Detections
Analytics
NewStart CGSL MAIN 6.02 : libtiff Multiple Vulnerabilities (NS-SA-2024-0051)
high Nessus Plugin ID 206852
Synopsis
The remote NewStart CGSL host is affected by multiple vulnerabilities.Description
The remote NewStart CGSL host, running version MAIN 6.02, has libtiff packages installed that are affected by multiple vulnerabilities:- Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. (CVE-2006-2193)
- Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context- dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). (CVE-2006-3460)
- Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. (CVE-2006-3461)
- Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. (CVE-2006-3462)
- The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. (CVE-2006-3463)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the vulnerable CGSL libtiff packages. Note that updated packages may not be available yet. Please contact ZTE for more information.See Also
https://security.gd-linux.com/notice/NS-SA-2024-0051
https://security.gd-linux.com/info/CVE-2006-2193
https://security.gd-linux.com/info/CVE-2006-3460
https://security.gd-linux.com/info/CVE-2006-3461
https://security.gd-linux.com/info/CVE-2006-3462
https://security.gd-linux.com/info/CVE-2006-3463
https://security.gd-linux.com/info/CVE-2006-3464
https://security.gd-linux.com/info/CVE-2006-3465
https://security.gd-linux.com/info/CVE-2008-2327
https://security.gd-linux.com/info/CVE-2009-2285
https://security.gd-linux.com/info/CVE-2009-2347
https://security.gd-linux.com/info/CVE-2009-5022
https://security.gd-linux.com/info/CVE-2010-1411
https://security.gd-linux.com/info/CVE-2010-2065
https://security.gd-linux.com/info/CVE-2011-0192
https://security.gd-linux.com/info/CVE-2011-1167
https://security.gd-linux.com/info/CVE-2012-1173
https://security.gd-linux.com/info/CVE-2012-2088
https://security.gd-linux.com/info/CVE-2012-2113
https://security.gd-linux.com/info/CVE-2012-3401
https://security.gd-linux.com/info/CVE-2012-4447
https://security.gd-linux.com/info/CVE-2012-4564
https://security.gd-linux.com/info/CVE-2012-5581
https://security.gd-linux.com/info/CVE-2013-1960
https://security.gd-linux.com/info/CVE-2013-1961
https://security.gd-linux.com/info/CVE-2013-4231
https://security.gd-linux.com/info/CVE-2013-4232
https://security.gd-linux.com/info/CVE-2013-4243
https://security.gd-linux.com/info/CVE-2013-4244
https://security.gd-linux.com/info/CVE-2014-9655
https://security.gd-linux.com/info/CVE-2015-1547
https://security.gd-linux.com/info/CVE-2017-18013
https://security.gd-linux.com/info/CVE-2017-9935
https://security.gd-linux.com/info/CVE-2018-10963
https://security.gd-linux.com/info/CVE-2018-17100
https://security.gd-linux.com/info/CVE-2018-18557
https://security.gd-linux.com/info/CVE-2018-18661
https://security.gd-linux.com/info/CVE-2018-5784
https://security.gd-linux.com/info/CVE-2018-7456
https://security.gd-linux.com/info/CVE-2018-8905
https://security.gd-linux.com/info/CVE-2020-35521
https://security.gd-linux.com/info/CVE-2020-35522
https://security.gd-linux.com/info/CVE-2020-35523
https://security.gd-linux.com/info/CVE-2020-35524
https://security.gd-linux.com/info/CVE-2023-26965
Plugin Details
Severity: High
ID: 206852
File Name: newstart_cgsl_NS-SA-2024-0051_libtiff.nasl
Version: 1.1
Type: local
Published: 9/10/2024
Updated: 9/10/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2013-1961
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2018-8905
Vulnerability Information
CPE: p-cpe:/a:zte:cgsl_main:libtiff-devel, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:libtiff
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/3/2024
Vulnerability Publication Date: 6/8/2006
Reference Information
CVE: CVE-2006-2193, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465, CVE-2008-2327, CVE-2009-2285, CVE-2009-2347, CVE-2009-5022, CVE-2010-1411, CVE-2010-2065, CVE-2011-0192, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088, CVE-2012-2113, CVE-2012-3401, CVE-2012-4447, CVE-2012-4564, CVE-2012-5581, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244, CVE-2014-9655, CVE-2015-1547, CVE-2017-18013, CVE-2017-9935, CVE-2018-10963, CVE-2018-17100, CVE-2018-18557, CVE-2018-18661, CVE-2018-5784, CVE-2018-7456, CVE-2018-8905, CVE-2020-35521, CVE-2020-35522, CVE-2020-35523, CVE-2020-35524, CVE-2023-26965, CVE-2023-3316, CVE-2023-3618