Vulnerabilities > CVE-2003-0133 - Unspecified vulnerability in Gnome Gtkhtml 1.1.10/1.1.9

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
gnome
nessus

Summary

GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.

Vulnerable Configurations

Part Description Count
Application
Gnome
2

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2003-046.NASL
descriptionA vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this bug.
last seen2020-06-01
modified2020-06-02
plugin id14030
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14030
titleMandrake Linux Security Advisory : gtkhtml (MDKSA-2003:046)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:046. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(14030);
  script_version ("1.17");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2003-0133");
  script_xref(name:"MDKSA", value:"2003:046");

  script_name(english:"Mandrake Linux Security Advisory : gtkhtml (MDKSA-2003:046)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability in GtkHTML was discovered by Alan Cox with the
Evolution email client. GtkHTML is used to handle HTML messages in
Evolution and certain malformed messages could cause Evolution to
crash due to this bug."
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected gtkhtml, libgtkhtml1.1_3 and / or
libgtkhtml1.1_3-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gtkhtml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgtkhtml1.1_3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgtkhtml1.1_3-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gtkhtml-1.1.10-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libgtkhtml1.1_3-1.1.10-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libgtkhtml1.1_3-devel-1.1.10-2.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Oval

accepted2007-04-25T19:52:16.094-04:00
classvulnerability
contributors
  • nameJay Beale
    organizationBastille Linux
  • nameThomas R. Jones
    organizationMaitreya Security
descriptionGtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
familyunix
idoval:org.mitre.oval:def:138
statusaccepted
submitted2003-09-02T12:00:00.000-04:00
titleEvolution GtkHTML DoS via Malformed Message
version38

Redhat

advisories
rhsa
idRHSA-2003:126