Vulnerabilities > CVE-2008-5843 - Unspecified vulnerability in Pdfjam NIL
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN pdfjam
nessus
Summary
Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a Trojan horse program in (1) the current working directory or (2) /var/tmp, related to the (a) pdf90, (b) pdfjoin, and (c) pdfnup scripts.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-2655.NASL description PDFjam scripts previously create temporary files with predictable names, and are also susceptible to the search path being modified. This update fixes the two issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35927 published 2009-03-16 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35927 title Fedora 9 : pdfjam-1.21-1.fc9 (2009-2655) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200903-05.NASL description The remote host is affected by the vulnerability described in GLSA-200903-05 (PDFjam: Multiple vulnerabilities) Martin Vaeth reported multiple untrusted search path vulnerabilities (CVE-2008-5843). Marcus Meissner of the SUSE Security Team reported that temporary files are created with a predictable name (CVE-2008-5743). Impact : A local attacker could place a specially crafted Python module in the current working directory or the /var/tmp directory, and entice a user to run the PDFjam scripts, leading to the execution of arbitrary code with the privileges of the user running the application. A local attacker could also leverage symlink attacks to overwrite arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 35795 published 2009-03-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35795 title GLSA-200903-05 : PDFjam: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2009-2651.NASL description PDFjam scripts previously create temporary files with predictable names, and are also susceptible to the search path being modified. This update fixes the two issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36287 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36287 title Fedora 10 : pdfjam-1.21-1.fc10 (2009-2651)
References
- http://openwall.com/lists/oss-security/2008/12/28/3
- http://openwall.com/lists/oss-security/2008/12/28/3
- http://secunia.com/advisories/34312
- http://secunia.com/advisories/34312
- https://bugs.gentoo.org/show_bug.cgi?id=252734
- https://bugs.gentoo.org/show_bug.cgi?id=252734
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00484.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00484.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00488.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00488.html