Vulnerabilities > CVE-2004-0888 - Integer Overflow vulnerability in Xpdf PDFTOPS

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE

Summary

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

Vulnerable Configurations

Part Description Count
Application
Easy_Software_Products
20
Application
Gnome
2
Application
Kde
8
Application
Pdftohtml
7
Application
Tetex
4
Application
Xpdf
11
OS
Debian
12
OS
Gentoo
1
OS
Kde
6
OS
Redhat
13
OS
Suse
7
OS
Ubuntu
2

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-354.NASL
    descriptionUpdated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17680
    published2005-04-02
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17680
    titleRHEL 2.1 / 3 : tetex (RHSA-2005:354)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:354. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17680);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886", "CVE-2004-0888", "CVE-2004-1125");
      script_xref(name:"RHSA", value:"2005:354");
    
      script_name(english:"RHEL 2.1 / 3 : tetex (RHSA-2005:354)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated tetex packages that fix several integer overflows are now
    available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
    a text file and a set of formatting commands as input and creates a
    typesetter-independent .dvi (DeVice Independent) file as output.
    
    A number of security flaws have been found affecting libraries used
    internally within teTeX. An attacker who has the ability to trick a
    user into processing a malicious file with teTeX could cause teTeX to
    crash or possibly execute arbitrary code.
    
    A number of integer overflow bugs that affect Xpdf were discovered.
    The teTeX package contains a copy of the Xpdf code used for parsing
    PDF files and is therefore affected by these bugs. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    names CVE-2004-0888 and CVE-2004-1125 to these issues.
    
    A number of integer overflow bugs that affect libtiff were discovered.
    The teTeX package contains an internal copy of libtiff used for
    parsing TIFF image files and is therefore affected by these bugs. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to
    these issues.
    
    Also latex2html is added to package tetex-latex for 64bit platforms.
    
    Users of teTeX should upgrade to these updated packages, which contain
    backported patches and are not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0886"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-1125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:354"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-afm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvilj");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-latex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-xdvi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:354";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-afm-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-doc-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-dvilj-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-dvips-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-fonts-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-latex-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-xdvi-1.0.7-38.5E.8")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"tetex-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-afm-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-dvips-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-fonts-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-latex-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-xdvi-1.0.7-67.7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-doc / tetex-dvilj / tetex-dvips / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-348.NASL
    descriptionXpdf is an X Window System based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users of xpdf are advised to upgrade to this errata package, which contains a backported patch correcting these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15544
    published2004-10-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15544
    titleFedora Core 2 : xpdf-3.00-3.4 (2004-348)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-348.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15544);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2004-0888");
      script_xref(name:"FEDORA", value:"2004-348");
    
      script_name(english:"Fedora Core 2 : xpdf-3.00-3.4 (2004-348)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Xpdf is an X Window System based viewer for Portable Document Format
    (PDF) files.
    
    During a source code audit, Chris Evans and others discovered a number
    of integer overflow bugs that affected all versions of xpdf. An
    attacker could construct a carefully crafted PDF file that could cause
    xpdf to crash or possibly execute arbitrary code when opened. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2004-0888 to this issue.
    
    Users of xpdf are advised to upgrade to this errata package, which
    contains a backported patch correcting these issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-October/000339.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?086ddf90"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xpdf and / or xpdf-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xpdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xpdf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/10/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC2", reference:"xpdf-3.00-3.4")) flag++;
    if (rpm_check(release:"FC2", reference:"xpdf-debuginfo-3.00-3.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xpdf / xpdf-debuginfo");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-056.NASL
    descriptionPrevious updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications like koffice, that use embedded versions of xpdf. The updated packages are patched to deal with these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61926
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61926
    titleMandrake Linux Security Advisory : koffice (MDKSA-2005:056)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:056. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61926);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2005-0206");
      script_xref(name:"MDKSA", value:"2005:056");
    
      script_name(english:"Mandrake Linux Security Advisory : koffice (MDKSA-2005:056)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Previous updates to correct integer overflow issues affecting xpdf
    overlooked certain conditions when built for a 64 bit platform.
    (formerly CVE-2004-0888). This also affects applications like koffice,
    that use embedded versions of xpdf.
    
    The updated packages are patched to deal with these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-karbon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kformula");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kivio");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-koshell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kpresenter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kspread");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kugar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kword");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-progs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-karbon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kformula");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kivio");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-koshell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kpresenter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kspread");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kspread-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kugar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kugar-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kword");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kword-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-progs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-progs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"koffice-1.3-12.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64koffice2-1.3-12.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64koffice2-devel-1.3-12.3.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-karbon-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-kformula-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-kivio-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-koshell-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-kpresenter-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-kspread-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-kugar-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-kword-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"koffice-progs-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-karbon-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kformula-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kivio-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-koshell-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kpresenter-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kspread-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kspread-devel-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kugar-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kugar-devel-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kword-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-kword-devel-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-progs-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64koffice2-progs-devel-1.3.3-2.3.101mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-122.NASL
    descriptionA problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. FEDORA-2004-337 attempted to correct this but the patch was incomplete. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16351
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16351
    titleFedora Core 2 : cups-1.1.20-11.11 (2005-122)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-122.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16351);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2004-0888");
      script_xref(name:"FEDORA", value:"2005-122");
    
      script_name(english:"Fedora Core 2 : cups-1.1.20-11.11 (2005-122)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A problem with PDF handling was discovered by Chris Evans, and has
    been fixed. The Common Vulnerabilities and Exposures project
    (www.mitre.org) has assigned the name CVE-2004-0888 to this issue.
    
    FEDORA-2004-337 attempted to correct this but the patch was
    incomplete.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-February/000683.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?69746ba6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC2", reference:"cups-1.1.20-11.11")) flag++;
    if (rpm_check(release:"FC2", reference:"cups-debuginfo-1.1.20-11.11")) flag++;
    if (rpm_check(release:"FC2", reference:"cups-devel-1.1.20-11.11")) flag++;
    if (rpm_check(release:"FC2", reference:"cups-libs-1.1.20-11.11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-213.NASL
    descriptionAn updated xpdf package that correctly fixes several integer overflows is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). RHSA-2004:592 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. All users of xpdf should upgrade to this updated package, which contains backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17266
    published2005-03-04
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17266
    titleRHEL 2.1 / 3 : xpdf (RHSA-2005:213)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:213. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17266);
      script_version ("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-0206");
      script_xref(name:"RHSA", value:"2005:213");
    
      script_name(english:"RHEL 2.1 / 3 : xpdf (RHSA-2005:213)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated xpdf package that correctly fixes several integer overflows
    is now available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The xpdf package is an X Window System-based viewer for Portable
    Document Format (PDF) files.
    
    During a source code audit, Chris Evans and others discovered a number
    of integer overflow bugs that affected all versions of Xpdf. An
    attacker could construct a carefully crafted PDF file that could cause
    Xpdf to crash or possibly execute arbitrary code when opened. This
    issue was assigned the name CVE-2004-0888 by The Common
    Vulnerabilities and Exposures project (cve.mitre.org). RHSA-2004:592
    contained a fix for this issue, but it was found to be incomplete and
    left 64-bit architectures vulnerable. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206
    to this issue.
    
    All users of xpdf should upgrade to this updated package, which
    contains backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:213"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xpdf package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xpdf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:213";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"xpdf-0.92-15")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"xpdf-2.02-9.6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xpdf");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200411-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200411-30 (pdftohtml: Vulnerabilities in included Xpdf) Xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact : An attacker could entice a user to convert a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running pdftohtml. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id15792
    published2004-11-23
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15792
    titleGLSA-200411-30 : pdftohtml: Vulnerabilities in included Xpdf
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200411-30.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15792);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2004-0888");
      script_xref(name:"GLSA", value:"200411-30");
    
      script_name(english:"GLSA-200411-30 : pdftohtml: Vulnerabilities in included Xpdf");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200411-30
    (pdftohtml: Vulnerabilities in included Xpdf)
    
        Xpdf is vulnerable to multiple integer overflows, as described in
        GLSA 200410-20.
      
    Impact :
    
        An attacker could entice a user to convert a specially crafted PDF
        file, potentially resulting in execution of arbitrary code with the
        rights of the user running pdftohtml.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200410-20"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200411-30"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All pdftohtml users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-text/pdftohtml-0.36-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pdftohtml");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/11/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-text/pdftohtml", unaffected:make_list("ge 0.36-r1"), vulnerable:make_list("le 0.36"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdftohtml");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-133.NASL
    description - Tue Feb 08 2005 Than Ngo <than at redhat.com> 7:3.3.1-2.4 - More fixing of CVE-2004-0888 patch (bug #135393) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16355
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16355
    titleFedora Core 3 : kdegraphics-3.3.1-2.4 (2005-133)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-133.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16355);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_xref(name:"FEDORA", value:"2005-133");
    
      script_name(english:"Fedora Core 3 : kdegraphics-3.3.1-2.4 (2005-133)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Tue Feb 08 2005 Than Ngo <than at redhat.com>
        7:3.3.1-2.4
    
      - More fixing of CVE-2004-0888 patch (bug #135393)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-February/000690.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?aa4a3671"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected kdegraphics, kdegraphics-debuginfo and / or
    kdegraphics-devel packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdegraphics");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdegraphics-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdegraphics-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/02/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"kdegraphics-3.3.1-2.4")) flag++;
    if (rpm_check(release:"FC3", reference:"kdegraphics-debuginfo-3.3.1-2.4")) flag++;
    if (rpm_check(release:"FC3", reference:"kdegraphics-devel-3.3.1-2.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-debuginfo / kdegraphics-devel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-9-1.NASL
    descriptionChris Evans and Marcus Meissner recently discovered several integer overflow vulnerabilities in xpdf, a viewer for PDF files. Because tetex-bin contains xpdf code, it is also affected. These vulnerabilities could be exploited by an attacker providing a specially crafted TeX, LaTeX, or PDF file. Processing such a file with pdflatex could result in abnormal program termination or the execution of program code supplied by the attacker. This bug could be exploited to gain the privileges of the user invoking pdflatex. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20715
    published2006-01-15
    reporterUbuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20715
    titleUbuntu 4.10 : tetex-bin vulnerabilities (USN-9-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-044.NASL
    descriptionPrevious updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications like tetex, that use embedded versions of xpdf. The updated packages are patched to deal with these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61925
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61925
    titleMandrake Linux Security Advisory : tetex (MDKSA-2005:044)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200410-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200410-20 (Xpdf, CUPS: Multiple integer overflows) Chris Evans discovered multiple integer overflow issues in Xpdf. Impact : An attacker could entice an user to open a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf. By enticing an user to directly print the PDF file to a CUPS printer, an attacker could also crash the CUPS spooler or execute arbitrary code with the rights of the CUPS spooler, which is usually the
    last seen2020-06-01
    modified2020-06-02
    plugin id15539
    published2004-10-21
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15539
    titleGLSA-200410-20 : Xpdf, CUPS: Multiple integer overflows
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-116.NASL
    descriptionChris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CVE-2004-0888) Also, when CUPS debugging is enabled, device URIs containing username and password end up in error_log. This information is also visible via
    last seen2020-06-01
    modified2020-06-02
    plugin id15551
    published2004-10-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15551
    titleMandrake Linux Security Advisory : cups (MDKSA-2004:116)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-066.NASL
    descriptionUpdated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17178
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17178
    titleRHEL 4 : kdegraphics (RHSA-2005:066)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-114.NASL
    descriptionChris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as gpdf : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like gpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. The updated packages are patched to protect against these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id15549
    published2004-10-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15549
    titleMandrake Linux Security Advisory : gpdf (MDKSA-2004:114)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-136.NASL
    description - Wed Feb 09 2005 Than Ngo <than at redhat.com> 1:3.00-10.4 - More fixing of CVE-2004-0888 patch (bug #135393, #147524) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16358
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16358
    titleFedora Core 3 : xpdf-3.00-10.4 (2005-136)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080401_CUPS_ON_SL3_X.NASL
    descriptionSL5 Only: A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id60378
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60378
    titleScientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-592.NASL
    descriptionAn updated xpdf package that fixes a number of integer overflow security flaws is now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users of xpdf are advised to upgrade to this errata package, which contains a backported patch correcting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15632
    published2004-11-04
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15632
    titleRHEL 2.1 / 3 : xpdf (RHSA-2004:592)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-052.NASL
    descriptionPrevious updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications like kdegraphics, that use embedded versions of xpdf. (CVE-2005-0206) In addition, previous libtiff updates overlooked kdegraphics, which contains and embedded libtiff used for kfax. This update includes patches to address: CVE-2004-0803, CVE-2004-0804, CVE-2004-0886, CVE-2004-1183, CVE-2004-1308. The updated packages are patched to deal with these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17281
    published2005-03-06
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17281
    titleMandrake Linux Security Advisory : kdegraphics (MDKSA-2005:052)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-599.NASL
    descriptionChris Evans discovered several integer overflows in xpdf, that are also present in tetex-bin, binary files for the teTeX distribution, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15835
    published2004-11-26
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15835
    titleDebian DSA-599-1 : tetex-bin - integer overflows
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-357.NASL
    descriptionA problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15584
    published2004-10-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15584
    titleFedora Core 2 : kdegraphics-3.2.2-1.1 (2004-357)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-543.NASL
    descriptionUpdated cups packages that fix denial of service issues, a security information leak, as well as other various bugs are now available. The Common UNIX Printing System (CUPS) is a print spooler. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code used for parsing PDF files and is therefore affected by these bugs. An attacker who has the ability to send a malicious PDF file to a printer could cause CUPS to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. When set up to print to a shared printer via Samba, CUPS would authenticate with that shared printer using a username and password. By default, the username and password used to connect to the Samba share is written into the error log file. A local user who is able to read the error log file could collect these usernames and passwords. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0923 to this issue. These updated packages also include a fix that prevents some CUPS configuration files from being accidentally replaced. All users of CUPS should upgrade to these updated packages, which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15630
    published2004-11-04
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15630
    titleRHEL 3 : cups (RHSA-2004:543)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-337.NASL
    descriptionA problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15578
    published2004-10-28
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15578
    titleFedora Core 2 : cups-1.1.20-11.6 (2004-337)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-042.NASL
    descriptionPrevious updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications like gpdf, that use embedded versions of xpdf. The updated packages are patched to deal with these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61923
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61923
    titleMandrake Linux Security Advisory : gpdf (MDKSA-2005:042)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-166.NASL
    descriptionChris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as tetex (CVE-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like tetex which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like tetex, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CVE-2004-1125). The updated packages are patched to protect against these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id16083
    published2005-01-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16083
    titleMandrake Linux Security Advisory : tetex (MDKSA-2004:166)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-057.NASL
    descriptionAn updated gpdf package that fixes two security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files for GNOME. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. Users should update to this erratum package which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17175
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17175
    titleRHEL 4 : gpdf (RHSA-2005:057)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-043.NASL
    descriptionPrevious updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications that use embedded versions of xpdf. The updated packages are patched to deal with these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61924
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61924
    titleMandrake Linux Security Advisory : xpdf (MDKSA-2005:043)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0206.NASL
    descriptionFrom Red Hat Security Advisory 2008:0206 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id67674
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67674
    titleOracle Linux 3 / 4 : cups (ELSA-2008-0206)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-358.NASL
    descriptionUpdate to gpdf 2.8.0, which fixes the CVE-2004-0888 security issue. Also fixes: #rh127803# crash with mailto: links #rh132469# crash with remote documents using gnome-vfs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15585
    published2004-10-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15585
    titleFedora Core 2 : gpdf-2.8.0-4.1.fc2 (2004-358)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-135.NASL
    description - Wed Feb 09 2005 Than Ngo <than at redhat.com> 1:3.00-3.8 - More fixing of CVE-2004-0888 patch (bug #135393, #147524) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16357
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16357
    titleFedora Core 2 : xpdf-3.00-3.8 (2005-135)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-165.NASL
    descriptionChris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as koffice (CVE-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like koffice which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like koffice, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CVE-2004-1125). The updated packages are patched to protect against these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id16082
    published2005-01-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16082
    titleMandrake Linux Security Advisory : koffice (MDKSA-2004:165)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-041.NASL
    descriptionPrevious updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications like cups, that use embedded versions of xpdf. The updated packages are patched to deal with these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61922
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61922
    titleMandrake Linux Security Advisory : cups (MDKSA-2005:041)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-132.NASL
    descriptionUpdated cups packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) is a print spooler. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect Xpdf. CUPS contained a copy of the Xpdf code used for parsing PDF files and was therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2004-0888 to this issue, and Red Hat released erratum RHSA-2004:543 with updated packages. It was found that the patch used to correct this issue was not sufficient and did not fully protect CUPS running on 64-bit architectures. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. These updated packages also include a fix that prevents the CUPS initscript from being accidentally replaced. All users of CUPS on 64-bit architectures should upgrade to these updated packages, which contain a corrected patch and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17149
    published2005-02-18
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17149
    titleRHEL 3 : cups (RHSA-2005:132)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-14-1.NASL
    descriptionMarkus Meissner discovered even more integer overflow vulnerabilities in xpdf, a viewer for PDF files. These integer overflows can eventually lead to buffer overflows. The Common UNIX Printing System (CUPS) uses the same code to print PDF files; tetex-bin uses the code to generate PDF output and process included PDF files. In any case, these vulnerabilities could be exploited by an attacker providing a specially crafted PDF file which, when processed by CUPS, xpdf, or pdflatex, could result in abnormal program termination or the execution of program code supplied by the attacker. In the case of CUPS, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys). In the cases of xpdf and pdflatex, this bug could be exploited to gain the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20532
    published2006-01-15
    reporterUbuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20532
    titleUbuntu 4.10 : xpdf vulnerabilities (USN-14-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200501-31.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200501-31 (teTeX, pTeX, CSTeX: Multiple vulnerabilities) teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). Furthermore, Javier Fernandez-Sanguino Pena discovered that the xdvizilla script does not handle temporary files correctly. Impact : An attacker could design a malicious input file which, when processed using one of the TeX distributions, could lead to the execution of arbitrary code. Furthermore, a local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When xdvizilla is called, this would result in the file being overwritten with the rights of the user running the script. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id16422
    published2005-02-14
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16422
    titleGLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-354.NASL
    descriptionUpdated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21809
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21809
    titleCentOS 3 : tetex (CESA-2005:354)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-053.NASL
    descriptionUpdated CUPS packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects CUPS due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id17174
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17174
    titleRHEL 4 : CUPS (RHSA-2005:053)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2004_039.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:039 (xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups). Xpdf is a widely used fast PDF file viewer. Various other PDF viewer and PDF conversion tools use xpdf code to accomplish their tasks. Chris Evans found several integer overflows and arithmetic errors. Additionally Sebastian Krahmer from the SuSE Security-Team found similar bugs in xpdf 3. These bugs can be exploited by tricking an user to open a malformated PDF file. As a result the PDF viewer can be crashed or may be even code can be executed.
    last seen2020-06-01
    modified2020-06-02
    plugin id15569
    published2004-10-26
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15569
    titleSUSE-SA:2004:039: xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-123.NASL
    descriptionA problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. FEDORA-2004-337 attempted to correct this but the patch was incomplete. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16352
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16352
    titleFedora Core 3 : cups-1.1.22-0.rc1.8.5 (2005-123)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200410-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200410-30 (GPdf, KPDF, KOffice: Vulnerabilities in included xpdf) GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact : An attacker could entice a user to open a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running the affected utility. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id15582
    published2004-10-28
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15582
    titleGLSA-200410-30 : GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0206.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id31756
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31756
    titleRHEL 3 / 4 : cups (RHSA-2008:0206)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-113.NASL
    descriptionChris Evans discovered numerous vulnerabilities in the xpdf package : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CVE-2004-0888) Multiple integer overflow issues affecting xpdf-3.0 only. These can result in DoS or possibly arbitrary code execution. (CVE-2004-0889) Chris also discovered issues with infinite loop logic error affecting xpdf-3.0 only. The updated packages are patched to deal with these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15548
    published2004-10-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15548
    titleMandrake Linux Security Advisory : xpdf (MDKSA-2004:113)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_AD2F333726BF11D99289000C41E2CDAD.NASL
    descriptionChris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id19076
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19076
    titleFreeBSD : xpdf -- integer overflow vulnerabilities (ad2f3337-26bf-11d9-9289-000c41e2cdad)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-034.NASL
    descriptionAn updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. All users of Xpdf should upgrade to this updated package, which contains backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17168
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17168
    titleRHEL 4 : xpdf (RHSA-2005:034)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0206.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id31741
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31741
    titleCentOS 3 / 4 : cups (CESA-2008:0206)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-134.NASL
    description - Wed Feb 09 2005 Than Ngo <than at redhat.com> 7:3.2.2-1.4 - More fixing of CVE-2004-0888 patch (bug #135393) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16356
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16356
    titleFedora Core 2 : kdegraphics-3.2.2-1.4 (2005-134)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-573.NASL
    descriptionChris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.
    last seen2020-06-01
    modified2020-06-02
    plugin id15671
    published2004-11-10
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15671
    titleDebian DSA-573-1 : cupsys - integer overflows
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-115.NASL
    descriptionChris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as kpdf : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like kpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. The updated packages are patched to protect against these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id15550
    published2004-10-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15550
    titleMandrake Linux Security Advisory : kdegraphics (MDKSA-2004:115)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-581.NASL
    descriptionChris Evans discovered several integer overflows in xpdf, a viewer for PDF files, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15679
    published2004-11-10
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15679
    titleDebian DSA-581-1 : xpdf - integer overflows

Oval

accepted2013-04-29T04:21:32.792-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMultiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
familyunix
idoval:org.mitre.oval:def:9714
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
version26

Redhat

advisories
  • rhsa
    idRHSA-2004:543
  • rhsa
    idRHSA-2004:592
  • rhsa
    idRHSA-2005:066
  • rhsa
    idRHSA-2005:354
rpms
  • cups-1:1.1.17-13.3.16
  • cups-debuginfo-1:1.1.17-13.3.16
  • cups-devel-1:1.1.17-13.3.16
  • cups-libs-1:1.1.17-13.3.16
  • xpdf-1:2.02-9.3
  • xpdf-debuginfo-1:2.02-9.3
  • kdegraphics-7:3.3.1-3.3
  • kdegraphics-debuginfo-7:3.3.1-3.3
  • kdegraphics-devel-7:3.3.1-3.3
  • tetex-0:1.0.7-67.7
  • tetex-afm-0:1.0.7-67.7
  • tetex-debuginfo-0:1.0.7-67.7
  • tetex-dvips-0:1.0.7-67.7
  • tetex-fonts-0:1.0.7-67.7
  • tetex-latex-0:1.0.7-67.7
  • tetex-xdvi-0:1.0.7-67.7