English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56025
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-227-1 (xpdf/cupsys/tetex-bin/kdegraphics/koffice)
Summary:Ubuntu USN-227-1 (xpdf/cupsys/tetex-bin/kdegraphics/koffice)
Description:
The remote host is missing an update to xpdf/cupsys/tetex-bin/kdegraphics/koffice
announced via advisory USN-227-1.

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

cupsys
cupsys-bsd
cupsys-client
kpdf
kword
libpoppler0c2
tetex-bin
xpdf-reader
xpdf-utils

infamous41md discovered several integer overflows in the XPDF code,
which is present in xpdf, the Poppler library, tetex-bin, KOffice, and
kpdf. By tricking an user into opening a specially crafted PDF file,
an attacker could exploit this to execute arbitrary code with the
privileges of the application that processes the document.

The CUPS printing system also uses XPDF code to convert PDF files to
PostScript. By attempting to print such a crafted PDF file, a remote
attacker could execute arbitrary code with the privileges of the
printer server (user 'cupsys').

Solution:
The problem can be corrected by upgrading the affected package to the
following versions:

Ubuntu 4.10:
xpdf: 3.00-8ubuntu1.9
cupsys: 1.1.20final+cvs20040330-4ubuntu16.9
tetex-bin: 2.0.2-21ubuntu0.7

Ubuntu 5.04:
xpdf: 3.00-11ubuntu3.5
tetex-bin: 2.0.2-25ubuntu0.3
kword: 1:1.3.5-2ubuntu1.2
kpdf: 4:3.4.0-0ubuntu3.2

Ubuntu 5.10:
libpoppler0c2: 0.4.2-0ubuntu6.4
tetex-bin: 2.0.2-30ubuntu3.3
kword: 1:1.4.1-0ubuntu7.1
kpdf: 4:3.4.3-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-227-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3191
http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
Bugtraq: 20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice (Google Search)
http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded
Debian Security Information: DSA-931 (Google Search)
http://www.debian.org/security/2005/dsa-931
Debian Security Information: DSA-932 (Google Search)
http://www.debian.org/security/2005/dsa-932
Debian Security Information: DSA-937 (Google Search)
http://www.debian.org/security/2005/dsa-937
Debian Security Information: DSA-938 (Google Search)
http://www.debian.org/security/2005/dsa-938
Debian Security Information: DSA-940 (Google Search)
http://www.debian.org/security/2005/dsa-940
Debian Security Information: DSA-936 (Google Search)
http://www.debian.org/security/2006/dsa-936
Debian Security Information: DSA-950 (Google Search)
http://www.debian.org/security/2006/dsa-950
Debian Security Information: DSA-961 (Google Search)
http://www.debian.org/security/2006/dsa-961
Debian Security Information: DSA-962 (Google Search)
http://www.debian.org/security/2006/dsa-962
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
http://www.redhat.com/support/errata/RHSA-2005-840.html
http://www.redhat.com/support/errata/RHSA-2005-867.html
http://www.redhat.com/support/errata/RHSA-2005-878.html
RedHat Security Advisories: RHSA-2005:868
http://rhn.redhat.com/errata/RHSA-2005-868.html
http://www.redhat.com/support/errata/RHSA-2006-0160.html
SCO Security Bulletin: SCOSA-2006.15
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
SCO Security Bulletin: SCOSA-2006.20
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
SCO Security Bulletin: SCOSA-2006.21
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
SGI Security Advisory: 20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
SGI Security Advisory: 20060201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
SuSE Security Announcement: SUSE-SA:2006:001 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
SuSE Security Announcement: SUSE-SR:2006:002 (Google Search)
http://www.novell.com/linux/security/advisories/2006_02_sr.html
SuSE Security Announcement: SUSE-SR:2006:001 (Google Search)
SuSE Security Announcement: SUSE-SR:2005:029 (Google Search)
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.trustix.org/errata/2005/0072/
http://www.ubuntulinux.org/usn/usn-227-1
BugTraq ID: 15726
http://www.securityfocus.com/bid/15726
BugTraq ID: 15727
http://www.securityfocus.com/bid/15727
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9760
http://www.vupen.com/english/advisories/2005/2786
http://www.vupen.com/english/advisories/2005/2789
http://www.vupen.com/english/advisories/2005/2790
http://www.vupen.com/english/advisories/2005/2788
http://www.vupen.com/english/advisories/2005/2856
http://www.vupen.com/english/advisories/2005/2787
http://www.vupen.com/english/advisories/2007/2280
http://securitytracker.com/id?1015309
http://securitytracker.com/id?1015324
http://secunia.com/advisories/17908
http://secunia.com/advisories/17912
http://secunia.com/advisories/17916
http://secunia.com/advisories/17920
http://secunia.com/advisories/17921
http://secunia.com/advisories/17929
http://secunia.com/advisories/17940
http://secunia.com/advisories/17976
http://secunia.com/advisories/18009
http://secunia.com/advisories/18055
http://secunia.com/advisories/18061
http://secunia.com/advisories/17897
http://secunia.com/advisories/17926
http://secunia.com/advisories/18191
http://secunia.com/advisories/18192
http://secunia.com/advisories/18189
http://secunia.com/advisories/18313
http://secunia.com/advisories/18336
http://secunia.com/advisories/18387
http://secunia.com/advisories/18416
http://secunia.com/advisories/18349
http://secunia.com/advisories/18385
http://secunia.com/advisories/18389
http://secunia.com/advisories/18448
http://secunia.com/advisories/18398
http://secunia.com/advisories/18407
http://secunia.com/advisories/18534
http://secunia.com/advisories/18549
http://secunia.com/advisories/18582
http://secunia.com/advisories/18303
http://secunia.com/advisories/18517
http://secunia.com/advisories/18554
http://secunia.com/advisories/17955
http://secunia.com/advisories/18674
http://secunia.com/advisories/18675
http://secunia.com/advisories/18679
http://secunia.com/advisories/18908
http://secunia.com/advisories/18913
http://secunia.com/advisories/19230
http://secunia.com/advisories/19377
http://secunia.com/advisories/18503
http://secunia.com/advisories/18147
http://secunia.com/advisories/18380
http://secunia.com/advisories/18428
http://secunia.com/advisories/18436
http://secunia.com/advisories/19797
http://secunia.com/advisories/19798
http://secunia.com/advisories/25729
http://secunia.com/advisories/26413
http://securityreason.com/securityalert/233
http://securityreason.com/securityalert/234
XForce ISS Database: xpdf-dctstream-baseline-bo(23444)
http://xforce.iss.net/xforce/xfdb/23444
XForce ISS Database: xpdf-dctstream-progressive-bo(23443)
http://xforce.iss.net/xforce/xfdb/23443
Common Vulnerability Exposure (CVE) ID: CVE-2005-3192
http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
http://scary.beasts.org/security/CESA-2005-003.txt
http://www.debian.org/security/2006/dsa-937
BugTraq ID: 15725
http://www.securityfocus.com/bid/15725
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10914
http://www.vupen.com/english/advisories/2005/2755
http://secunia.com/advisories/17897/
http://securityreason.com/securityalert/235
http://securityreason.com/securityalert/240
XForce ISS Database: xpdf-streampredictor-bo(23442)
http://xforce.iss.net/xforce/xfdb/23442
Common Vulnerability Exposure (CVE) ID: CVE-2005-3193
http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html
http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml
BugTraq ID: 15721
http://www.securityfocus.com/bid/15721
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11440
http://secunia.com/advisories/17956
http://secunia.com/advisories/17959
http://secunia.com/advisories/19125
http://secunia.com/advisories/18520
http://securityreason.com/securityalert/236
XForce ISS Database: xpdf-jpx-stream-bo(23441)
http://xforce.iss.net/xforce/xfdb/23441
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.