Executive Summary
Summary | |
---|---|
Title | xpdf security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:213 | First vendor Publication | 2005-03-04 |
Vendor | RedHat | Last vendor Modification | 2005-03-04 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated xpdf package that correctly fixes several integer overflows is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CAN-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). RHSA-2004:592 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0206 to this issue. All users of xpdf should upgrade to this updated package, which contains backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 135393 - CAN-2004-0888 xpdf integer overflows (CAN-2005-0206) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-213.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11107 | |||
Oval ID: | oval:org.mitre.oval:def:11107 | ||
Title: | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | ||
Description: | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0206 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9714 | |||
Oval ID: | oval:org.mitre.oval:def:9714 | ||
Title: | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | ||
Description: | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0888 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5014529.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0206-01 File : nvt/gb_RHSA-2008_0206-01_cups.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 i386 File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 i386 File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-20 (Xpdf) File : nvt/glsa_200410_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-30 (GPdf) File : nvt/glsa_200410_30.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-30 (pdftohtml) File : nvt/glsa_200411_30.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-31 (teTeX) File : nvt/glsa_200501_31.nasl |
2008-09-04 | Name : FreeBSD Ports: gpdf, cups-base File : nvt/freebsd_gpdf.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 573-1 (cupsys) File : nvt/deb_573_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 581-1 (xpdf) File : nvt/deb_581_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 599-1 (tetex-bin) File : nvt/deb_599_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44330 | CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow |
16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
11034 | Xpdf Page Size Remote Overflow |
11033 | Xpdf indexHigh Color Size Remote Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0206.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-056.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-044.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-043.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-042.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-041.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080401_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0206.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0206.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-354.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-9-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-14-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ad2f333726bf11d99289000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2005-04-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-354.nasl - Type : ACT_GATHER_INFO |
2005-03-06 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-052.nasl - Type : ACT_GATHER_INFO |
2005-03-04 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-213.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-034.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-053.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-057.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-066.nasl - Type : ACT_GATHER_INFO |
2005-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-132.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-31.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-133.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-123.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-122.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-134.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-136.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-135.nasl - Type : ACT_GATHER_INFO |
2005-01-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-165.nasl - Type : ACT_GATHER_INFO |
2005-01-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-166.nasl - Type : ACT_GATHER_INFO |
2004-11-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-599.nasl - Type : ACT_GATHER_INFO |
2004-11-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200411-30.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-573.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-581.nasl - Type : ACT_GATHER_INFO |
2004-11-04 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-592.nasl - Type : ACT_GATHER_INFO |
2004-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-543.nasl - Type : ACT_GATHER_INFO |
2004-10-30 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-357.nasl - Type : ACT_GATHER_INFO |
2004-10-30 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-358.nasl - Type : ACT_GATHER_INFO |
2004-10-28 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-337.nasl - Type : ACT_GATHER_INFO |
2004-10-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200410-30.nasl - Type : ACT_GATHER_INFO |
2004-10-26 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_039.nasl - Type : ACT_GATHER_INFO |
2004-10-22 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-348.nasl - Type : ACT_GATHER_INFO |
2004-10-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-116.nasl - Type : ACT_GATHER_INFO |
2004-10-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-115.nasl - Type : ACT_GATHER_INFO |
2004-10-22 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-114.nasl - Type : ACT_GATHER_INFO |
2004-10-22 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-113.nasl - Type : ACT_GATHER_INFO |
2004-10-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200410-20.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:07 |
|
2013-05-11 12:22:53 |
|