Vulnerabilities > CVE-2002-0838 - Buffer Overflow vulnerability in GV Malformed PDF/PS File
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 4 | |
| Application | 18 |
Exploit-Db
description GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability (2). CVE-2002-0838. Local exploit for linux platform id EDB-ID:21872 last seen 2016-02-02 modified 2002-09-26 published 2002-09-26 reporter infamous42md source https://www.exploit-db.com/download/21872/ title GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability 2 description GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability (1). CVE-2002-0838. Local exploit for linux platform id EDB-ID:21871 last seen 2016-02-02 modified 2002-09-26 published 2002-09-26 reporter zen-parse source https://www.exploit-db.com/download/21871/ title GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability 1
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-176.NASL description Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. last seen 2020-06-01 modified 2020-06-02 plugin id 15013 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15013 title Debian DSA-176-1 : gv - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-176. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15013); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0838"); script_bugtraq_id(5808); script_xref(name:"DSA", value:"176"); script_name(english:"Debian DSA-176-1 : gv - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-176" ); script_set_attribute( attribute:"solution", value: "Upgrade the gv package. This problem has been fixed in version 3.5.8-26.1 for the current stable distribution (woody), in version 3.5.8-17.1 for the old stable distribution (potato) and version 3.5.8-27 for the unstable distribution (sid)." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"gv", reference:"3.5.8-17.1")) flag++; if (deb_check(release:"3.0", prefix:"gv", reference:"3.5.8-26.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-069.NASL description A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 13969 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13969 title Mandrake Linux Security Advisory : gv (MDKSA-2002:069) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:069. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13969); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0838"); script_xref(name:"MDKSA", value:"2002:069"); script_name(english:"Mandrake Linux Security Advisory : gv (MDKSA-2002:069)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities." ); script_set_attribute( attribute:"solution", value:"Update the affected ggv and / or gv packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ggv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/10/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"ggv-1.1.0-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"gv-3.5.8-18.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"ggv-1.1.0-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"gv-3.5.8-27.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"ggv-1.1.94-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"gv-3.5.8-27.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"ggv-1.99.9-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"gv-3.5.8-27.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-211.NASL description Updated packages for gv, ggv, and kdegraphics fix a local buffer overflow when reading malformed PDF or PostScript files. [Updated 07 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 Gv and ggv are user interfaces for the Ghostscript PostScript(R) interpreter used to display PostScript and PDF documents on an X Window System. KGhostview is the PostScript viewer for the K Desktop Environment. Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier. An attacker can create a carefully crafted malformed PDF or PostScript file in such a way that when that file is viewed arbitrary commands can be executed. ggv and kghostview contain code derived from gv and therefore have the same vulnerability. All users of gv, ggv, and kghostview are advised to upgrade to the errata packages which contain patches to correct the vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 12325 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12325 title RHEL 2.1 : ggv (RHSA-2002:211) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2002:211. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12325); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2002-0838"); script_xref(name:"RHSA", value:"2002:211"); script_name(english:"RHEL 2.1 : ggv (RHSA-2002:211)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated packages for gv, ggv, and kdegraphics fix a local buffer overflow when reading malformed PDF or PostScript files. [Updated 07 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 Gv and ggv are user interfaces for the Ghostscript PostScript(R) interpreter used to display PostScript and PDF documents on an X Window System. KGhostview is the PostScript viewer for the K Desktop Environment. Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier. An attacker can create a carefully crafted malformed PDF or PostScript file in such a way that when that file is viewed arbitrary commands can be executed. ggv and kghostview contain code derived from gv and therefore have the same vulnerability. All users of gv, ggv, and kghostview are advised to upgrade to the errata packages which contain patches to correct the vulnerability." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-0838" ); # http://marc.theaimsgroup.com/?l=bugtraq&m=103305778615625&w=2 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=103305778615625&w=2" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2002:211" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ggv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2002:211"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ggv-1.0.2-5.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"gv-3.5.8-18.7x")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegraphics-2.2.2-2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegraphics-devel-2.2.2-2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ggv / gv / kdegraphics / kdegraphics-devel"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-182.NASL description Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in kghostview which is part of the KDE-Graphics package. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. last seen 2020-06-01 modified 2020-06-02 plugin id 15019 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15019 title Debian DSA-182-1 : kdegraphics - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-182. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15019); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0838"); script_bugtraq_id(5808); script_xref(name:"DSA", value:"182"); script_name(english:"Debian DSA-182-1 : kdegraphics - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in kghostview which is part of the KDE-Graphics package. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-182" ); script_set_attribute( attribute:"solution", value: "Upgrade the kghostview package. This problem has been fixed in version 2.2.2-6.8 for the current stable distribution (woody) and in version 2.2.2-6.9 for the unstable distribution (sid). The old stable distribution (potato) is not affected since no KDE is included." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kamera", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"kcoloredit", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"kfract", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"kghostview", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"kiconedit", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"kooka", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"kpaint", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"kruler", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"ksnapshot", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"kview", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"libkscan-dev", reference:"2.2.2-6.8")) flag++; if (deb_check(release:"3.0", prefix:"libkscan1", reference:"2.2.2-6.8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-071.NASL description A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages. last seen 2020-06-01 modified 2020-06-02 plugin id 13971 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13971 title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2002:071) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:071. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13971); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0836", "CVE-2002-0838", "CVE-2002-1223"); script_xref(name:"MDKSA", value:"2002:071"); script_name(english:"Mandrake Linux Security Advisory : kdegraphics (MDKSA-2002:071)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages." ); script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20021008-1.txt" ); script_set_attribute( attribute:"solution", value: "Update the affected kdegraphics, kdegraphics-devel and / or kdegraphics-static-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/10/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kdegraphics-2.2.1-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kdegraphics-static-devel-2.2.1-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kdegraphics-2.2.2-15.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kdegraphics-devel-2.2.2-15.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdegraphics-3.0.3-11.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdegraphics-devel-3.0.3-11.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-179.NASL description Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in gnome-gv. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. last seen 2020-06-01 modified 2020-06-02 plugin id 15016 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15016 title Debian DSA-179-1 : gnome-gv - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-179. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15016); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0838"); script_bugtraq_id(5808); script_xref(name:"DSA", value:"179"); script_name(english:"Debian DSA-179-1 : gnome-gv - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in gnome-gv. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-179" ); script_set_attribute( attribute:"solution", value: "Upgrade the gnome-gv package. This problem has been fixed in version 1.1.96-3.1 for the current stable distribution (woody), in version 0.82-2.1 for the old stable distribution (potato) and version 1.99.7-9 for the unstable distribution (sid)." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gnome-gv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"gnome-gv", reference:"0.82-2.1")) flag++; if (deb_check(release:"3.0", prefix:"gnome-gv", reference:"1.1.96-3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200408-10.NASL description The remote host is affected by the vulnerability described in GLSA-200408-10 (gv: Exploitable Buffer Overflow) gv contains a buffer overflow vulnerability where an unsafe sscanf() call is used to interpret PDF and PostScript files. Impact : By enticing a user to view a malformed PDF or PostScript file an attacker could execute arbitrary code with the permissions of the user running gv. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of gv. last seen 2020-06-01 modified 2020-06-02 plugin id 14566 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14566 title GLSA-200408-10 : gv: Exploitable Buffer Overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200408-10. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14566); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2002-0838"); script_xref(name:"GLSA", value:"200408-10"); script_name(english:"GLSA-200408-10 : gv: Exploitable Buffer Overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200408-10 (gv: Exploitable Buffer Overflow) gv contains a buffer overflow vulnerability where an unsafe sscanf() call is used to interpret PDF and PostScript files. Impact : By enticing a user to view a malformed PDF or PostScript file an attacker could execute arbitrary code with the permissions of the user running gv. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of gv." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200408-10" ); script_set_attribute( attribute:"solution", value: "All gv users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-text/gv-3.5.8-r4' # emerge '>=app-text/gv-3.5.8-r4'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-text/gv", unaffected:make_list("ge 3.5.8-r4"), vulnerable:make_list("le 3.5.8-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gv"); }
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542
- http://marc.info/?l=bugtraq&m=103305615613319&w=2
- http://marc.info/?l=bugtraq&m=103305778615625&w=2
- http://marc.info/?l=bugtraq&m=103487806800388&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security
- http://www.debian.org/security/2002/dsa-176
- http://www.debian.org/security/2002/dsa-179
- http://www.debian.org/security/2002/dsa-182
- http://www.iss.net/security_center/static/10201.php
- http://www.kb.cert.org/vuls/id/600777
- http://www.kde.org/info/security/advisory-20021008-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2002:069
- http://www.mandriva.com/security/advisories?name=MDKSA-2002:071
- http://www.redhat.com/support/errata/RHSA-2002-207.html
- http://www.redhat.com/support/errata/RHSA-2002-212.html
- http://www.redhat.com/support/errata/RHSA-2002-220.html
- http://www.securityfocus.com/bid/5808