Vulnerabilities > CVE-2005-1686 - Unspecified vulnerability in Gnome Gedit 2.10.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Gedit 2.x Filename Format String Vulnerability. CVE-2005-1686. Local exploit for linux platform |
| id | EDB-ID:25688 |
| last seen | 2016-02-03 |
| modified | 2005-05-30 |
| published | 2005-05-30 |
| reporter | jsk:exworm |
| source | https://www.exploit-db.com/download/25688/ |
| title | Gedit 2.x Filename Format String Vulnerability |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-773.NASL description This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well. last seen 2020-06-01 modified 2020-06-02 plugin id 57528 published 2012-01-12 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57528 title Debian DSA-773-1 : amd64 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-773. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(57528); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-0392", "CVE-2005-0393", "CVE-2005-0469", "CVE-2005-0753", "CVE-2005-1151", "CVE-2005-1152", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1266", "CVE-2005-1269", "CVE-2005-1545", "CVE-2005-1546", "CVE-2005-1686", "CVE-2005-1689", "CVE-2005-1796", "CVE-2005-1848", "CVE-2005-1849", "CVE-2005-1850", "CVE-2005-1851", "CVE-2005-1852", "CVE-2005-1853", "CVE-2005-1858", "CVE-2005-1914", "CVE-2005-1916", "CVE-2005-1922", "CVE-2005-1923", "CVE-2005-1934", "CVE-2005-1992", "CVE-2005-1993", "CVE-2005-2024", "CVE-2005-2040", "CVE-2005-2056", "CVE-2005-2070", "CVE-2005-2096", "CVE-2005-2231", "CVE-2005-2250", "CVE-2005-2277", "CVE-2005-2301", "CVE-2005-2302", "CVE-2005-2370"); script_xref(name:"DSA", value:"773"); script_name(english:"Debian DSA-773-1 : amd64 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-773" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected several package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:several"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/12"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"affix", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"centericq", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-common", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-fribidi", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"centericq-utf8", reference:"4.20.0-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"crip", reference:"3.5-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"cvs", reference:"1.11.1p1debian-11")) flag++; if (deb_check(release:"3.1", prefix:"dhcpcd", reference:"1.3.22pl4-21sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ekg", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"ettercap", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ettercap-common", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ettercap-gtk", reference:"0.7.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"fuse-utils", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"gaim", reference:"1.2.1-1.4")) flag++; if (deb_check(release:"3.1", prefix:"gaim-dev", reference:"1.2.1-1.4")) flag++; if (deb_check(release:"3.1", prefix:"gedit", reference:"2.8.3-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"gopher", reference:"3.0.7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heartbeat", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"heartbeat-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-clients", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-clients-x", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-dev", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-kdc", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-servers", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"heimdal-servers-x", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ht", reference:"0.8.0-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"krb5-admin-server", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-clients", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-ftpd", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-kdc", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-rsh-server", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-telnetd", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"krb5-user", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libaffix-dev", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"libaffix2", reference:"2.1.1-2")) flag++; if (deb_check(release:"3.1", prefix:"libasn1-6-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"libdbm-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libfuse-dev", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libfuse2", reference:"2.2.1-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libgadu-dev", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"libgadu3", reference:"1.5+20050411-5")) flag++; if (deb_check(release:"3.1", prefix:"libgdbm-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libgssapi1-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libhdb7-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkadm55", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libkadm5clnt4-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkadm5srv7-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkafs0-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkrb5-17-heimdal", reference:"0.6.3-10sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libkrb5-dev", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libkrb53", reference:"1.3.6-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libopenssl-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libpils-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libpils0", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libreadline-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libruby1.8-dbg", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libstonith-dev", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libstonith0", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libtcltk-ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-geo", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-ldap", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-mysql", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-pgsql", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-pipe", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-backend-sqlite", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-recursor", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pdns-server", reference:"2.9.17-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ppxp", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-dev", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-tcltk", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ppxp-x11", reference:"0.2001080415-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"qpopper", reference:"4.0.5-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"qpopper-drac", reference:"4.0.5-4sarge1")) flag++; if (deb_check(release:"3.1", prefix:"razor", reference:"2.670-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"ruby1.8", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ruby1.8-dev", reference:"1.8.2-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"spamc", reference:"3.0.3-2")) flag++; if (deb_check(release:"3.1", prefix:"stonith", reference:"1.2.3-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"sudo", reference:"1.6.8p7-1.1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"zlib-bin", reference:"1.2.2-4.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"zlib1g", reference:"1.2.2-4.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"zlib1g-dev", reference:"1.2.2-4.sarge.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120287-03.NASL description GNOME 2.6.0_x86: Gnome text editor Patch. Date this patch was last updated by Sun : Jun/04/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107862 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107862 title Solaris 10 (x86) : 120287-03 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107862); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2005-1686"); script_name(english:"Solaris 10 (x86) : 120287-03"); script_summary(english:"Check for patch 120287-03"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120287-03" ); script_set_attribute( attribute:"description", value: "GNOME 2.6.0_x86: Gnome text editor Patch. Date this patch was last updated by Sun : Jun/04/10" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120287-03" ); script_set_attribute(attribute:"solution", value:"Install patch 120287-03"); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:120287"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"120287-03", obsoleted_by:"", package:"SUNWgnome-text-editor-devel", version:"2.6.0,REV=10.0.3.2004.12.16.20.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"120287-03", obsoleted_by:"", package:"SUNWgnome-text-editor-root", version:"2.6.0,REV=10.0.3.2004.12.16.20.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"120287-03", obsoleted_by:"", package:"SUNWgnome-text-editor", version:"2.6.0,REV=10.0.3.2004.12.16.20.03") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWgnome-text-editor / SUNWgnome-text-editor-devel / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-102.NASL description A vulnerability was discovered in gEdit where it was possible for an attacker to create a file with a carefully crafted name which, when opened, executed arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 18499 published 2005-06-16 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18499 title Mandrake Linux Security Advisory : gedit (MDKSA-2005:102) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:102. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(18499); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-1686"); script_xref(name:"MDKSA", value:"2005:102"); script_name(english:"Mandrake Linux Security Advisory : gedit (MDKSA-2005:102)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in gEdit where it was possible for an attacker to create a file with a carefully crafted name which, when opened, executed arbitrary code on the victim's computer. It is highly unlikely that a user would open such a file, due to the file name, but could possibly be tricked into opening it. The updated packages have been patched to correct this problem." ); script_set_attribute( attribute:"solution", value:"Update the affected gedit and / or gedit-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gedit-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.1", reference:"gedit-2.6.2-4.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"gedit-devel-2.6.2-4.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"gedit-2.8.3-1.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"gedit-devel-2.8.3-1.1.102mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E319DA0BA22811DAB410000E0C2E438A.NASL description Yan Feng reports a format string vulnerability in gedit. This vulnerability could cause a denial of service with a binary file that contains format string characters within the filename. It had been reported that web browsers and email clients can be configured to provide a filename as an argument to gedit.: last seen 2020-06-01 modified 2020-06-02 plugin id 21524 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21524 title FreeBSD : gedit -- format string vulnerability (e319da0b-a228-11da-b410-000e0c2e438a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(21524); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2005-1686"); script_name(english:"FreeBSD : gedit -- format string vulnerability (e319da0b-a228-11da-b410-000e0c2e438a)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Yan Feng reports a format string vulnerability in gedit. This vulnerability could cause a denial of service with a binary file that contains format string characters within the filename. It had been reported that web browsers and email clients can be configured to provide a filename as an argument to gedit.:" ); # https://vuxml.freebsd.org/freebsd/e319da0b-a228-11da-b410-000e0c2e438a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0fb8506f" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gedit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/20"); script_set_attribute(attribute:"patch_publication_date", value:"2006/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"gedit<2.10.3")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE9_10253.NASL description Gedit had a format string bug in the filename handling, potentially allowing an attacker to execute arbitrary code. This bug has been fixed. (CVE-2005-1686) last seen 2020-06-01 modified 2020-06-02 plugin id 41075 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41075 title SuSE9 Security Update : gedit (YOU Patch Number 10253) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41075); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2005-1686"); script_name(english:"SuSE9 Security Update : gedit (YOU Patch Number 10253)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Gedit had a format string bug in the filename handling, potentially allowing an attacker to execute arbitrary code. This bug has been fixed. (CVE-2005-1686)" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2005-1686/" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 10253."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"gedit-2.4.1-52.4")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else exit(0, "The host is not affected.");NASL family Solaris Local Security Checks NASL id SOLARIS10_143739-01.NASL description SunOS 5.10: Gedit patch. Date this patch was last updated by Sun : May/04/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107562 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107562 title Solaris 10 (sparc) : 143739-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107562); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2005-1686"); script_name(english:"Solaris 10 (sparc) : 143739-01"); script_summary(english:"Check for patch 143739-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 143739-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: Gedit patch. Date this patch was last updated by Sun : May/04/10" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/143739-01" ); script_set_attribute(attribute:"solution", value:"Install patch 143739-01"); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:143739"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"143739-01", obsoleted_by:"", package:"SUNWgnome-text-editor", version:"2.6.0,REV=10.0.3.2004.12.16.00.20") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWgnome-text-editor"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-499.NASL description An updated gedit package that fixes a file name format string vulnerability is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop. A file name format string vulnerability has been discovered in gEdit. It is possible for an attacker to create a file with a carefully crafted name which, when the file is opened, executes arbitrary instructions on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 21832 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21832 title CentOS 3 / 4 : gedit (CESA-2005:499) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:499 and # CentOS Errata and Security Advisory 2005:499 respectively. # include("compat.inc"); if (description) { script_id(21832); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-1686"); script_bugtraq_id(13699); script_xref(name:"RHSA", value:"2005:499"); script_name(english:"CentOS 3 / 4 : gedit (CESA-2005:499)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated gedit package that fixes a file name format string vulnerability is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop. A file name format string vulnerability has been discovered in gEdit. It is possible for an attacker to create a file with a carefully crafted name which, when the file is opened, executes arbitrary instructions on a victim's machine. Although it is unlikely that a user would manually open a file with such a carefully crafted file name, a user could, for example, be tricked into opening such a file from within an email client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1686 to this issue. Users of gEdit should upgrade to this updated package, which contains a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011819.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?151d6764" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011820.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?204eba70" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011829.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e9c89240" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011830.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?16a9deea" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011837.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7a71f614" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011843.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f573724d" ); script_set_attribute( attribute:"solution", value:"Update the affected gedit packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gedit-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/20"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"gedit-2.2.2-4.rhel3")) flag++; if (rpm_check(release:"CentOS-4", reference:"gedit-2.8.1-4")) flag++; if (rpm_check(release:"CentOS-4", reference:"gedit-devel-2.8.1-4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gedit / gedit-devel"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_143740-01.NASL description SunOS 5.10_x86: Gedit patch. Date this patch was last updated by Sun : May/04/10 last seen 2020-06-01 modified 2020-06-02 plugin id 108056 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108056 title Solaris 10 (x86) : 143740-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108056); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2005-1686"); script_name(english:"Solaris 10 (x86) : 143740-01"); script_summary(english:"Check for patch 143740-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 143740-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: Gedit patch. Date this patch was last updated by Sun : May/04/10" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/143740-01" ); script_set_attribute(attribute:"solution", value:"Install patch 143740-01"); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:143740"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"143740-01", obsoleted_by:"", package:"SUNWgnome-text-editor", version:"2.6.0,REV=10.0.3.2004.12.16.20.03") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWgnome-text-editor"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-499.NASL description An updated gedit package that fixes a file name format string vulnerability is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop. A file name format string vulnerability has been discovered in gEdit. It is possible for an attacker to create a file with a carefully crafted name which, when the file is opened, executes arbitrary instructions on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 18473 published 2005-06-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18473 title RHEL 3 / 4 : gedit (RHSA-2005:499) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:499. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18473); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1686"); script_bugtraq_id(13699); script_xref(name:"RHSA", value:"2005:499"); script_name(english:"RHEL 3 / 4 : gedit (RHSA-2005:499)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated gedit package that fixes a file name format string vulnerability is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop. A file name format string vulnerability has been discovered in gEdit. It is possible for an attacker to create a file with a carefully crafted name which, when the file is opened, executes arbitrary instructions on a victim's machine. Although it is unlikely that a user would manually open a file with such a carefully crafted file name, a user could, for example, be tricked into opening such a file from within an email client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1686 to this issue. Users of gEdit should upgrade to this updated package, which contains a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1686" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:499" ); script_set_attribute( attribute:"solution", value:"Update the affected gedit and / or gedit-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gedit-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/20"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:499"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"gedit-2.2.2-4.rhel3")) flag++; if (rpm_check(release:"RHEL4", reference:"gedit-2.8.1-4")) flag++; if (rpm_check(release:"RHEL4", reference:"gedit-devel-2.8.1-4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gedit / gedit-devel"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-138-1.NASL description A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user. This becomes security relevant if e. g. your web browser is configued to open URLs in gedit. If you never open untrusted file names or URLs in gedit, this flaw does not affect you. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20530 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20530 title Ubuntu 4.10 / 5.04 : gedit vulnerability (USN-138-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200506-09.NASL description The remote host is affected by the vulnerability described in GLSA-200506-09 (gedit: Format string vulnerability) A format string vulnerability exists when opening files with names containing format specifiers. Impact : A specially crafted file with format specifiers in the filename can cause arbitrary code execution. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18466 published 2005-06-11 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18466 title GLSA-200506-09 : gedit: Format string vulnerability NASL family Debian Local Security Checks NASL id DEBIAN_DSA-753.NASL description A format string vulnerability has been discovered in gedit, a light-weight text editor for GNOME, that may allow attackers to cause a denial of service (application crash) via a binary file with format string specifiers in the filename. Since gedit supports opening files via last seen 2020-06-01 modified 2020-06-02 plugin id 18674 published 2005-07-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18674 title Debian DSA-753-1 : gedit - format string NASL family Solaris Local Security Checks NASL id SOLARIS10_120286-03.NASL description GNOME 2.6.0: Gnome text editor Patch. Date this patch was last updated by Sun : Jun/04/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107360 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107360 title Solaris 10 (sparc) : 120286-03
Oval
accepted 2007-02-20T13:39:37.408-05:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Bob Towbes organization Independent Contributor
description Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries. family unix id oval:org.mitre.oval:def:1245 status accepted submitted 2005-07-11T12:00:00.000-04:00 title gedit Format String Vulnerability version 5 accepted 2013-04-29T04:22:43.772-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries. family unix id oval:org.mitre.oval:def:9845 status accepted submitted 2010-07-09T03:56:16-04:00 title Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries. version 26
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://security.gentoo.org/glsa/glsa-200506-09.xml
- http://www.redhat.com/support/errata/RHSA-2005-499.html
- http://www.debian.org/security/2005/dsa-753
- http://www.novell.com/linux/security/advisories/2005_36_sudo.html
- http://marc.info/?l=bugtraq&m=111661117701398&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245
- https://usn.ubuntu.com/138-1/