9.3 - GLSA-200812-01

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	OptiPNG: User-assisted execution of arbitrary code

Informations
Name	GLSA-200812-01	First vendor Publication	2008-12-02
Vendor	Gentoo	Last vendor Modification	2008-12-02
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code.

Background

OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information.

Description

A buffer overflow in the BMP reader in OptiPNG has been reported.

Impact

A remote attacker could entice a user to process a specially crafted BMP image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All OptiPNG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2"

References

[ 1 ] CVE-2008-5101 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200812-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200812-01.xml

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10058

Oval ID:	oval:org.mitre.oval:def:10058
Title:	Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
Description:	Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-5286	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section cups-devel is earlier than 1:1.1.17-13.3.55 AND cups is earlier than 1:1.1.17-13.3.55 AND cups-libs is earlier than 1:1.1.17-13.3.55

Definition Id: oval:org.mitre.oval:def:20149

Oval ID:	oval:org.mitre.oval:def:20149
Title:	DSA-1677-1 cupsys - arbitrary code execution
Description:	An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1677-1 CVE-2008-5286	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	cupsys
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND cupsys DPKG is earlier than 0:1.2.7-4etch6

Definition Id: oval:org.mitre.oval:def:8231

Oval ID:	oval:org.mitre.oval:def:8231
Title:	DSA-1677 cupsys -- integer overflow
Description:	An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1677 CVE-2008-5286	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	cupsys
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section libcupsys2-gnutls10 is earlier than 1.2.7-4etch6 AND cupsys-common is earlier than 1.2.7-4etch6 AND cupsys-bsd is earlier than 1.2.7-4etch6 AND cupsys-client is earlier than 1.2.7-4etch6 AND libcupsys2-dev is earlier than 1.2.7-4etch6 AND libcupsimage2-dev is earlier than 1.2.7-4etch6 AND libcupsimage2 is earlier than 1.2.7-4etch6 AND cupsys-dbg is earlier than 1.2.7-4etch6 AND cupsys is earlier than 1.2.7-4etch6 AND libcupsys2 is earlier than 1.2.7-4etch6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Cups cpe:2.3:a:apple:cups:1.3.9:::::::* cpe:2.3:a:apple:cups:1.3.8:::::::* cpe:2.3:a:apple:cups:1.3.7:::::::* cpe:2.3:a:apple:cups:1.3.6:::::::* cpe:2.3:a:apple:cups:1.3.5:::::::* cpe:2.3:a:apple:cups:1.3.4:::::::* cpe:2.3:a:apple:cups:1.3.3:::::::* cpe:2.3:a:apple:cups:1.3.2:::::::* cpe:2.3:a:apple:cups:1.3.1:::::::* cpe:2.3:a:apple:cups:1.3.0:::::::* cpe:2.3:a:apple:cups:1.3:rc2:::::: cpe:2.3:a:apple:cups:1.3:b1:::::: cpe:2.3:a:apple:cups:1.3:rc1:::::: cpe:2.3:a:apple:cups:1.2.9:::::::* cpe:2.3:a:apple:cups:1.2.8:::::::* cpe:2.3:a:apple:cups:1.2.7:::::::* cpe:2.3:a:apple:cups:1.2.6:::::::* cpe:2.3:a:apple:cups:1.2.5:::::::* cpe:2.3:a:apple:cups:1.2.4:::::::* cpe:2.3:a:apple:cups:1.2.3:::::::* cpe:2.3:a:apple:cups:1.2.2:::::::* cpe:2.3:a:apple:cups:1.2.12:::::::* cpe:2.3:a:apple:cups:1.2.11:::::::* cpe:2.3:a:apple:cups:1.2.10:::::::* cpe:2.3:a:apple:cups:1.2.1:::::::* cpe:2.3:a:apple:cups:1.2.0:::::::* cpe:2.3:a:apple:cups:1.2:b1:::::: cpe:2.3:a:apple:cups:1.2:rc2:::::: cpe:2.3:a:apple:cups:1.2:rc3:::::: cpe:2.3:a:apple:cups:1.2:b2:::::: cpe:2.3:a:apple:cups:1.2:rc1:::::: cpe:2.3:a:apple:cups:1.1.23:::::::* cpe:2.3:a:apple:cups:1.1.23:rc1:::::: cpe:2.3:a:apple:cups:1.1.22:::::::* cpe:2.3:a:apple:cups:1.1.22:rc2:::::: cpe:2.3:a:apple:cups:1.1.22:rc1:::::: cpe:2.3:a:apple:cups:1.1.21:rc1:::::: cpe:2.3:a:apple:cups:1.1.21:rc2:::::: cpe:2.3:a:apple:cups:1.1.21:::::::* cpe:2.3:a:apple:cups:1.1.20:rc6:::::: cpe:2.3:a:apple:cups:1.1.20:rc3:::::: cpe:2.3:a:apple:cups:1.1.20:rc1:::::: cpe:2.3:a:apple:cups:1.1.20:rc2:::::: cpe:2.3:a:apple:cups:1.1.20:rc4:::::: cpe:2.3:a:apple:cups:1.1.20:rc5:::::: cpe:2.3:a:apple:cups:1.1.20:::::::* cpe:2.3:a:apple:cups:1.1.19:::::::* cpe:2.3:a:apple:cups:1.1.19:rc4:::::: cpe:2.3:a:apple:cups:1.1.19:rc5:::::: cpe:2.3:a:apple:cups:1.1.19:rc2:::::: cpe:2.3:a:apple:cups:1.1.19:rc3:::::: cpe:2.3:a:apple:cups:1.1.19:rc1:::::: cpe:2.3:a:apple:cups:1.1.18:::::::* cpe:2.3:a:apple:cups:1.1.17:::::::*	54
Application	Optipng cpe:2.3:a:optipng:optipng:0.6.1:::::::* cpe:2.3:a:optipng:optipng:0.6:::::::*	2

OpenVAS Exploits

Date	Description
2009-12-10	Name : Fedora Core 10 FEDORA-2009-11062 (cups) File : nvt/fcore_2009_11062.nasl
2009-12-10	Name : Fedora Core 10 FEDORA-2009-12652 (cups) File : nvt/fcore_2009_12652.nasl
2009-10-13	Name : SLES10: Security update for Cups File : nvt/sles10_cups.nasl
2009-10-10	Name : SLES9: Security update for Cups File : nvt/sles9p5041140.nasl
2009-06-05	Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl
2009-04-28	Name : Fedora Core 10 FEDORA-2009-3769 (cups) File : nvt/fcore_2009_3769.nasl
2009-04-28	Name : Fedora Core 9 FEDORA-2009-3753 (cups) File : nvt/fcore_2009_3753.nasl
2009-03-13	Name : SuSE Security Summary SUSE-SR:2009:006 File : nvt/suse_sr_2009_006.nasl
2009-03-06	Name : RedHat Update for cups RHSA-2008:1028-01 File : nvt/gb_RHSA-2008_1028-01_cups.nasl
2009-02-27	Name : CentOS Update for cups CESA-2008:1028 centos3 i386 File : nvt/gb_CESA-2008_1028_cups_centos3_i386.nasl
2009-02-27	Name : CentOS Update for cups CESA-2008:1028 centos3 x86_64 File : nvt/gb_CESA-2008_1028_cups_centos3_x86_64.nasl
2009-02-16	Name : Fedora Update for cups FEDORA-2008-10895 File : nvt/gb_fedora_2008_10895_cups_fc10.nasl
2009-02-16	Name : Fedora Update for cups FEDORA-2008-10911 File : nvt/gb_fedora_2008_10911_cups_fc8.nasl
2009-02-16	Name : Fedora Update for cups FEDORA-2008-10917 File : nvt/gb_fedora_2008_10917_cups_fc9.nasl
2009-01-20	Name : FreeBSD Ports: optipng File : nvt/freebsd_optipng.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:002 File : nvt/suse_sr_2009_002.nasl
2008-12-23	Name : Gentoo Security Advisory GLSA 200812-11 (cups) File : nvt/glsa_200812_11.nasl
2008-12-10	Name : Debian Security Advisory DSA 1677-1 (cupsys) File : nvt/deb_1677_1.nasl
2008-12-03	Name : FreeBSD Ports: cups-base File : nvt/freebsd_cups-base7.nasl
2008-12-03	Name : Gentoo Security Advisory GLSA 200812-01 (optipng) File : nvt/glsa_200812_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
50494	CUPS _cupsImageReadPNG Function PNG File Handling Overflow
49745	OptiPNG BMP Reader Crafted File Handling Overflow

Snort® IPS/IDS

Date	Description
2014-01-10	Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow at... RuleID : 15146 - Revision : 6 - Type : SERVER-OTHER
2014-01-10	Apple CUPS TrueColor PNG filter overly large image height integer overflow at... RuleID : 15145 - Revision : 9 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1028.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081215_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-5845.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12317.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_optipng-090303.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_optipng-090304.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-081203.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-707-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-028.nasl - Type : ACT_GATHER_INFO
2009-04-17	Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_3_10.nasl - Type : ACT_GATHER_INFO
2009-03-06	Name : The remote openSUSE host is missing a security update. File : suse_optipng-6038.nasl - Type : ACT_GATHER_INFO
2009-01-20	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_2bc960c4e66511ddafcd00e0815b8da8.nasl - Type : ACT_GATHER_INFO
2009-01-14	Name : The remote openSUSE host is missing a security update. File : suse_cups-5838.nasl - Type : ACT_GATHER_INFO
2008-12-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1028.nasl - Type : ACT_GATHER_INFO
2008-12-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1028.nasl - Type : ACT_GATHER_INFO
2008-12-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-11.nasl - Type : ACT_GATHER_INFO
2008-12-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-01.nasl - Type : ACT_GATHER_INFO
2008-12-03	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1677.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_87106b67be1311dda5780030843d3802.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:36:08	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	3
CPE ID(s)	56
osvdb(s)	2
Openvas Exploit(s)	20
Snort® Rule(s)	2
Nessus® Exploit(s)	19

	Related
9.3	CVE-2008-5101
7.5	CVE-2008-5286
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)