Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20071107_XPDF_ON_SL4_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : xpdf on SL4.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.3

Percentile

97.0%

JSON

Problem description :

Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60292);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393");

  script_name(english:"Scientific Linux Security Update : xpdf on SL4.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Problem description :

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause Xpdf to
crash, or potentially execute arbitrary code when opened.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=545
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?dde11176"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xpdf package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"xpdf-3.00-14.el4")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

openvas 87
debian 5
fedora 25
nessus 55
redhat 7
gentoo 1
freebsd 1
ubuntu 2
centos 4
osv 3
suse 1
securityvulns 2
oraclelinux 4
altlinux 1
slackware 1
openvas
openvas
Fedora Update for kdetoys FEDORA-2007-2985
2009-02-27 00:00:00
Fedora Update for kdesdk FEDORA-2007-2985
2009-02-27 00:00:00
Fedora Update for kdeutils FEDORA-2007-2985
2009-02-27 00:00:00
debian
debian
[SECURITY] [DSA 1509-1] New koffice packages fix multiple vulnerabilities
2008-02-25 23:14:40
[SECURITY] [DSA 1537-1] New xpdf packages fix multiple vulnerabilities
2008-04-02 21:25:32
[SECURITY] [DSA 1480-1] New poppler packages fix several vulnerabilities
2008-02-05 17:13:47
fedora
fedora
[SECURITY] Fedora 8 Update: poppler-0.6.2-1.fc8
2007-12-11 00:52:22
[SECURITY] Fedora 7 Update: kde-i18n-3.5.8-1.fc7
2007-11-13 00:05:02
[SECURITY] Fedora 7 Update: kdeedu-3.5.8-2.fc7
2007-11-13 00:05:02
nessus
nessus
Mandrake Linux Security Advisory : cups (MDKSA-2007:228)
2007-11-20 00:00:00
RHEL 4 : gpdf (RHSA-2007:1025)
2009-04-23 00:00:00
Fedora 8 : kdegraphics-3.5.8-7.fc8 (2007-3001)
2007-11-12 00:00:00
redhat
redhat
(RHSA-2007:1025) Important: gpdf security update
2007-11-07 00:00:00
(RHSA-2007:1024) Important: kdegraphics security update
2007-11-12 00:00:00
(RHSA-2007:1029) Important: xpdf security update
2007-11-07 00:00:00
gentoo
gentoo
Poppler, KDE: User-assisted execution of arbitrary code
2007-11-18 00:00:00
freebsd
freebsd
xpdf -- multiple remote Stream.CC vulnerabilities
2007-11-07 00:00:00
ubuntu
ubuntu
KOffice vulnerabilities
2007-11-15 00:00:00
poppler vulnerabilities
2007-11-14 00:00:00
centos
centos
kdegraphics security update
2007-11-12 16:32:18
gpdf security update
2007-11-07 19:57:28
xpdf security update
2007-11-07 19:58:17
osv
osv
poppler - several vulnerabilities
2008-02-05 00:00:00
koffice - multiple vulnerabilities
2008-02-25 00:00:00
xpdf
2008-04-02 00:00:00
suse
suse
remote code execution in xpdf, kdegraphics3-pdf, koffice, libextractor,
2007-11-14 16:50:40
securityvulns
securityvulns
Secunia Research: Xpdf &quot;Stream.cc&quot; Multiple Vulnerabilities
2007-11-08 00:00:00
Xpdf multiple security vulnerabilities
2007-11-08 00:00:00
oraclelinux
oraclelinux
Important: poppler security update
2007-11-23 00:00:00
Important: xpdf security update
2007-11-07 00:00:00
Important: kdegraphics security update
2007-11-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package xpdf version 3.02-alt3
2007-11-12 00:00:00
slackware
slackware
[slackware-security] xpdf/poppler/koffice/kdegraphics
2007-11-12 09:06:02

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.3

Percentile

97.0%

JSON
Related for SL_20071107_XPDF_ON_SL4_X.NASL
openvas87debian5fedora25nessus55redhat7gentoo1freebsd1ubuntu2centos4osv3suse1securityvulns2oraclelinux4altlinux1slackware1