Vulnerabilities > CVE-2004-1125 - Improper Input Validation vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-354.NASL description Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17680 published 2005-04-02 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17680 title RHEL 2.1 / 3 : tetex (RHSA-2005:354) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:354. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17680); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886", "CVE-2004-0888", "CVE-2004-1125"); script_xref(name:"RHSA", value:"2005:354"); script_name(english:"RHEL 2.1 / 3 : tetex (RHSA-2005:354)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0803" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0804" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0886" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0888" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1125" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:354" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-afm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvilj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-latex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-xdvi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:354"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-afm-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-doc-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-dvilj-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-dvips-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-fonts-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-latex-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-xdvi-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-afm-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-dvips-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-fonts-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-latex-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-xdvi-1.0.7-67.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-doc / tetex-dvilj / tetex-dvips / etc"); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-162.NASL description iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like gpdf, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 16079 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16079 title Mandrake Linux Security Advisory : gpdf (MDKSA-2004:162) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:162. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(16079); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-1125"); script_xref(name:"MDKSA", value:"2004:162"); script_name(english:"Mandrake Linux Security Advisory : gpdf (MDKSA-2004:162)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like gpdf, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities." ); script_set_attribute(attribute:"solution", value:"Update the affected gpdf package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"gpdf-0.112-2.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"gpdf-0.132-3.3.101mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-50-1.NASL description CAN-2004-1125 : The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS contains xpdf code to convert incoming PDF files to the PostScript format, this vulnerability applies to cups as well. In this case it could even lead to privilege escalation: if an attacker submitted a malicious PDF file for printing, he could be able to execute arbitrary commands with the privileges of the CUPS server. Please note that the Ubuntu version of CUPS runs as a minimally privileged user last seen 2020-06-01 modified 2020-06-02 plugin id 20668 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20668 title Ubuntu 4.10 : cupsys vulnerabilities (USN-50-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-50-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20668); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2004-1125", "CVE-2004-1267", "CVE-2004-1268", "CVE-2004-1269", "CVE-2004-1270", "CVE-2004-2467"); script_xref(name:"USN", value:"50-1"); script_name(english:"Ubuntu 4.10 : cupsys vulnerabilities (USN-50-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "CAN-2004-1125 : The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS contains xpdf code to convert incoming PDF files to the PostScript format, this vulnerability applies to cups as well. In this case it could even lead to privilege escalation: if an attacker submitted a malicious PDF file for printing, he could be able to execute arbitrary commands with the privileges of the CUPS server. Please note that the Ubuntu version of CUPS runs as a minimally privileged user 'cupsys' by default, so there is no possibility of root privilege escalation. The privileges of the 'cupsys' user are confined to modifying printer configurations, altering print jobs, and controlling printers. CAN-2004-1267 : Ariel Berkman discovered a buffer overflow in the ParseCommand() function of the HPGL input driver. If an attacker printed a malicious HPGL file, they could exploit this to execute arbitrary commands with the privileges of the CUPS server. CAN-2004-1268, CAN-2004-1269, CAN-2004-1270 : Bartlomiej Sieka discovered three flaws in lppasswd. These allowed users to corrupt the new password file by filling up the disk, sending certain signals, or closing the standard output and/or error streams. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"cupsys", pkgver:"1.1.20final+cvs20040330-4ubuntu16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"cupsys-bsd", pkgver:"1.1.20final+cvs20040330-4ubuntu16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"cupsys-client", pkgver:"1.1.20final+cvs20040330-4ubuntu16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libcupsimage2", pkgver:"1.1.20final+cvs20040330-4ubuntu16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libcupsimage2-dev", pkgver:"1.1.20final+cvs20040330-4ubuntu16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libcupsys2-dev", pkgver:"1.1.20final+cvs20040330-4ubuntu16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libcupsys2-gnutls10", pkgver:"1.1.20final+cvs20040330-4ubuntu16.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cupsys / cupsys-bsd / cupsys-client / libcupsimage2 / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-163.NASL description iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like kdegraphics, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 16080 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16080 title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2004:163) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:163. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(16080); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-1125"); script_xref(name:"MDKSA", value:"2004:163"); script_name(english:"Mandrake Linux Security Advisory : kdegraphics (MDKSA-2004:163)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like kdegraphics, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kdvi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kfax"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kiconedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kpaint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kpdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kruler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-ksnapshot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kuickshow"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-mrmlsearch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-common-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kuickshow"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-mrmlsearch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-common-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kooka-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kuickshow"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-mrmlsearch"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-common-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kdvi-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kfax-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kghostview-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kiconedit-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kooka-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kpaint-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kpdf-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kpovmodeler-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kruler-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-ksnapshot-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-ksvg-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kuickshow-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-kview-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdegraphics-mrmlsearch-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-common-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-common-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-kooka-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-kooka-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-kpovmodeler-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-kpovmodeler-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-ksvg-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-ksvg-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-kuickshow-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-kview-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-kview-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdegraphics0-mrmlsearch-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-common-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-common-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-kooka-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-kooka-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-kpovmodeler-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-kpovmodeler-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-ksvg-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-ksvg-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-kuickshow-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-kview-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-kview-devel-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdegraphics0-mrmlsearch-3.2-15.4.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-common-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kdvi-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kfax-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kghostview-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kiconedit-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kooka-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kpaint-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kpdf-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kpovmodeler-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kruler-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-ksnapshot-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-ksvg-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kuickshow-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-kview-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdegraphics-mrmlsearch-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-common-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-common-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kghostview-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kghostview-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kooka-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kooka-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kpovmodeler-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kpovmodeler-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-ksvg-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-ksvg-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kuickshow-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kview-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-kview-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdegraphics0-mrmlsearch-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-common-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-common-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kghostview-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kghostview-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kooka-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kooka-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kpovmodeler-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kpovmodeler-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-ksvg-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-ksvg-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kuickshow-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kview-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-kview-devel-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdegraphics0-mrmlsearch-3.2.3-17.3.101mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-066.NASL description Updated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17178 published 2005-02-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17178 title RHEL 4 : kdegraphics (RHSA-2005:066) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:066. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17178); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-0888", "CVE-2004-1125", "CVE-2005-0064"); script_xref(name:"RHSA", value:"2005:066"); script_name(english:"RHEL 4 : kdegraphics (RHSA-2005:066)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0888" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1125" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0064" ); # http://www.kde.org/info/security/advisory-20041223-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20041223-1.txt" ); # http://www.kde.org/info/security/advisory-20050119-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20050119-1.txt" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:066" ); script_set_attribute( attribute:"solution", value:"Update the affected kdegraphics and / or kdegraphics-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:066"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"kdegraphics-3.3.1-3.3")) flag++; if (rpm_check(release:"RHEL4", reference:"kdegraphics-devel-3.3.1-3.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2004-574.NASL description This package fixes a buffer overflow which may possibly allow attackers to execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 16055 published 2004-12-27 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16055 title Fedora Core 2 : cups-1.1.20-11.8 (2004-574) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-574. # include("compat.inc"); if (description) { script_id(16055); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-1125"); script_xref(name:"FEDORA", value:"2004-574"); script_name(english:"Fedora Core 2 : cups-1.1.20-11.8 (2004-574)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "This package fixes a buffer overflow which may possibly allow attackers to execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-December/000536.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?705ea179" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"cups-1.1.20-11.8")) flag++; if (rpm_check(release:"FC2", reference:"cups-debuginfo-1.1.20-11.8")) flag++; if (rpm_check(release:"FC2", reference:"cups-devel-1.1.20-11.8")) flag++; if (rpm_check(release:"FC2", reference:"cups-libs-1.1.20-11.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs"); }NASL family Fedora Local Security Checks NASL id FEDORA_2004-575.NASL description This package fixes a buffer overflow which may possibly allow attackers to execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 16052 published 2004-12-27 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16052 title Fedora Core 3 : cups-1.1.22-0.rc1.8.2 (2004-575) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-575. # include("compat.inc"); if (description) { script_id(16052); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-1125"); script_xref(name:"FEDORA", value:"2004-575"); script_name(english:"Fedora Core 3 : cups-1.1.22-0.rc1.8.2 (2004-575)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "This package fixes a buffer overflow which may possibly allow attackers to execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-December/000537.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8644c283" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"cups-1.1.22-0.rc1.8.2")) flag++; if (rpm_check(release:"FC3", reference:"cups-debuginfo-1.1.22-0.rc1.8.2")) flag++; if (rpm_check(release:"FC3", reference:"cups-devel-1.1.22-0.rc1.8.2")) flag++; if (rpm_check(release:"FC3", reference:"cups-libs-1.1.22-0.rc1.8.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-026.NASL description Updated tetex packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The tetex packages (teTeX) contain an implementation of TeX for Linux or UNIX systems. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17338 published 2005-03-16 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17338 title RHEL 4 : tetex (RHSA-2005:026) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:026. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17338); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-1125", "CVE-2005-0064"); script_xref(name:"RHSA", value:"2005:026"); script_name(english:"RHEL 4 : tetex (RHSA-2005:026)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated tetex packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The tetex packages (teTeX) contain an implementation of TeX for Linux or UNIX systems. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1125" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0064" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:026" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-afm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-latex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-xdvi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:026"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"tetex-2.0.2-22.EL4.4")) flag++; if (rpm_check(release:"RHEL4", reference:"tetex-afm-2.0.2-22.EL4.4")) flag++; if (rpm_check(release:"RHEL4", reference:"tetex-doc-2.0.2-22.EL4.4")) flag++; if (rpm_check(release:"RHEL4", reference:"tetex-dvips-2.0.2-22.EL4.4")) flag++; if (rpm_check(release:"RHEL4", reference:"tetex-fonts-2.0.2-22.EL4.4")) flag++; if (rpm_check(release:"RHEL4", reference:"tetex-latex-2.0.2-22.EL4.4")) flag++; if (rpm_check(release:"RHEL4", reference:"tetex-xdvi-2.0.2-22.EL4.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-doc / tetex-dvips / tetex-fonts / etc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-018.NASL description Updated Xpdf packages that fix several security issues are now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to exploit this vulnerability on x86 architectures. All users of the Xpdf packages should upgrade to these updated packages, which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16149 published 2005-01-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16149 title RHEL 3 : xpdf (RHSA-2005:018) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-166.NASL description Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as tetex (CVE-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like tetex which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like tetex, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CVE-2004-1125). The updated packages are patched to protect against these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 16083 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16083 title Mandrake Linux Security Advisory : tetex (MDKSA-2004:166) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-057.NASL description An updated gpdf package that fixes two security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files for GNOME. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. Users should update to this erratum package which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17175 published 2005-02-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17175 title RHEL 4 : gpdf (RHSA-2005:057) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200412-25.NASL description The remote host is affected by the vulnerability described in GLSA-200412-25 (CUPS: Multiple vulnerabilities) CUPS makes use of vulnerable Xpdf code to handle PDF files (CAN-2004-1125). Furthermore, Ariel Berkman discovered a buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program (CAN-2004-1267). Finally, Bartlomiej Sieka discovered several problems in the lppasswd program: it ignores some write errors (CAN-2004-1268), it can leave the passwd.new file in place (CAN-2004-1269) and it does not verify that passwd.new file is different from STDERR (CAN-2004-1270). Impact : The Xpdf and hpgltops vulnerabilities may be exploited by a remote attacker to execute arbitrary code by sending specific print jobs to a CUPS spooler. The lppasswd vulnerabilities may be exploited by a local attacker to write data to the CUPS password file or deny further password modifications. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16067 published 2004-12-28 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16067 title GLSA-200412-25 : CUPS: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-165.NASL description Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as koffice (CVE-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like koffice which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like koffice, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CVE-2004-1125). The updated packages are patched to protect against these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 16082 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16082 title Mandrake Linux Security Advisory : koffice (MDKSA-2004:165) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-48-1.NASL description A potential buffer overflow has been found in the xpdf viewer. An insufficient input validation could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 20665 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20665 title Ubuntu 4.10 : xpdf, tetex-bin vulnerabilities (USN-48-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-31.NASL description The remote host is affected by the vulnerability described in GLSA-200501-31 (teTeX, pTeX, CSTeX: Multiple vulnerabilities) teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). Furthermore, Javier Fernandez-Sanguino Pena discovered that the xdvizilla script does not handle temporary files correctly. Impact : An attacker could design a malicious input file which, when processed using one of the TeX distributions, could lead to the execution of arbitrary code. Furthermore, a local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When xdvizilla is called, this would result in the file being overwritten with the rights of the user running the script. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16422 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16422 title GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-17.NASL description The remote host is affected by the vulnerability described in GLSA-200501-17 (KPdf, KOffice: More vulnerabilities in included Xpdf) KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to multiple new integer overflows, as described in GLSA 200412-24. Impact : An attacker could entice a user to open a specially crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running the affected utility. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16408 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16408 title GLSA-200501-17 : KPdf, KOffice: More vulnerabilities in included Xpdf NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-354.NASL description Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21809 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21809 title CentOS 3 : tetex (CESA-2005:354) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-053.NASL description Updated CUPS packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects CUPS due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 17174 published 2005-02-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17174 title RHEL 4 : CUPS (RHSA-2005:053) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200412-24.NASL description The remote host is affected by the vulnerability described in GLSA-200412-24 (Xpdf, GPdf: New integer overflows) A new integer overflow issue was discovered in Xpdf last seen 2020-06-01 modified 2020-06-02 plugin id 16066 published 2004-12-28 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16066 title GLSA-200412-24 : Xpdf, GPdf: New integer overflows NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-013.NASL description Updated CUPS packages that fix several security issues are now available. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. A buffer overflow was found in the CUPS pdftops filter, which uses code from the Xpdf package. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 16146 published 2005-01-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16146 title RHEL 3 : cups (RHSA-2005:013) NASL family Fedora Local Security Checks NASL id FEDORA_2004-584.NASL description The remote Fedora Core host is missing one or more security updates : tetex-2.0.2-14FC2.1 : The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. tetex-2.0.2-14FC2.1 - with correct md5sums : The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16098 published 2005-01-04 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16098 title Fedora Core 2 : tetex-2.0.2-14FC2.1 / tetex-2.0.2-14FC2.1 (2004-584) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-034.NASL description An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. All users of Xpdf should upgrade to this updated package, which contains backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17168 published 2005-02-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17168 title RHEL 4 : xpdf (RHSA-2005:034) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-164.NASL description iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like cups, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 16081 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16081 title Mandrake Linux Security Advisory : cups (MDKSA-2004:164) NASL family Fedora Local Security Checks NASL id FEDORA_2004-572.NASL description This package fixes a buffer overflow which allows attackers to cause the xpdf application to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16050 published 2004-12-27 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16050 title Fedora Core 2 : xpdf-3.00-3.6 (2004-572) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-621.NASL description An iDEFENSE security researcher discovered a buffer overflow in xpdf, the Portable Document Format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, leading to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 16074 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16074 title Debian DSA-621-1 : cupsys - buffer overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E3E266E9547311D9A9E70001020EED82.NASL description An iDEFENSE Security Advisory reports : Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc. last seen 2020-06-01 modified 2020-06-02 plugin id 19147 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19147 title FreeBSD : xpdf -- buffer overflow vulnerability (e3e266e9-5473-11d9-a9e7-0001020eed82) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-13.NASL description The remote host is affected by the vulnerability described in GLSA-200501-13 (pdftohtml: Vulnerabilities in included Xpdf) Xpdf is vulnerable to integer overflows, as described in GLSA 200412-24. Impact : An attacker could entice a user to convert a specially crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running pdftohtml. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16404 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16404 title GLSA-200501-13 : pdftohtml: Vulnerabilities in included Xpdf NASL family Fedora Local Security Checks NASL id FEDORA_2004-585.NASL description The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16099 published 2005-01-04 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16099 title Fedora Core 3 : tetex-2.0.2-21.2 (2004-585) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-161.NASL description iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 16078 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16078 title Mandrake Linux Security Advisory : xpdf (MDKSA-2004:161) NASL family Fedora Local Security Checks NASL id FEDORA_2004-573.NASL description This package fixes a buffer overflow which allows attackers to cause the xpdf application to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16051 published 2004-12-27 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16051 title Fedora Core 3 : xpdf-3.00-10.1 (2004-573) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-619.NASL description An iDEFENSE security researcher discovered a buffer overflow in xpdf, the portable document format (PDF) suite. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 16072 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16072 title Debian DSA-619-1 : xpdf - buffer overflow
Oval
| accepted | 2013-04-29T04:09:09.578-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10830 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||
| rpms |
|
References
- ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
- http://marc.info/?t=110378596500001&r=1&w=2
- http://secunia.com/advisories/17277
- http://securitytracker.com/id?1012646
- http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
- http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml
- http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml
- http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
- http://www.kde.org/info/security/advisory-20041223-1.txt
- http://www.novell.com/linux/security/advisories/2005_01_sr.html
- http://www.redhat.com/support/errata/RHSA-2005-013.html
- http://www.redhat.com/support/errata/RHSA-2005-018.html
- http://www.redhat.com/support/errata/RHSA-2005-026.html
- http://www.redhat.com/support/errata/RHSA-2005-034.html
- http://www.redhat.com/support/errata/RHSA-2005-053.html
- http://www.redhat.com/support/errata/RHSA-2005-057.html
- http://www.redhat.com/support/errata/RHSA-2005-066.html
- http://www.redhat.com/support/errata/RHSA-2005-354.html
- http://www.securityfocus.com/bid/12070
- https://bugzilla.fedora.us/show_bug.cgi?id=2352
- https://bugzilla.fedora.us/show_bug.cgi?id=2353
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18641
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830
- https://usn.ubuntu.com/50-1/