Vulnerabilities > CVE-2003-0541 - Unspecified vulnerability in Gnome Gtkhtml
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-093.NASL description Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a NULL pointer dereference in the GtkHTML library, versions prior to 1.1.0. The updated package provides a patched version of GtkHTML; versions of Mandrake Linux more recent than 9.0 do not require this fix as they already come with version 1.1.0. last seen 2020-06-01 modified 2020-06-02 plugin id 14075 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14075 title Mandrake Linux Security Advisory : gtkhtml (MDKSA-2003:093) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:093. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14075); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0541"); script_xref(name:"MDKSA", value:"2003:093"); script_name(english:"Mandrake Linux Security Advisory : gtkhtml (MDKSA-2003:093)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a NULL pointer dereference in the GtkHTML library, versions prior to 1.1.0. The updated package provides a patched version of GtkHTML; versions of Mandrake Linux more recent than 9.0 do not require this fix as they already come with version 1.1.0." ); script_set_attribute( attribute:"solution", value: "Update the affected gtkhtml, libgtkhtml20 and / or libgtkhtml20-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gtkhtml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgtkhtml20"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgtkhtml20-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"gtkhtml-1.0.4-4.1.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libgtkhtml20-1.0.4-4.1.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libgtkhtml20-devel-1.0.4-4.1.90mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-710.NASL description Alan Cox discovered a problem in gtkhtml, an HTML rendering widget used by the Evolution mail reader. Certain malformed messages could cause a crash due to a NULL pointer dereference. last seen 2020-06-01 modified 2020-06-02 plugin id 18080 published 2005-04-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18080 title Debian DSA-710-1 : gtkhtml - NULL pointer dereference code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-710. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(18080); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2003-0541"); script_xref(name:"DSA", value:"710"); script_name(english:"Debian DSA-710-1 : gtkhtml - NULL pointer dereference"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Alan Cox discovered a problem in gtkhtml, an HTML rendering widget used by the Evolution mail reader. Certain malformed messages could cause a crash due to a NULL pointer dereference." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279726" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-710" ); script_set_attribute( attribute:"solution", value: "Upgrade the gtkhtml package and restart Evolution. For the stable distribution (woody) this problem has been fixed in version 1.0.2-1.woody1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gtkhtml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/18"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"gtkhtml", reference:"1.0.2-1.woody1")) flag++; if (deb_check(release:"3.0", prefix:"libgtkhtml-data", reference:"1.0.2-1.woody1")) flag++; if (deb_check(release:"3.0", prefix:"libgtkhtml-dev", reference:"1.0.2-1.woody1")) flag++; if (deb_check(release:"3.0", prefix:"libgtkhtml20", reference:"1.0.2-1.woody1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted | 2007-04-25T19:52:16.578-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:148 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2003-09-10T12:00:00.000-04:00 | ||||||||||||
title | Evolution GtkHTML DoS via null Pointer Dereference | ||||||||||||
version | 38 |
Redhat
advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737
- http://www.debian.org/security/2005/dsa-710
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:093
- http://www.redhat.com/support/errata/RHSA-2003-264.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A148