Vulnerabilities > CVE-2017-1000083
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
Vulnerable Configurations
Exploit-Db
file exploits/linux/local/46341.rb id EDB-ID:46341 last seen 2019-02-11 modified 2019-02-11 platform linux port published 2019-02-11 reporter Exploit-DB source https://www.exploit-db.com/download/46341 title Evince - CBT File Command Injection (Metasploit) type local file exploits/linux/dos/45824.txt id EDB-ID:45824 last seen 2018-11-30 modified 2018-11-13 platform linux port published 2018-11-13 reporter Exploit-DB source https://www.exploit-db.com/download/45824 title Evince 3.24.0 - Command Injection type dos
Metasploit
description | This module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload (<256 bytes). Reverse Bash and Reverse Netcat payloads should be sufficiently small. This module has been tested successfully on evince versions: 3.4.0-3.1 + nautilus 3.4.2-1+build1 on Kali 1.0.6; 3.18.2-1ubuntu4.3 + atril 1.12.2-1ubuntu0.3 on Ubuntu 16.04. |
id | MSF:EXPLOIT/MULTI/FILEFORMAT/EVINCE_CBT_CMD_INJECTION |
last seen | 2020-06-10 |
modified | 2019-02-03 |
published | 2019-02-03 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb |
title | Evince CBT File Command Injection |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2388.NASL description An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es) : * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 102118 published 2017-08-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102118 title RHEL 7 : evince (RHSA-2017:2388) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:2388. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(102118); script_version("3.16"); script_cvs_date("Date: 2019/10/24 15:35:43"); script_cve_id("CVE-2017-1000083"); script_xref(name:"RHSA", value:"2017:2388"); script_name(english:"RHEL 7 : evince (RHSA-2017:2388)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es) : * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:2388" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-1000083" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-dvi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-nautilus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:2388"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-browser-plugin-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-browser-plugin-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", reference:"evince-debuginfo-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", reference:"evince-devel-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-dvi-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-dvi-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", reference:"evince-libs-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-nautilus-3.22.1-5.2.el7_4")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-nautilus-3.22.1-5.2.el7_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc"); } }
NASL family Fedora Local Security Checks NASL id FEDORA_2017-CDEAD07E99.NASL description - CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-18 plugin id 101780 published 2017-07-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101780 title Fedora 25 : evince (2017-cdead07e99) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-cdead07e99. # include("compat.inc"); if (description) { script_id(101780); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000083"); script_xref(name:"FEDORA", value:"2017-cdead07e99"); script_name(english:"Fedora 25 : evince (2017-cdead07e99)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdead07e99" ); script_set_attribute( attribute:"solution", value:"Update the affected evince package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:evince"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"evince-3.22.1-5.fc25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2017-06C1422DB8.NASL description - CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-08-11 plugin id 102375 published 2017-08-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102375 title Fedora 24 : evince (2017-06c1422db8) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-06c1422db8. # include("compat.inc"); if (description) { script_id(102375); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000083"); script_xref(name:"FEDORA", value:"2017-06c1422db8"); script_name(english:"Fedora 24 : evince (2017-06c1422db8)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-06c1422db8" ); script_set_attribute( attribute:"solution", value:"Update the affected evince package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:evince"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"evince-3.20.1-3.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-3428-1.NASL description This update for evince fixes the following issues: Security issue fixed : - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend (bsc#1046856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 105463 published 2017-12-26 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105463 title SUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2017:3428-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:3428-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(105463); script_version("3.8"); script_cvs_date("Date: 2019/09/11 11:22:17"); script_cve_id("CVE-2017-1000083"); script_name(english:"SUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2017:3428-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for evince fixes the following issues: Security issue fixed : - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend (bsc#1046856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1046856" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1000083/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20173428-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b69fe517" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2017-2146=1 SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch SUSE-SLE-WE-12-SP2-2017-2146=1 SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-2146=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-2146=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-2146=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-2146=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-2146=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-2146=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-2146=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-browser-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-browser-plugin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-djvudocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-djvudocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-dvidocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-dvidocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-pdfdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-pdfdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-psdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-psdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-tiffdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-tiffdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-xpsdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-xpsdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libevdocument3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libevdocument3-4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libevview3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libevview3-3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nautilus-evince"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nautilus-evince-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-EvinceDocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-EvinceView"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-browser-plugin-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-browser-plugin-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-debugsource-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-djvudocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-djvudocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-dvidocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-dvidocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-pdfdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-pdfdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-psdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-psdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-tiffdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-tiffdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-xpsdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-xpsdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libevdocument3-4-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libevdocument3-4-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libevview3-3-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libevview3-3-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"nautilus-evince-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"nautilus-evince-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-browser-plugin-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-browser-plugin-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-debugsource-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-djvudocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-djvudocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-dvidocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-dvidocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-pdfdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-pdfdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-psdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-psdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-tiffdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-tiffdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-xpsdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-xpsdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libevdocument3-4-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libevdocument3-4-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libevview3-3-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libevview3-3-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"nautilus-evince-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"nautilus-evince-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-browser-plugin-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-browser-plugin-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-debugsource-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-djvudocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-djvudocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-dvidocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-dvidocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-pdfdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-pdfdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-psdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-psdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-tiffdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-tiffdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-xpsdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-xpsdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libevdocument3-4-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libevdocument3-4-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libevview3-3-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libevview3-3-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"nautilus-evince-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"nautilus-evince-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"typelib-1_0-EvinceDocument-3_0-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"typelib-1_0-EvinceView-3_0-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-browser-plugin-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-browser-plugin-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-debugsource-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-djvudocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-djvudocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-dvidocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-dvidocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-pdfdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-pdfdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-psdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-psdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-tiffdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-tiffdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-xpsdocument-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-xpsdocument-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libevdocument3-4-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libevdocument3-4-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libevview3-3-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libevview3-3-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"nautilus-evince-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"nautilus-evince-debuginfo-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"typelib-1_0-EvinceDocument-3_0-3.20.2-6.19.15")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"typelib-1_0-EvinceView-3_0-3.20.2-6.19.15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3351-1.NASL description Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book (cbt) files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in Evince. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101545 published 2017-07-14 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101545 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : evince vulnerability (USN-3351-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3351-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(101545); script_version("3.11"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2017-1000083"); script_xref(name:"USN", value:"3351-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : evince vulnerability (USN-3351-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book (cbt) files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in Evince. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3351-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected evince and / or evince-common packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evince"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evince-common"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|16\.10|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10 / 17.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"evince", pkgver:"3.10.3-0ubuntu10.3")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"evince-common", pkgver:"3.10.3-0ubuntu10.3")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"evince", pkgver:"3.18.2-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"evince-common", pkgver:"3.18.2-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"evince", pkgver:"3.22.0-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"evince-common", pkgver:"3.22.0-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"evince", pkgver:"3.24.0-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"evince-common", pkgver:"3.24.0-0ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-common"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-834.NASL description This update for evince fixes the following issues : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-07-26 plugin id 101968 published 2017-07-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101968 title openSUSE Security Update : evince (openSUSE-2017-834) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-834. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(101968); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000083"); script_name(english:"openSUSE Security Update : evince (openSUSE-2017-834)"); script_summary(english:"Check for the openSUSE-2017-834 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for evince fixes the following issues : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046856" ); script_set_attribute( attribute:"solution", value:"Update the affected evince packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-browser-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-browser-plugin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-comicsdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-comicsdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-djvudocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-djvudocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-dvidocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-dvidocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-pdfdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-pdfdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-psdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-psdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-tiffdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-tiffdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-xpsdocument"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-xpsdocument-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libevdocument3-4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libevdocument3-4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libevview3-3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libevview3-3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nautilus-evince"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nautilus-evince-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-EvinceDocument-3_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-EvinceView-3_0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"evince-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-browser-plugin-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-browser-plugin-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-debugsource-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-devel-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-lang-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-comicsdocument-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-comicsdocument-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-djvudocument-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-djvudocument-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-dvidocument-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-dvidocument-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-pdfdocument-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-pdfdocument-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-psdocument-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-psdocument-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-tiffdocument-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-tiffdocument-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-xpsdocument-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-xpsdocument-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libevdocument3-4-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libevdocument3-4-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libevview3-3-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libevview3-3-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"nautilus-evince-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"nautilus-evince-debuginfo-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"typelib-1_0-EvinceDocument-3_0-3.20.1-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"typelib-1_0-EvinceView-3_0-3.20.1-2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-browser-plugin / evince-browser-plugin-debuginfo / etc"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2388.NASL description An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es) : * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 102761 published 2017-08-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102761 title CentOS 7 : evince (CESA-2017:2388) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3916.NASL description It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. last seen 2020-06-01 modified 2020-06-02 plugin id 101910 published 2017-07-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101910 title Debian DSA-3916-1 : atril - security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_01A197CA67F111E7A26628924A333806.NASL description GNOME reports : The comic book backend in evince 3.24.0 (and earlier) is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened. The same vulnerability affects atril, the Evince fork. last seen 2020-06-01 modified 2020-06-02 plugin id 102687 published 2017-08-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102687 title FreeBSD : evince and atril -- command injection vulnerability in CBT handler (01a197ca-67f1-11e7-a266-28924a333806) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1893-1.NASL description This update for evince fixes the following issues : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101807 published 2017-07-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101807 title SUSE SLED12 Security Update : evince (SUSE-SU-2017:1893-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1894-1.NASL description This update for evince fixes the following issues : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101808 published 2017-07-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101808 title SUSE SLES12 Security Update : evince (SUSE-SU-2017:1894-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1031.NASL description from the Google Security Team discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. For Debian 7 last seen 2020-03-17 modified 2017-07-19 plugin id 101792 published 2017-07-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101792 title Debian DLA-1031-1 : evince security update NASL family Fedora Local Security Checks NASL id FEDORA_2017-0F75EE2F38.NASL description - CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101575 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101575 title Fedora 26 : evince (2017-0f75ee2f38) NASL family Scientific Linux Local Security Checks NASL id SL_20170802_EVINCE_ON_SL7_X.NASL description Security Fix(es) : - It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince- thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) last seen 2020-03-18 modified 2017-08-22 plugin id 102660 published 2017-08-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102660 title Scientific Linux Security Update : evince on SL7.x x86_64 (20170802) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1221.NASL description According to the version of the evince packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-09-11 plugin id 103079 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103079 title EulerOS 2.0 SP1 : evince (EulerOS-SA-2017-1221) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3911.NASL description Felix Wilhelm discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. last seen 2020-06-01 modified 2020-06-02 plugin id 101556 published 2017-07-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101556 title Debian DSA-3911-1 : evince - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2390-1.NASL description This update for evince fixes the following issue : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code (bsc#1046856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103111 published 2017-09-11 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103111 title SUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2017:2390-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1417.NASL description This update for evince fixes the following issues : Security issue fixed : - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend (bsc#1046856). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-12-26 plugin id 105456 published 2017-12-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105456 title openSUSE Security Update : evince (openSUSE-2017-1417) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2388.NASL description From Red Hat Security Advisory 2017:2388 : An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es) : * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 102343 published 2017-08-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102343 title Oracle Linux 7 : evince (ELSA-2017-2388) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1222.NASL description According to the version of the evince packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-09-11 plugin id 103080 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103080 title EulerOS 2.0 SP2 : evince (EulerOS-SA-2017-1222)
Packetstorm
data source https://packetstormsecurity.com/files/download/151572/evince_cbt_cmd_injection.rb.txt id PACKETSTORM:151572 last seen 2019-02-08 published 2019-02-07 reporter FX source https://packetstormsecurity.com/files/151572/Evince-CBT-File-Command-Injection.html title Evince CBT File Command Injection data source https://packetstormsecurity.com/files/download/150305/evince3240-exec.txt id PACKETSTORM:150305 last seen 2018-11-14 published 2018-11-13 reporter Matlink source https://packetstormsecurity.com/files/150305/Evince-3.24.0-Command-Injection.html title Evince 3.24.0 Command Injection
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://seclists.org/oss-sec/2017/q3/128
- http://seclists.org/oss-sec/2017/q3/128
- http://www.debian.org/security/2017/dsa-3911
- http://www.debian.org/security/2017/dsa-3911
- http://www.securityfocus.com/bid/99597
- http://www.securityfocus.com/bid/99597
- https://access.redhat.com/errata/RHSA-2017:2388
- https://access.redhat.com/errata/RHSA-2017:2388
- https://bugzilla.gnome.org/show_bug.cgi?id=784630
- https://bugzilla.gnome.org/show_bug.cgi?id=784630
- https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee
- https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee
- https://www.exploit-db.com/exploits/45824/
- https://www.exploit-db.com/exploits/45824/
- https://www.exploit-db.com/exploits/46341/
- https://www.exploit-db.com/exploits/46341/