Test ID:	1.3.6.1.4.1.25623.1.0.51551
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:542
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2002:542. gv is a program which uses the Ghostscript PostScript interpreter to display PostScript and PDF documents under the X Window System. kghostview is a KDE application which does the same. Zen Parse found[1] a buffer overflow vulnerability in gv version 3.5.8 and earlier. kghostview (from kdegraphics versions prior to 3.0.4) is also affected, since it has some code derived from the same project. An attacker can exploit this vulnerability by creating a carefully crafted pdf file that, when opened by gv or kghostview, causes the execution of arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0838 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.idefense.com/advisory/09.26.02.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0838 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:542 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	BugTraq ID: 5808 Common Vulnerability Exposure (CVE) ID: CVE-2002-0838 http://www.securityfocus.com/bid/5808 Bugtraq: 20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv (Google Search) http://marc.info/?l=bugtraq&m=103305778615625&w=2 Bugtraq: 20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv (Google Search) http://marc.info/?l=bugtraq&m=103305615613319&w=2 Bugtraq: 20021017 GLSA: ggv (Google Search) http://marc.info/?l=bugtraq&m=103487806800388&w=2 Caldera Security Advisory: CSSA-2002-053.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt CERT/CC vulnerability note: VU#600777 http://www.kb.cert.org/vuls/id/600777 Conectiva Linux advisory: CLA-2002:542 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542 Debian Security Information: DSA-176 (Google Search) http://www.debian.org/security/2002/dsa-176 Debian Security Information: DSA-179 (Google Search) http://www.debian.org/security/2002/dsa-179 Debian Security Information: DSA-182 (Google Search) http://www.debian.org/security/2002/dsa-182 http://www.mandriva.com/security/advisories?name=MDKSA-2002:069 http://www.mandriva.com/security/advisories?name=MDKSA-2002:071 http://www.redhat.com/support/errata/RHSA-2002-207.html http://www.redhat.com/support/errata/RHSA-2002-212.html http://www.redhat.com/support/errata/RHSA-2002-220.html http://www.iss.net/security_center/static/10201.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.