Vulnerabilities > CVE-2012-2142 - Security vulnerability in Poppler and xpdf
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
Vulnerable Configurations
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-233-02.NASL description New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 69432 published 2013-08-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69432 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : xpdf (SSA:2013-233-02) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2013-233-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(69432); script_version("1.2"); script_cvs_date("Date: 2020/01/16"); script_cve_id("CVE-2012-2142"); script_xref(name:"SSA", value:"2013-233-02"); script_name(english:"Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : xpdf (SSA:2013-233-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.496284 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aaf817e0" ); script_set_attribute(attribute:"solution", value:"Update the affected xpdf package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:xpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"12.1", pkgname:"xpdf", pkgver:"3.03", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"xpdf", pkgver:"3.03", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"xpdf", pkgver:"3.03", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"xpdf", pkgver:"3.03", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"xpdf", pkgver:"3.03", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"xpdf", pkgver:"3.03", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"xpdf", pkgver:"3.03", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"xpdf", pkgver:"3.03", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"14.0", pkgname:"xpdf", pkgver:"3.03", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"xpdf", pkgver:"3.03", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"current", pkgname:"xpdf", pkgver:"3.03", pkgarch:"i486", pkgnum:"3")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"xpdf", pkgver:"3.03", pkgarch:"x86_64", pkgnum:"3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-03.NASL description The remote host is affected by the vulnerability described in GLSA-201310-03 (Poppler: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70309 published 2013-10-07 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70309 title GLSA-201310-03 : Poppler: Multiple vulnerabilities NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-233-03.NASL description New poppler packages are available for Slackware 14.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 69433 published 2013-08-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69433 title Slackware 14.0 / current : poppler (SSA:2013-233-03) NASL family Fedora Local Security Checks NASL id FEDORA_2013-17398.NASL description Fix icon issue in desktop file. Resolve CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error messages Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-10-01 plugin id 70238 published 2013-10-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70238 title Fedora 20 : xpdf-3.03-8.fc20 (2013-17398) NASL family Fedora Local Security Checks NASL id FEDORA_2013-17375.NASL description Fix icon issue in desktop file. Resolve CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error messages Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-10-01 plugin id 70236 published 2013-10-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70236 title Fedora 18 : xpdf-3.03-8.fc18 (2013-17375) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-662.NASL description poppler was updated to fix a security problem. PDF files could emit messages with terminal escape sequences which could be used to inject shell code if the user ran a PDF viewer from a terminal shell (CVE-2012-2142). Also a bug was fixed to avoid division by zero when using origpagesizes option (bnc#795582) last seen 2020-06-05 modified 2014-06-13 plugin id 75126 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75126 title openSUSE Security Update : poppler (openSUSE-SU-2013:1371-1) NASL family Misc. NASL id CITRIX_NETSCALER_ADC_MULTIPLE.NASL description The remote Citrix NetScaler version is affected by multiple vulnerabilities : - A denial of service vulnerability in the VM Virtual Machine Daemon. Please note that this particular vulnerability does not apply to Citrix NetScaler 10.1. (CVE-2013-6938) - A denial of service vulnerability in the Application Delivery Controller RADIUS authentication. (CVE-2013-6939) - An authenticated denial of service in the SNMP daemon. (CVE-2012-2142) - An unspecified authentication disclosure in the Application Delivery Controller. (CVE-2013-6940) - An unspecified shell breakout in the Application Delivery Controller firmware. (CVE-2013-6941) - An unspecified LDAP username injection vulnerability in the Application Delivery Controller. (CVE-2013-6943) - A cross-site scripting vulnerability in the AAA TM vServer user interface. (CVE-2013-6944) last seen 2020-06-01 modified 2020-06-02 plugin id 73205 published 2014-03-26 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73205 title Citrix NetScaler Application Delivery Controller Multiple Vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS11_XPDF_20141120.NASL description The remote Solaris system is missing necessary patches to address security updates. last seen 2020-06-01 modified 2020-06-02 plugin id 80824 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80824 title Oracle Solaris Third-Party Patch Update : xpdf (cve_2012_2142_arbitrary_code) NASL family Fedora Local Security Checks NASL id FEDORA_2013-17397.NASL description Fix icon issue in desktop file. Resolve CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error messages Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-10-01 plugin id 70237 published 2013-10-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70237 title Fedora 19 : xpdf-3.03-8.fc19 (2013-17397) NASL family Fedora Local Security Checks NASL id FEDORA_2013-15013.NASL description This update fixes a problem with escaping of error messages (CVE-2012-2142). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-09-04 plugin id 69772 published 2013-09-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69772 title Fedora 18 : poppler-0.20.2-16.fc18 (2013-15013)
References
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
- http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4db2878f33bdeb80d8d90f
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html
- http://www.openwall.com/lists/oss-security/2013/08/09/5
- http://www.openwall.com/lists/oss-security/2013/08/09/6
- https://bugzilla.redhat.com/show_bug.cgi?id=789936