Vulnerabilities > CVE-2012-4405 - Numeric Errors vulnerability in multiple products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

NVD

Published: 2012-09-18

Updated: 2023-11-07

Summary

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

Vulnerable Configurations

Part	Description	Count
Application	Ghostscript Ghostscript Ghostscript 9.06	1
Application	Argyllcms Argyllcms CMS -	1
Application	Color Color Icclib -	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-13839.NASL
description	This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-09-29
plugin id	62377
published	2012-09-29
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62377
title	Fedora 16 : ghostscript-9.05-2.fc16 (2012-13839)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-13839. # include("compat.inc"); if (description) { script_id(62377); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"FEDORA", value:"2012-13839"); script_name(english:"Fedora 16 : ghostscript-9.05-2.fc16 (2012-13839)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854227" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088572.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c553d20b" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ghostscript"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"ghostscript-9.05-2.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-668.NASL
description	The following security issue was fixed in ghostscript : Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
last seen	2020-06-05
modified	2014-06-13
plugin id	74770
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74770
title	openSUSE Security Update : ghostscript (openSUSE-SU-2012:1289-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-668. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74770); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4405"); script_name(english:"openSUSE Security Update : ghostscript (openSUSE-SU-2012:1289-1)"); script_summary(english:"Check for the openSUSE-2012-668 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The following security issue was fixed in ghostscript : Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779700" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-10/msg00014.html" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-fonts-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-fonts-rus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-fonts-std"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-ijs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-library"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-library-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-library-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpprint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpprint-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpprint-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-devel-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-fonts-other-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-fonts-rus-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-fonts-std-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-ijs-devel-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-library-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-library-debuginfo-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-library-debugsource-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-x11-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"ghostscript-x11-debuginfo-9.00-4.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libgimpprint-4.2.7-334.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libgimpprint-debuginfo-4.2.7-334.48.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libgimpprint-devel-4.2.7-334.48.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-151.NASL
description	A security issue was identified and fixed in ghostscript : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript
last seen	2020-06-01
modified	2020-06-02
plugin id	62445
published	2012-10-06
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62445
title	Mandriva Linux Security Advisory : ghostscript (MDVSA-2012:151-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2012:151. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(62445); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"MDVSA", value:"2012:151-1"); script_name(english:"Mandriva Linux Security Advisory : ghostscript (MDVSA-2012:151-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A security issue was identified and fixed in ghostscript : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405). The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-X"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-dvipdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-module-X"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gs9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ijs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ijs1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgs9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libijs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libijs1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2011", reference:"ghostscript-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"ghostscript-X-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"ghostscript-common-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"ghostscript-doc-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"ghostscript-dvipdf-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"ghostscript-module-X-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64gs-devel-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64gs9-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64ijs-devel-0.35-76.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64ijs1-0.35-76.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libgs-devel-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libgs9-9.02-1.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libijs-devel-0.35-76.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libijs1-0.35-76.1-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1256.NASL
description	Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript
last seen	2020-06-01
modified	2020-06-02
plugin id	62056
published	2012-09-12
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62056
title	RHEL 5 / 6 : ghostscript (RHSA-2012:1256)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1256. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(62056); script_version ("1.21"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"RHSA", value:"2012:1256"); script_name(english:"RHEL 5 / 6 : ghostscript (RHSA-2012:1256)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schonefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1256" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-4405" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-gtk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\|6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1256"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"ghostscript-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"RHEL5", reference:"ghostscript-debuginfo-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"RHEL5", reference:"ghostscript-devel-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"ghostscript-gtk-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"ghostscript-gtk-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"ghostscript-gtk-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"RHEL6", reference:"ghostscript-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", reference:"ghostscript-debuginfo-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", reference:"ghostscript-devel-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ghostscript-doc-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ghostscript-doc-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ghostscript-doc-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ghostscript-gtk-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ghostscript-gtk-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ghostscript-gtk-8.70-14.el6_3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-debuginfo / ghostscript-devel / etc"); } }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201412-17.NASL
description	The remote host is affected by the vulnerability described in GLSA-201412-17 (GPL Ghostscript: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted PostScript file or PDF using GPL Ghostscript, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	79970
published	2014-12-15
reporter	This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/79970
title	GLSA-201412-17 : GPL Ghostscript: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-17. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79970); script_version("$Revision: 1.4 $"); script_cvs_date("$Date: 2016/11/11 20:19:25 $"); script_cve_id("CVE-2009-0196", "CVE-2009-0792", "CVE-2009-3743", "CVE-2009-4270", "CVE-2009-4897", "CVE-2010-1628", "CVE-2010-2055", "CVE-2010-4054", "CVE-2012-4405"); script_bugtraq_id(34184, 34445, 37410, 40107, 40467, 41593, 42640, 43932, 55494); script_xref(name:"GLSA", value:"201412-17"); script_name(english:"GLSA-201412-17 : GPL Ghostscript: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-17 (GPL Ghostscript: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted PostScript file or PDF using GPL Ghostscript, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-17" ); script_set_attribute( attribute:"solution", value: "All GPL Ghostscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/ghostscript-gpl-9.10-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ghostscript-gpl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-text/ghostscript-gpl", unaffected:make_list("ge 9.10-r2"), vulnerable:make_list("lt 9.10-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GPL Ghostscript"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2595.NASL
description	Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.
last seen	2020-03-17
modified	2012-12-31
plugin id	63358
published	2012-12-31
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63358
title	Debian DSA-2595-1 : ghostscript - integer overflow
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2595. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(63358); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"DSA", value:"2595"); script_name(english:"Debian DSA-2595-1 : ghostscript - integer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/ghostscript" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2595" ); script_set_attribute( attribute:"solution", value: "Upgrade the ghostscript packages. For the stable distribution (squeeze), this problem has been fixed in version 8.71~dfsg2-9+squeeze1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"ghostscript", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"ghostscript-cups", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"ghostscript-doc", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"ghostscript-x", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"gs-common", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"gs-esp", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"gs-gpl", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"libgs-dev", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"libgs8", reference:"8.71~dfsg2-9+squeeze1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-13846.NASL
description	This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-09-29
plugin id	62378
published	2012-09-29
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62378
title	Fedora 17 : ghostscript-9.05-4.fc17 (2012-13846)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-13846. # include("compat.inc"); if (description) { script_id(62378); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"FEDORA", value:"2012-13846"); script_name(english:"Fedora 17 : ghostscript-9.05-4.fc17 (2012-13846)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854227" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088564.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b3f2252" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ghostscript"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"ghostscript-9.05-4.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-1256.NASL
description	Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript
last seen	2020-06-01
modified	2020-06-02
plugin id	62048
published	2012-09-12
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62048
title	CentOS 5 / 6 : ghostscript (CESA-2012:1256)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1256 and # CentOS Errata and Security Advisory 2012:1256 respectively. # include("compat.inc"); if (description) { script_id(62048); script_version("1.14"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"RHSA", value:"2012:1256"); script_name(english:"CentOS 5 / 6 : ghostscript (CESA-2012:1256)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schonefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2012-September/018862.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a3b3a5fe" ); # https://lists.centos.org/pipermail/centos-announce/2012-September/018864.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f6816cc4" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4405"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-gtk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\|6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"ghostscript-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"ghostscript-devel-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"ghostscript-gtk-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"ghostscript-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"ghostscript-devel-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"ghostscript-doc-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"ghostscript-gtk-8.70-14.el6_3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-devel / ghostscript-doc / ghostscript-gtk"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_GHOSTSCRIPT-FONTS-OTHER-8290.NASL
description	This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue.
last seen	2020-06-05
modified	2012-09-20
plugin id	62210
published	2012-09-20
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62210
title	SuSE 10 Security Update : ghostscript (ZYPP Patch Number 8290)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(62210); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4405"); script_name(english:"SuSE 10 Security Update : ghostscript (ZYPP Patch Number 8290)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4405.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8290."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"ghostscript-fonts-other-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"ghostscript-fonts-std-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"ghostscript-library-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"ghostscript-x11-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"libgimpprint-4.2.7-62.28.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"ghostscript-fonts-other-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"ghostscript-fonts-rus-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"ghostscript-fonts-std-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"ghostscript-library-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"ghostscript-omni-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"ghostscript-x11-8.15.4-16.28.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"libgimpprint-4.2.7-62.28.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"libgimpprint-devel-4.2.7-62.28.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1581-1.NASL
description	Marc Schonefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	62290
published	2012-09-25
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62290
title	Ubuntu 8.04 LTS / 10.04 LTS : ghostscript vulnerability (USN-1581-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1581-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(62290); script_version("1.9"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"USN", value:"1581-1"); script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS : ghostscript vulnerability (USN-1581-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Marc Schonefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1581-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libgs8 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgs8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04\|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"libgs8", pkgver:"8.61.dfsg.1-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libgs8", pkgver:"8.71.dfsg.1-0ubuntu5.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgs8"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_GHOSTSCRIPT-DEVEL-120912.NASL
description	This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue.
last seen	2020-06-05
modified	2013-01-25
plugin id	64146
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64146
title	SuSE 11.2 Security Update : ghostscript (SAT Patch Number 6813)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64146); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4405"); script_name(english:"SuSE 11.2 Security Update : ghostscript (SAT Patch Number 6813)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779700" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4405.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6813."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ghostscript-fonts-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ghostscript-fonts-rus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ghostscript-fonts-std"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ghostscript-library"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ghostscript-omni"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ghostscript-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libgimpprint"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"ghostscript-fonts-other-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"ghostscript-fonts-rus-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"ghostscript-fonts-std-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"ghostscript-library-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"ghostscript-omni-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"ghostscript-x11-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libgimpprint-4.2.7-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"ghostscript-fonts-other-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"ghostscript-fonts-rus-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"ghostscript-fonts-std-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"ghostscript-library-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"ghostscript-omni-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"ghostscript-x11-8.62-32.34.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libgimpprint-4.2.7-32.34.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ghostscript-fonts-other-8.62-32.34.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ghostscript-fonts-rus-8.62-32.34.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ghostscript-fonts-std-8.62-32.34.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ghostscript-library-8.62-32.34.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ghostscript-omni-8.62-32.34.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ghostscript-x11-8.62-32.34.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libgimpprint-4.2.7-32.34.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-1256.NASL
description	From Red Hat Security Advisory 2012:1256 : Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript
last seen	2020-06-01
modified	2020-06-02
plugin id	68616
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68616
title	Oracle Linux 5 / 6 : ghostscript (ELSA-2012-1256)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1256 and # Oracle Linux Security Advisory ELSA-2012-1256 respectively. # include("compat.inc"); if (description) { script_id(68616); script_version("1.9"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"RHSA", value:"2012:1256"); script_name(english:"Oracle Linux 5 / 6 : ghostscript (ELSA-2012-1256)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:1256 : Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schonefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-September/003017.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-September/003019.html" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript-gtk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\|6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"ghostscript-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"ghostscript-devel-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"ghostscript-gtk-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"EL6", reference:"ghostscript-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"EL6", reference:"ghostscript-devel-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"EL6", reference:"ghostscript-doc-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"EL6", reference:"ghostscript-gtk-8.70-14.el6_3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-devel / ghostscript-doc / ghostscript-gtk"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2012-127.NASL
description	An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript
last seen	2020-06-01
modified	2020-06-02
plugin id	69617
published	2013-09-04
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69617
title	Amazon Linux AMI : ghostscript (ALAS-2012-127)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2012-127. # include("compat.inc"); if (description) { script_id(69617); script_version("1.6"); script_cvs_date("Date: 2018/04/18 15:09:34"); script_cve_id("CVE-2012-4405"); script_xref(name:"ALAS", value:"2012-127"); script_xref(name:"RHSA", value:"2012:1256"); script_name(english:"Amazon Linux AMI : ghostscript (ALAS-2012-127)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2012-127.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update ghostscript' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ghostscript-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ghostscript-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"ghostscript-8.70-15.22.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ghostscript-debuginfo-8.70-15.22.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ghostscript-devel-8.70-15.22.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ghostscript-doc-8.70-15.22.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-debuginfo / ghostscript-devel / etc"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-090.NASL
description	A security issue was identified and fixed in argyllcms : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript
last seen	2020-06-01
modified	2020-06-02
plugin id	66102
published	2013-04-20
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66102
title	Mandriva Linux Security Advisory : argyllcms (MDVSA-2013:090)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:090. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66102); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"MDVSA", value:"2013:090"); script_xref(name:"MGASA", value:"2012-0301"); script_name(english:"Mandriva Linux Security Advisory : argyllcms (MDVSA-2013:090)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A security issue was identified and fixed in argyllcms : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405). The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected argyllcms package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:argyllcms"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"argyllcms-1.4.0-2.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-669.NASL
description	The following security issue was fixed in ghostscript : Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
last seen	2020-06-05
modified	2014-06-13
plugin id	74771
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74771
title	openSUSE Security Update : ghostscript-library (openSUSE-SU-2012:1290-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-669. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74771); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4405"); script_name(english:"openSUSE Security Update : ghostscript-library (openSUSE-SU-2012:1290-1)"); script_summary(english:"Check for the openSUSE-2012-669 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The following security issue was fixed in ghostscript : Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779700" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript-library packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-fonts-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-fonts-rus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-fonts-std"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-ijs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-library"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-library-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-library-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpprint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpprint-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpprint-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-devel-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-fonts-other-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-fonts-rus-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-fonts-std-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-ijs-devel-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-library-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-library-debuginfo-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-library-debugsource-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-mini-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-mini-debuginfo-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-mini-debugsource-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-x11-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"ghostscript-x11-debuginfo-9.00-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libgimpprint-4.2.7-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libgimpprint-debuginfo-4.2.7-13.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libgimpprint-devel-4.2.7-13.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript-library"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-089.NASL
description	A security issue was identified and fixed in icclib : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript
last seen	2020-06-01
modified	2020-06-02
plugin id	66101
published	2013-04-20
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66101
title	Mandriva Linux Security Advisory : icclib (MDVSA-2013:089)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:089. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66101); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"MDVSA", value:"2013:089"); script_xref(name:"MGASA", value:"2012-0301"); script_name(english:"Mandriva Linux Security Advisory : icclib (MDVSA-2013:089)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A security issue was identified and fixed in icclib : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405). The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"solution", value: "Update the affected icclib, lib64icc-devel and / or lib64icc2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:icclib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64icc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64icc2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"icclib-2.13-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64icc-devel-2.13-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64icc2-2.13-2.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201402-29.NASL
description	The remote host is affected by the vulnerability described in GLSA-201402-29 (ArgyllCMS: User-assisted execution of arbitrary code) Multiple integer overflow vulnerabilities have been discovered in the ICC Format Library in ArgyllCMS. Impact : A remote attacker could entice a user to open a specially crafted image file using ArgyllCMS, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	72756
published	2014-03-02
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/72756
title	GLSA-201402-29 : ArgyllCMS: User-assisted execution of arbitrary code
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201402-29. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(72756); script_version("1.5"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-4405"); script_bugtraq_id(55494); script_xref(name:"GLSA", value:"201402-29"); script_name(english:"GLSA-201402-29 : ArgyllCMS: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201402-29 (ArgyllCMS: User-assisted execution of arbitrary code) Multiple integer overflow vulnerabilities have been discovered in the ICC Format Library in ArgyllCMS. Impact : A remote attacker could entice a user to open a specially crafted image file using ArgyllCMS, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201402-29" ); script_set_attribute( attribute:"solution", value: "All ArgyllCMS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/argyllcms-1.4.0-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:argyllcms"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-gfx/argyllcms", unaffected:make_list("ge 1.4.0-r1"), vulnerable:make_list("lt 1.4.0-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ArgyllCMS"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20120911_GHOSTSCRIPT_ON_SL5_X.NASL
description	Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript
last seen	2020-03-18
modified	2012-09-12
plugin id	62057
published	2012-09-12
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62057
title	Scientific Linux Security Update : ghostscript on SL5.x, SL6.x i386/x86_64 (20120911)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(62057); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4405"); script_name(english:"Scientific Linux Security Update : ghostscript on SL5.x, SL6.x i386/x86_64 (20120911)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1209&L=scientific-linux-errata&T=0&P=1237 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?97eaf61f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript-gtk"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"ghostscript-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"SL5", reference:"ghostscript-devel-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"SL5", reference:"ghostscript-gtk-8.70-14.el5_8.1")) flag++; if (rpm_check(release:"SL6", reference:"ghostscript-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"SL6", reference:"ghostscript-devel-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"SL6", reference:"ghostscript-doc-8.70-14.el6_3.1")) flag++; if (rpm_check(release:"SL6", reference:"ghostscript-gtk-8.70-14.el6_3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-devel / ghostscript-doc / ghostscript-gtk"); }

Redhat

advisories

bugzilla

id	854227
title	CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment ghostscript-devel is earlier than 0:8.70-14.el5_8.1
oval oval:com.redhat.rhsa:tst:20121256001
comment ghostscript-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080155013

AND

comment ghostscript-gtk is earlier than 0:8.70-14.el5_8.1
oval oval:com.redhat.rhsa:tst:20121256003
comment ghostscript-gtk is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080155011

AND
comment ghostscript is earlier than 0:8.70-14.el5_8.1
oval oval:com.redhat.rhsa:tst:20121256005
comment ghostscript is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080155009

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment ghostscript-doc is earlier than 0:8.70-14.el6_3.1
oval oval:com.redhat.rhsa:tst:20121256008
comment ghostscript-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095011

AND

comment ghostscript-devel is earlier than 0:8.70-14.el6_3.1
oval oval:com.redhat.rhsa:tst:20121256010
comment ghostscript-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095015

AND

comment ghostscript-gtk is earlier than 0:8.70-14.el6_3.1
oval oval:com.redhat.rhsa:tst:20121256012
comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095013

AND
comment ghostscript is earlier than 0:8.70-14.el6_3.1
oval oval:com.redhat.rhsa:tst:20121256014
comment ghostscript is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095009

rhsa

id	RHSA-2012:1256
released	2012-09-11
severity	Moderate
title	RHSA-2012:1256: ghostscript security update (Moderate)

rpms

ghostscript-0:8.70-14.el5_8.1
ghostscript-0:8.70-14.el6_3.1
ghostscript-debuginfo-0:8.70-14.el5_8.1
ghostscript-debuginfo-0:8.70-14.el6_3.1
ghostscript-devel-0:8.70-14.el5_8.1
ghostscript-devel-0:8.70-14.el6_3.1
ghostscript-doc-0:8.70-14.el6_3.1
ghostscript-gtk-0:8.70-14.el5_8.1
ghostscript-gtk-0:8.70-14.el6_3.1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References