Vulnerabilities > CVE-2017-1000083

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
gnome
debian
redhat
nessus
exploit available
metasploit

Summary

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

Vulnerable Configurations

Part Description Count
Application
Gnome
181
OS
Debian
2
OS
Redhat
13

Exploit-Db

  • fileexploits/linux/local/46341.rb
    idEDB-ID:46341
    last seen2019-02-11
    modified2019-02-11
    platformlinux
    port
    published2019-02-11
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46341
    titleEvince - CBT File Command Injection (Metasploit)
    typelocal
  • fileexploits/linux/dos/45824.txt
    idEDB-ID:45824
    last seen2018-11-30
    modified2018-11-13
    platformlinux
    port
    published2018-11-13
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45824
    titleEvince 3.24.0 - Command Injection
    typedos

Metasploit

descriptionThis module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload (<256 bytes). Reverse Bash and Reverse Netcat payloads should be sufficiently small. This module has been tested successfully on evince versions: 3.4.0-3.1 + nautilus 3.4.2-1+build1 on Kali 1.0.6; 3.18.2-1ubuntu4.3 + atril 1.12.2-1ubuntu0.3 on Ubuntu 16.04.
idMSF:EXPLOIT/MULTI/FILEFORMAT/EVINCE_CBT_CMD_INJECTION
last seen2020-06-10
modified2019-02-03
published2019-02-03
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb
titleEvince CBT File Command Injection

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2388.NASL
    descriptionAn update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es) : * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id102118
    published2017-08-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102118
    titleRHEL 7 : evince (RHSA-2017:2388)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:2388. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102118);
      script_version("3.16");
      script_cvs_date("Date: 2019/10/24 15:35:43");
    
      script_cve_id("CVE-2017-1000083");
      script_xref(name:"RHSA", value:"2017:2388");
    
      script_name(english:"RHEL 7 : evince (RHSA-2017:2388)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for evince is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The evince packages provide a simple multi-page document viewer for
    Portable Document Format (PDF), PostScript (PS), Encapsulated
    PostScript (EPS) files, and, with additional back-ends, also the
    Device Independent File format (DVI) files.
    
    Security Fix(es) :
    
    * It was found that evince did not properly sanitize the command line
    which is run to untar Comic Book Tar (CBT) files, thereby allowing
    command injection. A specially crafted CBT file, when opened by evince
    or evince-thumbnailer, could execute arbitrary commands in the context
    of the evince program. (CVE-2017-1000083)
    
    Red Hat would like to thank Felix Wilhelm (Google Security Team) for
    reporting this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:2388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-1000083"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-dvi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-nautilus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:2388";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-browser-plugin-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-browser-plugin-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"evince-debuginfo-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"evince-devel-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-dvi-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-dvi-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"evince-libs-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-nautilus-3.22.1-5.2.el7_4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-nautilus-3.22.1-5.2.el7_4")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-CDEAD07E99.NASL
    description - CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-18
    plugin id101780
    published2017-07-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101780
    titleFedora 25 : evince (2017-cdead07e99)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-cdead07e99.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101780);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000083");
      script_xref(name:"FEDORA", value:"2017-cdead07e99");
    
      script_name(english:"Fedora 25 : evince (2017-cdead07e99)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - CVE-2017-1000083: Evince command injection vulnerability
        in CBT handler (#1468488)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdead07e99"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected evince package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:evince");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"evince-3.22.1-5.fc25")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-06C1422DB8.NASL
    description - CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-08-11
    plugin id102375
    published2017-08-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102375
    titleFedora 24 : evince (2017-06c1422db8)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-06c1422db8.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102375);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000083");
      script_xref(name:"FEDORA", value:"2017-06c1422db8");
    
      script_name(english:"Fedora 24 : evince (2017-06c1422db8)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - CVE-2017-1000083: Evince command injection vulnerability
        in CBT handler (#1468488)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-06c1422db8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected evince package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:evince");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"evince-3.20.1-3.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3428-1.NASL
    descriptionThis update for evince fixes the following issues: Security issue fixed : - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend (bsc#1046856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105463
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105463
    titleSUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2017:3428-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:3428-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105463);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/11 11:22:17");
    
      script_cve_id("CVE-2017-1000083");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2017:3428-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for evince fixes the following issues: Security issue
    fixed :
    
      - CVE-2017-1000083: Remove support for tar and tar-like
        commands in comics backend (bsc#1046856).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046856"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000083/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20173428-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b69fe517"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2017-2146=1
    
    SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
    SUSE-SLE-WE-12-SP2-2017-2146=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2017-2146=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2017-2146=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2017-2146=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2017-2146=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2017-2146=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2017-2146=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2017-2146=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-browser-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-browser-plugin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-djvudocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-djvudocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-dvidocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-dvidocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-pdfdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-pdfdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-psdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-psdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-tiffdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-tiffdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-xpsdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:evince-plugin-xpsdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libevdocument3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libevdocument3-4-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libevview3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libevview3-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nautilus-evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nautilus-evince-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-EvinceDocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-EvinceView");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-browser-plugin-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-browser-plugin-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-debugsource-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-djvudocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-djvudocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-dvidocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-dvidocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-pdfdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-pdfdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-psdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-psdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-tiffdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-tiffdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-xpsdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"evince-plugin-xpsdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libevdocument3-4-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libevdocument3-4-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libevview3-3-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libevview3-3-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"nautilus-evince-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"nautilus-evince-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-browser-plugin-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-browser-plugin-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-debugsource-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-djvudocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-djvudocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-dvidocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-dvidocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-pdfdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-pdfdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-psdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-psdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-tiffdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-tiffdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-xpsdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"evince-plugin-xpsdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libevdocument3-4-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libevdocument3-4-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libevview3-3-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libevview3-3-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"nautilus-evince-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"nautilus-evince-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-browser-plugin-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-browser-plugin-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-debugsource-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-djvudocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-djvudocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-dvidocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-dvidocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-pdfdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-pdfdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-psdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-psdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-tiffdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-tiffdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-xpsdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"evince-plugin-xpsdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libevdocument3-4-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libevdocument3-4-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libevview3-3-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libevview3-3-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"nautilus-evince-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"nautilus-evince-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"typelib-1_0-EvinceDocument-3_0-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"typelib-1_0-EvinceView-3_0-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-browser-plugin-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-browser-plugin-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-debugsource-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-djvudocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-djvudocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-dvidocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-dvidocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-pdfdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-pdfdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-psdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-psdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-tiffdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-tiffdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-xpsdocument-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"evince-plugin-xpsdocument-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libevdocument3-4-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libevdocument3-4-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libevview3-3-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libevview3-3-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"nautilus-evince-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"nautilus-evince-debuginfo-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"typelib-1_0-EvinceDocument-3_0-3.20.2-6.19.15")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"typelib-1_0-EvinceView-3_0-3.20.2-6.19.15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3351-1.NASL
    descriptionFelix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book (cbt) files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in Evince. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101545
    published2017-07-14
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101545
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : evince vulnerability (USN-3351-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3351-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101545);
      script_version("3.11");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-1000083");
      script_xref(name:"USN", value:"3351-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : evince vulnerability (USN-3351-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Felix Wilhelm discovered that Evince did not safely invoke tar when
    handling tar comic book (cbt) files. An attacker could use this to
    construct a malicious cbt comic book format file that, when opened in
    Evince, executes arbitrary code. Please note that this update disables
    support for cbt files in Evince.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3351-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected evince and / or evince-common packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evince-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|16\.10|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10 / 17.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"evince", pkgver:"3.10.3-0ubuntu10.3")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"evince-common", pkgver:"3.10.3-0ubuntu10.3")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"evince", pkgver:"3.18.2-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"evince-common", pkgver:"3.18.2-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"evince", pkgver:"3.22.0-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"evince-common", pkgver:"3.22.0-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"evince", pkgver:"3.24.0-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"evince-common", pkgver:"3.24.0-0ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-common");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-834.NASL
    descriptionThis update for evince fixes the following issues : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-07-26
    plugin id101968
    published2017-07-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101968
    titleopenSUSE Security Update : evince (openSUSE-2017-834)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-834.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101968);
      script_version("3.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000083");
    
      script_name(english:"openSUSE Security Update : evince (openSUSE-2017-834)");
      script_summary(english:"Check for the openSUSE-2017-834 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for evince fixes the following issues :
    
      - CVE-2017-1000083: Remote attackers could have used the
        comicbook mode of evince to inject shell code.
        (bsc#1046856, bgo#784630)
    
    This update was imported from the SUSE:SLE-12-SP2:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046856"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected evince packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Evince CBT File Command Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-browser-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-browser-plugin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-comicsdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-comicsdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-djvudocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-djvudocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-dvidocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-dvidocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-pdfdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-pdfdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-psdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-psdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-tiffdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-tiffdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-xpsdocument");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:evince-plugin-xpsdocument-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libevdocument3-4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libevdocument3-4-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libevview3-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libevview3-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nautilus-evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nautilus-evince-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-EvinceDocument-3_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-EvinceView-3_0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"evince-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-browser-plugin-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-browser-plugin-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-debugsource-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-devel-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-lang-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-comicsdocument-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-comicsdocument-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-djvudocument-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-djvudocument-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-dvidocument-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-dvidocument-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-pdfdocument-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-pdfdocument-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-psdocument-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-psdocument-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-tiffdocument-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-tiffdocument-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-xpsdocument-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"evince-plugin-xpsdocument-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libevdocument3-4-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libevdocument3-4-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libevview3-3-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libevview3-3-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"nautilus-evince-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"nautilus-evince-debuginfo-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"typelib-1_0-EvinceDocument-3_0-3.20.1-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"typelib-1_0-EvinceView-3_0-3.20.1-2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-browser-plugin / evince-browser-plugin-debuginfo / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2388.NASL
    descriptionAn update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es) : * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id102761
    published2017-08-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102761
    titleCentOS 7 : evince (CESA-2017:2388)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3916.NASL
    descriptionIt was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.
    last seen2020-06-01
    modified2020-06-02
    plugin id101910
    published2017-07-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101910
    titleDebian DSA-3916-1 : atril - security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_01A197CA67F111E7A26628924A333806.NASL
    descriptionGNOME reports : The comic book backend in evince 3.24.0 (and earlier) is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened. The same vulnerability affects atril, the Evince fork.
    last seen2020-06-01
    modified2020-06-02
    plugin id102687
    published2017-08-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102687
    titleFreeBSD : evince and atril -- command injection vulnerability in CBT handler (01a197ca-67f1-11e7-a266-28924a333806)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1893-1.NASL
    descriptionThis update for evince fixes the following issues : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101807
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101807
    titleSUSE SLED12 Security Update : evince (SUSE-SU-2017:1893-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1894-1.NASL
    descriptionThis update for evince fixes the following issues : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101808
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101808
    titleSUSE SLES12 Security Update : evince (SUSE-SU-2017:1894-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1031.NASL
    descriptionfrom the Google Security Team discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. For Debian 7
    last seen2020-03-17
    modified2017-07-19
    plugin id101792
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101792
    titleDebian DLA-1031-1 : evince security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-0F75EE2F38.NASL
    description - CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101575
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101575
    titleFedora 26 : evince (2017-0f75ee2f38)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170802_EVINCE_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince- thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083)
    last seen2020-03-18
    modified2017-08-22
    plugin id102660
    published2017-08-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102660
    titleScientific Linux Security Update : evince on SL7.x x86_64 (20170802)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1221.NASL
    descriptionAccording to the version of the evince packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-09-11
    plugin id103079
    published2017-09-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103079
    titleEulerOS 2.0 SP1 : evince (EulerOS-SA-2017-1221)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3911.NASL
    descriptionFelix Wilhelm discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.
    last seen2020-06-01
    modified2020-06-02
    plugin id101556
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101556
    titleDebian DSA-3911-1 : evince - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2390-1.NASL
    descriptionThis update for evince fixes the following issue : - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code (bsc#1046856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103111
    published2017-09-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103111
    titleSUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2017:2390-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1417.NASL
    descriptionThis update for evince fixes the following issues : Security issue fixed : - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend (bsc#1046856). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-12-26
    plugin id105456
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105456
    titleopenSUSE Security Update : evince (openSUSE-2017-1417)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2388.NASL
    descriptionFrom Red Hat Security Advisory 2017:2388 : An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es) : * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id102343
    published2017-08-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102343
    titleOracle Linux 7 : evince (ELSA-2017-2388)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1222.NASL
    descriptionAccording to the version of the evince packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-09-11
    plugin id103080
    published2017-09-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103080
    titleEulerOS 2.0 SP2 : evince (EulerOS-SA-2017-1222)

Packetstorm

Redhat

advisories
bugzilla
id1468488
titleCVE-2017-1000083 evince: command injection via filename in tar-compressed comics archive
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentevince-devel is earlier than 0:3.22.1-5.2.el7_4
          ovaloval:com.redhat.rhsa:tst:20172388001
        • commentevince-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110009006
      • AND
        • commentevince-browser-plugin is earlier than 0:3.22.1-5.2.el7_4
          ovaloval:com.redhat.rhsa:tst:20172388003
        • commentevince-browser-plugin is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20172388004
      • AND
        • commentevince-dvi is earlier than 0:3.22.1-5.2.el7_4
          ovaloval:com.redhat.rhsa:tst:20172388005
        • commentevince-dvi is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110009008
      • AND
        • commentevince-libs is earlier than 0:3.22.1-5.2.el7_4
          ovaloval:com.redhat.rhsa:tst:20172388007
        • commentevince-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110009002
      • AND
        • commentevince is earlier than 0:3.22.1-5.2.el7_4
          ovaloval:com.redhat.rhsa:tst:20172388009
        • commentevince is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110009004
      • AND
        • commentevince-nautilus is earlier than 0:3.22.1-5.2.el7_4
          ovaloval:com.redhat.rhsa:tst:20172388011
        • commentevince-nautilus is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20172388012
rhsa
idRHSA-2017:2388
released2017-08-01
severityImportant
titleRHSA-2017:2388: evince security update (Important)
rpms
  • evince-0:3.22.1-5.2.el7_4
  • evince-browser-plugin-0:3.22.1-5.2.el7_4
  • evince-debuginfo-0:3.22.1-5.2.el7_4
  • evince-devel-0:3.22.1-5.2.el7_4
  • evince-dvi-0:3.22.1-5.2.el7_4
  • evince-libs-0:3.22.1-5.2.el7_4
  • evince-nautilus-0:3.22.1-5.2.el7_4