English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-39
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 24 Jun 2003
 Last revised           : 24 Jun 2003

 Package : xpdf

 Summary : Vulnerability in Xpdf

 More information :
    Xpdf is an X Window System based viewer for Portable Document Format (PDF) files.
    If a victim clicks on a hyperlink contained within a malicious PDF file,
    an attacker may be able to execute arbitrary commands with the privileges of the victim.
    The remote attacker may be able to execute the arbitrary commands
    because xpdf spawn external programs to handle hyperlinks by invoking
    the shell command interpreter.

 Impact :
    An attacker can embed malicious external-type hyperlinks that if activated or
    followed by a victim can execute arbitrary shell commands.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   xpdf-1.00-3.src.rpm
      4045179 0c83bfc9786545321610c6aceff278c1

   Binary Packages
   Size : MD5

   xpdf-1.00-3.i586.rpm
      3837506 8bc086a2f2a6f2dd8d3e20dcab0489ad

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   xpdf-1.00-3.src.rpm
      4045179 8f8d3b0007468248932b454b43f48459

   Binary Packages
   Size : MD5

   xpdf-1.00-3.i586.rpm
      3837229 9fca924c620a721a0c1bb21b8d1febc0

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   xpdf-0.92-3.src.rpm
      1816715 71093f3ff582090aa07c29f3a2930365

   Binary Packages
   Size : MD5

   xpdf-0.92-3.i586.rpm
      2953371 400915516396493c3d388cdcc4a0998e

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   xpdf-0.92-3.src.rpm
      1816715 af546ba427343c1c37d15f6b428dd7ac

   Binary Packages
   Size : MD5

   xpdf-0.92-3.i586.rpm
      2952060 04e55adad39d699f1f7d2a2d7d0e01c6

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   xpdf-0.92-3.src.rpm
      1816715 a96cb64fbe2c41b14e7d79316045afb8

   Binary Packages
   Size : MD5

   xpdf-0.92-3.i386.rpm
      3251385 d4e309ad40c381acf103418ae74b9998


 References :

 CERT Vulnerability Note
   [VU#200132]
   http://www.kb.cert.org/vuls/id/200132

 CVE
   [CAN-2003-0434]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0434


 --------------------------------------------------------------------------
 Revision History
    24 Jun 2003 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2003 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE++BQMK0LzjOqIJMwRAsi0AKCPrLyu/848jK7jAZsJt+diP0RIGQCeLusL
qxnb9Hy5VTvLlZvv1RfN3sk=
=OUYr
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.