Test ID:	1.3.6.1.4.1.25623.1.0.51551
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:542
Summary:	Conectiva Security Advisory CLA-2002:542
Description:	The remote host is missing updates announced in advisory CLA-2002:542. gv is a program which uses the Ghostscript PostScript interpreter to display PostScript and PDF documents under the X Window System. kghostview is a KDE application which does the same. Zen Parse found[1] a buffer overflow vulnerability in gv version 3.5.8 and earlier. kghostview (from kdegraphics versions prior to 3.0.4) is also affected, since it has some code derived from the same project. An attacker can exploit this vulnerability by creating a carefully crafted pdf file that, when opened by gv or kghostview, causes the execution of arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0838 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.idefense.com/advisory/09.26.02.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0838 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:542 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium
Cross-Ref:	BugTraq ID: 5808 Common Vulnerability Exposure (CVE) ID: CVE-2002-0838 Bugtraq: 20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=103305615613319&w=2 Bugtraq: 20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=103305778615625&w=2 http://www.redhat.com/support/errata/RHSA-2002-207.html http://www.redhat.com/support/errata/RHSA-2002-212.html http://www.redhat.com/support/errata/RHSA-2002-220.html Debian Security Information: DSA-176 (Google Search) http://www.debian.org/security/2002/dsa-176 Debian Security Information: DSA-179 (Google Search) http://www.debian.org/security/2002/dsa-179 Debian Security Information: DSA-182 (Google Search) http://www.debian.org/security/2002/dsa-182 Caldera Security Advisory: CSSA-2002-053.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt Conectiva Linux advisory: CLA-2002:542 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542 http://www.mandriva.com/security/advisories?name=MDKSA-2002:069 http://www.mandriva.com/security/advisories?name=MDKSA-2002:071 Bugtraq: 20021017 GLSA: ggv (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=103487806800388&w=2 CERT/CC vulnerability note: VU#600777 http://www.kb.cert.org/vuls/id/600777 http://www.securityfocus.com/bid/5808 http://www.iss.net/security_center/static/10201.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: