Vulnerabilities > CVE-2003-0434
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| OS | 3 | |
| OS | 9 |
Exploit-Db
| description | Adobe Acrobat Reader (UNIX) 5.0 6,Xpdf 0.9x Hyperlinks Arbitrary Command Execution. CVE-2003-0434. Remote exploit for linux platform |
| id | EDB-ID:22771 |
| last seen | 2016-02-02 |
| modified | 2003-06-13 |
| published | 2003-06-13 |
| reporter | Martyn Gilmore |
| source | https://www.exploit-db.com/download/22771/ |
| title | Adobe Acrobat Reader UNIX 5.0 6 / Xpdf 0.9x Hyperlinks - Arbitrary Command Execution |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-071.NASL description Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document. Update : New packages are available as the previous patches that had been applied did not correct all possible ways of exploiting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 14054 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14054 title Mandrake Linux Security Advisory : xpdf (MDKSA-2003:071-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:071. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14054); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0434"); script_xref(name:"MDKSA", value:"2003:071-1"); script_name(english:"Mandrake Linux Security Advisory : xpdf (MDKSA-2003:071-1)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document. Update : New packages are available as the previous patches that had been applied did not correct all possible ways of exploiting this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected xpdf package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"xpdf-1.01-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"xpdf-2.01-2.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-197.NASL description Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. [Updated 21 July 2003] Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that if activated or followed by a victim can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0434 to this issue. All users of Xpdf are advised to upgrade to these errata packages, which contain a patch correcting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12402 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12402 title RHEL 2.1 : xpdf (RHSA-2003:197) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:197. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12402); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0434"); script_xref(name:"RHSA", value:"2003:197"); script_name(english:"RHEL 2.1 : xpdf (RHSA-2003:197)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. [Updated 21 July 2003] Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that if activated or followed by a victim can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0434 to this issue. All users of Xpdf are advised to upgrade to these errata packages, which contain a patch correcting this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0434" ); # http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9c9d86d5" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:197" ); script_set_attribute(attribute:"solution", value:"Update the affected xpdf package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/07/24"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:197"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"xpdf-0.92-10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xpdf"); } }
Oval
| accepted | 2007-04-25T19:52:38.816-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:664 | ||||||||
| status | accepted | ||||||||
| submitted | 2003-08-29T12:00:00.000-04:00 | ||||||||
| title | Code Execution Vulnerability in XPDF PDF Viewer | ||||||||
| version | 38 |
Redhat
| advisories |
|
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html
- http://marc.info/?l=bugtraq&m=105777963019186&w=2
- http://secunia.com/advisories/9037
- http://secunia.com/advisories/9038
- http://www.kb.cert.org/vuls/id/200132
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:071
- http://www.redhat.com/support/errata/RHSA-2003-196.html
- http://www.redhat.com/support/errata/RHSA-2003-197.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664