2423",
        "CVE-2017-2425",
        "CVE-2017-2426",
        "CVE-2017-2427",
        "CVE-2017-2428",
        "CVE-2017-2429",
        "CVE-2017-2430",
        "CVE-2017-2431",
        "CVE-2017-2432",
        "CVE-2017-2435",
        "CVE-2017-2436",
        "CVE-2017-2437",
        "CVE-2017-2438",
        "CVE-2017-2439",
        "CVE-2017-2440",
        "CVE-2017-2441",
        "CVE-2017-2443",
        "CVE-2017-2448",
        "CVE-2017-2449",
        "CVE-2017-2450",
        "CVE-2017-2451",
        "CVE-2017-2456",
        "CVE-2017-2458",
        "CVE-2017-2461",
        "CVE-2017-2462",
        "CVE-2017-2467",
        "CVE-2017-2472",
        "CVE-2017-2473",
        "CVE-2017-2474",
        "CVE-2017-2477",
        "CVE-2017-2478",
        "CVE-2017-2482",
        "CVE-2017-2483",
        "CVE-2017-2485",
        "CVE-2017-2487",
        "CVE-2017-2489",
        "CVE-2017-2490",
        "CVE-2017-5029",
        "CVE-2017-5202",
        "CVE-2017-5203",
        "CVE-2017-5204",
        "CVE-2017-5205",
        "CVE-2017-5341",
        "CVE-2017-5342",
        "CVE-2017-5482",
        "CVE-2017-5483",
        "CVE-2017-5484",
        "CVE-2017-5485",
        "CVE-2017-5486",
        "CVE-2017-6974",
        "CVE-2017-7070"
      );
      script_bugtraq_id(
        85919,
        91247,
        91816,
        94572,
        94650,
        94742,
        94744,
        94745,
        94746,
        94747,
        94753,
        94754,
        94846,
        94968,
        94972,
        94975,
        94977,
        95019,
        95076,
        95077,
        95078,
        95375,
        95764,
        95768,
        95774,
        95783,
        95852,
        96767,
        97132,
        97134,
        97137,
        97140,
        97146,
        97147,
        97300,
        97301,
        97303
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-3");
      script_xref(name:"CERT", value:"797896");
      script_xref(name:"EDB-ID", value:"40961");
      script_xref(name:"EDB-ID", value:"40962");
    
      script_name(english:"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)");
      script_summary(english:"Checks the version of macOS.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS update that fixes multiple security
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of macOS that is 10.12.x prior to
    10.12.4. It is, therefore, affected by multiple vulnerabilities in
    multiple components, some of which are remote code execution
    vulnerabilities. An unauthenticated, remote attacker can exploit these
    remote code execution vulnerabilities by convincing a user to visit a
    specially crafted website, resulting in the execution of arbitrary
    code in the context of the current user. The affected components are
    as follows :
    
      - apache
      - apache_mod_php
      - AppleGraphicsPowerManagement
      - AppleRAID
      - Audio
      - Bluetooth
      - Carbon
      - CoreGraphics
      - CoreMedia
      - CoreText
      - curl
      - EFI
      - FinderKit
      - FontParser
      - HTTPProtocol
      - Hypervisor
      - iBooks
      - ImageIO
      - Intel Graphics Driver
      - IOATAFamily
      - IOFireWireAVC
      - IOFireWireFamily
      - Kernel
      - Keyboards
      - libarchive
      - libc++abi
      - LibreSSL
      - MCX Client
      - Menus
      - Multi-Touch
      - OpenSSH
      - OpenSSL
      - Printing
      - python
      - QuickTime
      - Security
      - SecurityFoundation
      - sudo
      - System Integrity Protection
      - tcpdump
      - tiffutil
      - WebKit");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207615");
      # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddb4db4a");
      script_set_attribute(attribute:"see_also", value:"https://httpoxy.org");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to macOS version 10.12.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/31");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
      script_require_ports("Host/MacOSX/Version", "Host/OS");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item_or_exit("Host/OS");
      if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
    matches = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
    if (isnull(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");
    
    version = matches[1];
    if (version !~ "^10\.12($|[^0-9])") audit(AUDIT_OS_NOT, "Mac OS 10.12.x");
    
    fixed_version = "10.12.4";
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      security_report_v4(
        port:0,
        severity:SECURITY_HOLE,
        xss:TRUE,
        extra:
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version +
          '\n'
      );
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1044.NASL
    descriptionAccording to the versions of the compat-libtiff3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014 -8130,CVE-2014-9655) - A flaw was discovered in the bmp2tiff utility. By tricking a user into processing a specially crafted file, a remote attacker could exploit this flaw to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201 5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20 16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2 015-8683) - tools/tiffcp.c in libtiff has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka
    last seen2020-05-06
    modified2017-05-01
    plugin id99889
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99889
    titleEulerOS 2.0 SP1 : compat-libtiff3 (EulerOS-SA-2017-1044)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99889);
      script_version("1.14");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2014-8127",
        "CVE-2014-8129",
        "CVE-2014-8130",
        "CVE-2014-9330",
        "CVE-2014-9655",
        "CVE-2015-1547",
        "CVE-2015-7554",
        "CVE-2015-8665",
        "CVE-2015-8668",
        "CVE-2015-8683",
        "CVE-2015-8781",
        "CVE-2015-8784",
        "CVE-2016-3632",
        "CVE-2016-3945",
        "CVE-2016-3990",
        "CVE-2016-3991",
        "CVE-2016-5320",
        "CVE-2016-5652",
        "CVE-2016-9533",
        "CVE-2016-9534",
        "CVE-2016-9535",
        "CVE-2016-9536",
        "CVE-2016-9537",
        "CVE-2016-9540"
      );
      script_bugtraq_id(
        71789,
        72323,
        72352,
        72353,
        73438,
        73441
      );
    
      script_name(english:"EulerOS 2.0 SP1 : compat-libtiff3 (EulerOS-SA-2017-1044)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the compat-libtiff3 package installed,
    the EulerOS installation on the remote host is affected by the
    following vulnerabilities :
    
      - The (1) putcontig8bitYCbCr21tile function in
        tif_getimage.c or (2) NeXTDecode function in tif_next.c
        in LibTIFF allows remote attackers to cause a denial of
        service (uninitialized memory access) via a crafted
        TIFF image, as demonstrated by libtiff-cvs-1.tif and
        libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014
        -8130,CVE-2014-9655)
    
      - A flaw was discovered in the bmp2tiff utility. By
        tricking a user into processing a specially crafted
        file, a remote attacker could exploit this flaw to
        cause a crash or memory corruption and, possibly,
        execute arbitrary code with the privileges of the user
        running the libtiff
        tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201
        5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20
        16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2
        015-8683)
    
      - tools/tiffcp.c in libtiff has an out-of-bounds write on
        tiled images with odd tile width versus image width.
        Reported as MSVR 35103, aka 'cpStripToTile
        heap-buffer-overflow.'(CVE-2016-9540)
    
      - tif_predict.h and tif_predict.c in libtiff have
        assertions that can lead to assertion failures in debug
        mode, or buffer overflows in release mode, when dealing
        with unusual tile size like YCbCr with subsampling.
        Reported as MSVR 35105, aka 'Predictor
        heap-buffer-overflow.'(CVE-2016-9535,CVE-2016-9533,CVE-
        2016-9534,CVE-2016-9536,CVE-2016-9537)
    
      - The NeXTDecode function in tif_next.c in LibTIFF allows
        remote attackers to cause a denial of service
        (uninitialized memory access) via a crafted TIFF image,
        as demonstrated by libtiff5.tif.(CVE-2015-1547)
    
      - The NeXTDecode function in tif_next.c in LibTIFF allows
        remote attackers to cause a denial of service
        (out-of-bounds write) via a crafted TIFF image, as
        demonstrated by libtiff5.tif.(CVE-2015-8784)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1044
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11ee83d6");
      script_set_attribute(attribute:"solution", value:
    "Update the affected compat-libtiff3 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:compat-libtiff3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["compat-libtiff3-3.9.4-11.h19"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-libtiff3");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3212-1.NASL
    descriptionIt was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97434
    published2017-02-28
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97434
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 : tiff vulnerabilities (USN-3212-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3212-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97434);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2015-7554", "CVE-2015-8668", "CVE-2016-10092", "CVE-2016-10093", "CVE-2016-10094", "CVE-2016-3622", "CVE-2016-3623", "CVE-2016-3624", "CVE-2016-3632", "CVE-2016-3658", "CVE-2016-3945", "CVE-2016-3990", "CVE-2016-3991", "CVE-2016-5314", "CVE-2016-5315", "CVE-2016-5316", "CVE-2016-5317", "CVE-2016-5320", "CVE-2016-5321", "CVE-2016-5322", "CVE-2016-5323", "CVE-2016-5652", "CVE-2016-5875", "CVE-2016-6223", "CVE-2016-8331", "CVE-2016-9273", "CVE-2016-9297", "CVE-2016-9448", "CVE-2016-9453", "CVE-2016-9532", "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-9539", "CVE-2016-9540", "CVE-2017-5225");
      script_xref(name:"USN", value:"3212-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : tiff vulnerabilities (USN-3212-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that LibTIFF incorrectly handled certain malformed
    images. If a user or automated system were tricked into opening a
    specially crafted image, a remote attacker could crash the
    application, leading to a denial of service, or possibly execute
    arbitrary code with user privileges.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3212-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtiff-tools and / or libtiff5 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libtiff-tools", pkgver:"4.0.3-7ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libtiff5", pkgver:"4.0.3-7ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libtiff-tools", pkgver:"4.0.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libtiff5", pkgver:"4.0.6-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"libtiff-tools", pkgver:"4.0.6-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"libtiff5", pkgver:"4.0.6-2ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff-tools / libtiff5");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0037.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix patch for (CVE-2016-5652) - Related: #1412078 - Fix CWE-476 defect found by covscan - Related: #1412078 - Add patches for CVEs : - CVE-2016-9533 CVE-2016-9534 (CVE-2016-9535) - CVE-2016-9536 CVE-2016-9537 (CVE-2016-9540) - (CVE-2016-5652) - Resolves: #1412078
    last seen2020-06-01
    modified2020-06-02
    plugin id96947
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96947
    titleOracleVM 3.3 : libtiff (OVMSA-2017-0037)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0037.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96947);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2016-5652", "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9540");
    
      script_name(english:"OracleVM 3.3 : libtiff (OVMSA-2017-0037)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Fix patch for (CVE-2016-5652)
    
      - Related: #1412078
    
      - Fix CWE-476 defect found by covscan
    
      - Related: #1412078
    
      - Add patches for CVEs :
    
      - CVE-2016-9533 CVE-2016-9534 (CVE-2016-9535)
    
      - CVE-2016-9536 CVE-2016-9537 (CVE-2016-9540)
    
      - (CVE-2016-5652)
    
      - Resolves: #1412078"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000644.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?925285d7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtiff package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:libtiff");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"libtiff-3.9.4-21.el6_8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0036.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix patch for (CVE-2016-5652) - Related: #1412078 - Fix CWE-476 defect found by covscan - Related: #1412078 - Add patches for CVEs : - CVE-2016-9533 CVE-2016-9534 (CVE-2016-9535) - CVE-2016-9536 CVE-2016-9537 (CVE-2016-9540) - (CVE-2016-5652) - Resolves: #1412078
    last seen2020-06-01
    modified2020-06-02
    plugin id96946
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96946
    titleOracleVM 3.4 : libtiff (OVMSA-2017-0036)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0036.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96946);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2016-5652", "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9540");
    
      script_name(english:"OracleVM 3.4 : libtiff (OVMSA-2017-0036)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Fix patch for (CVE-2016-5652)
    
      - Related: #1412078
    
      - Fix CWE-476 defect found by covscan
    
      - Related: #1412078
    
      - Add patches for CVEs :
    
      - CVE-2016-9533 CVE-2016-9534 (CVE-2016-9535)
    
      - CVE-2016-9536 CVE-2016-9537 (CVE-2016-9540)
    
      - (CVE-2016-5652)
    
      - Resolves: #1412078"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000643.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f3e89300"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtiff package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:libtiff");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"libtiff-3.9.4-21.el6_8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1020.NASL
    descriptionAccording to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) - Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99866
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99866
    titleEulerOS 2.0 SP2 : libtiff (EulerOS-SA-2017-1020)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99866);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2015-8870",
        "CVE-2016-5652",
        "CVE-2016-9533",
        "CVE-2016-9534",
        "CVE-2016-9535",
        "CVE-2016-9536",
        "CVE-2016-9537",
        "CVE-2016-9540"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : libtiff (EulerOS-SA-2017-1020)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the libtiff packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - Multiple flaws have been discovered in libtiff. A
        remote attacker could exploit these flaws to cause a
        crash or memory corruption and, possibly, execute
        arbitrary code by tricking an application linked
        against libtiff into processing specially crafted
        files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)
    
      - Multiple flaws have been discovered in various libtiff
        tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By
        tricking a user into processing a specially crafted
        file, a remote attacker could exploit these flaws to
        cause a crash or memory corruption and, possibly,
        execute arbitrary code with the privileges of the user
        running the libtiff tool. (CVE-2015-8870,
        CVE-2016-5652, CVE-2016-9540, CVE-2016-9537,
        CVE-2016-9536)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1020
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6bf55055");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libtiff packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtiff-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libtiff-4.0.3-27",
            "libtiff-devel-4.0.3-27"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0225.NASL
    descriptionAn update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)
    last seen2020-06-01
    modified2020-06-02
    plugin id96929
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96929
    titleCentOS 6 / 7 : libtiff (CESA-2017:0225)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0225 and 
    # CentOS Errata and Security Advisory 2017:0225 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96929);
      script_version("3.6");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2015-8870", "CVE-2016-5652", "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9540");
      script_xref(name:"RHSA", value:"2017:0225");
    
      script_name(english:"CentOS 6 / 7 : libtiff (CESA-2017:0225)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for libtiff is now available for Red Hat Enterprise Linux 6
    and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The libtiff packages contain a library of functions for manipulating
    Tagged Image File Format (TIFF) files.
    
    Security Fix(es) :
    
    * Multiple flaws have been discovered in libtiff. A remote attacker
    could exploit these flaws to cause a crash or memory corruption and,
    possibly, execute arbitrary code by tricking an application linked
    against libtiff into processing specially crafted files.
    (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)
    
    * Multiple flaws have been discovered in various libtiff tools
    (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into
    processing a specially crafted file, a remote attacker could exploit
    these flaws to cause a crash or memory corruption and, possibly,
    execute arbitrary code with the privileges of the user running the
    libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540,
    CVE-2016-9537, CVE-2016-9536)"
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-February/022259.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e90f7f98"
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-February/022261.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cdca795b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtiff packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9533");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtiff-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtiff-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libtiff-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x / 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"libtiff-3.9.4-21.el6_8")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"libtiff-devel-3.9.4-21.el6_8")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"libtiff-static-3.9.4-21.el6_8")) flag++;
    
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libtiff-4.0.3-27.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libtiff-devel-4.0.3-27.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libtiff-static-4.0.3-27.el7_3")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libtiff-tools-4.0.3-27.el7_3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel / libtiff-static / libtiff-tools");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0225.NASL
    descriptionFrom Red Hat Security Advisory 2017:0225 : An update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)
    last seen2020-06-01
    modified2020-06-02
    plugin id96945
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96945
    titleOracle Linux 6 / 7 : libtiff (ELSA-2017-0225)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2017:0225 and 
    # Oracle Linux Security Advisory ELSA-2017-0225 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96945);
      script_version("3.4");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2015-8870", "CVE-2016-5652", "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9540");
      script_xref(name:"RHSA", value:"2017:0225");
    
      script_name(english:"Oracle Linux 6 / 7 : libtiff (ELSA-2017-0225)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2017:0225 :
    
    An update for libtiff is now available for Red Hat Enterprise Linux 6
    and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The libtiff packages contain a library of functions for manipulating
    Tagged Image File Format (TIFF) files.
    
    Security Fix(es) :
    
    * Multiple flaws have been discovered in libtiff. A remote attacker
    could exploit these flaws to cause a crash or memory corruption and,
    possibly, execute arbitrary code by tricking an application linked
    against libtiff into processing specially crafted files.
    (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)
    
    * Multiple flaws have been discovered in various libtiff tools
    (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into
    processing a specially crafted file, a remote attacker could exploit
    these flaws to cause a crash or memory corruption and, possibly,
    execute arbitrary code with the privileges of the user running the
    libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540,
    CVE-2016-9537, CVE-2016-9536)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-February/006688.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-February/006689.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtiff packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtiff-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"libtiff-3.9.4-21.el6_8")) flag++;
    if (rpm_check(release:"EL6", reference:"libtiff-devel-3.9.4-21.el6_8")) flag++;
    if (rpm_check(release:"EL6", reference:"libtiff-static-3.9.4-21.el6_8")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtiff-4.0.3-27.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtiff-devel-4.0.3-27.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtiff-static-4.0.3-27.el7_3")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtiff-tools-4.0.3-27.el7_3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel / libtiff-static / libtiff-tools");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FB74EACCEC8A11E6BC8A0011D823EEBD.NASL
    descriptionlibtiff project reports : Multiple flaws have been discovered in libtiff library and utilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id97035
    published2017-02-07
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97035
    titleFreeBSD : tiff -- multiple vulnerabilities (fb74eacc-ec8a-11e6-bc8a-0011d823eebd)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97035);
      script_version("3.3");
      script_cvs_date("Date: 2018/11/10 11:49:46");
    
      script_cve_id("CVE-2015-8870", "CVE-2016-5652", "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9540");
    
      script_name(english:"FreeBSD : tiff -- multiple vulnerabilities (fb74eacc-ec8a-11e6-bc8a-0011d823eebd)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libtiff project reports :
    
    Multiple flaws have been discovered in libtiff library and utilities."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://simplesystems.org/libtiff/v4.0.7.html"
      );
      # https://vuxml.freebsd.org/freebsd/fb74eacc-ec8a-11e6-bc8a-0011d823eebd.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?09c82037"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c6-libtiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c6-tiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c7-libtiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c7-tiff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:tiff");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"tiff<4.0.7")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-c6-libtiff<3.9.4_5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-c6-tiff<3.9.4_5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-c7-libtiff<4.0.3_3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-c7-tiff<4.0.3_3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1043.NASL
    descriptionAccording to the versions of the compat-libtiff3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014 -8130,CVE-2014-9655) - A flaw was discovered in the bmp2tiff utility. By tricking a user into processing a specially crafted file, a remote attacker could exploit this flaw to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201 5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20 16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2 015-8683) - tools/tiffcp.c in libtiff has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka
    last seen2020-05-06
    modified2017-05-01
    plugin id99888
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99888
    titleEulerOS 2.0 SP2 : compat-libtiff3 (EulerOS-SA-2017-1043)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-795.NASL
    descriptionNumerous security vulnerabilities have been found through fuzzing on various tiff-related binaries. Crafted TIFF images allows remote attacks to cause denial of service or, in certain cases arbitrary code execution through divide-by-zero, out of bunds write, integer and heap overflow. CVE-2016-3622 The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. CVE-2016-3623 The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. (Fixed along with CVE-2016-3624.) CVE-2016-3624 The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the
    last seen2020-03-17
    modified2017-01-24
    plugin id96704
    published2017-01-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96704
    titleDebian DLA-795-1 : tiff security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170201_LIBTIFF_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) - Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)
    last seen2020-03-18
    modified2017-02-03
    plugin id96974
    published2017-02-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96974
    titleScientific Linux Security Update : libtiff on SL6.x, SL7.x i386/x86_64 (20170201)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0225.NASL
    descriptionAn update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es) : * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101417
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101417
    titleVirtuozzo 7 : libtiff / libtiff-devel / libtiff-static / etc (VZLSA-2017-0225)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-802.NASL
    descriptionMultiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533 , CVE-2016-9534 , CVE-2016-9535) Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870 , CVE-2016-5652 , CVE-2016-9540 , CVE-2016-9537 , CVE-2016-9536)
    last seen2020-06-01
    modified2020-06-02
    plugin id97554
    published2017-03-07
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97554
    titleAmazon Linux AMI : libtiff / compat-libtiff3 (ALAS-2017-802)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1019.NASL
    descriptionAccording to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) - Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99865
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99865
    titleEulerOS 2.0 SP1 : libtiff (EulerOS-SA-2017-1019)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3762.NASL
    descriptionMultiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code. There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, thumbnail and ras2tiff, but since these were addressed by the libtiff developers by removing the tools altogether, no patches are available and those tools were also removed from the tiff package in Debian stable. The change had already been made in Debian stretch before and no applications included in Debian are known to rely on these scripts. If you use those tools in custom setups, consider using a different conversion/thumbnailing tool.
    last seen2020-06-01
    modified2020-06-02
    plugin id96495
    published2017-01-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96495
    titleDebian DSA-3762-1 : tiff - security update

Redhat

advisories
rhsa
idRHSA-2017:0225
rpms
  • libtiff-0:3.9.4-21.el6_8
  • libtiff-0:4.0.3-27.el7_3
  • libtiff-debuginfo-0:3.9.4-21.el6_8
  • libtiff-debuginfo-0:4.0.3-27.el7_3
  • libtiff-devel-0:3.9.4-21.el6_8
  • libtiff-devel-0:4.0.3-27.el7_3
  • libtiff-static-0:3.9.4-21.el6_8
  • libtiff-static-0:4.0.3-27.el7_3
  • libtiff-tools-0:4.0.3-27.el7_3