Ubuntu Update for Linux kernel vulnerabilities USN-961-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_961_1.nasl 7965 2017-12-01 07:38:25Z santu $
#
# Ubuntu Update for ghostscript vulnerabilities USN-961-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "David Srbecky discovered that Ghostscript incorrectly handled debug
logging. If a user or automated system were tricked into opening a crafted
PDF file, an attacker could cause a denial of service or execute arbitrary
code with privileges of the user invoking the program. This issue only
affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for
affected releases should reduce the vulnerability to a denial of service.
(CVE-2009-4270)
It was discovered that Ghostscript incorrectly handled certain malformed
files. If a user or automated system were tricked into opening a crafted
Postscript or PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897)
Dan Rosenberg discovered that Ghostscript incorrectly handled certain
recursive Postscript files. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program. (CVE-2010-1628)
Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript
incorrectly handled certain malformed Postscript files. If a user or
automated system were tricked into opening a crafted Postscript file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1869)";
tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-961-1";
tag_affected = "ghostscript vulnerabilities on Ubuntu 8.04 LTS ,
Ubuntu 9.04 ,
Ubuntu 9.10 ,
Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-961-1/");
script_id(840459);
script_version("$Revision: 7965 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_xref(name: "USN", value: "961-1");
script_cve_id("CVE-2009-4270", "CVE-2009-4897", "CVE-2010-1628", "CVE-2010-1869");
script_name("Ubuntu Update for ghostscript vulnerabilities USN-961-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU9.10")
{
if ((res = isdpkgvuln(pkg:"ghostscript-cups", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript-x", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs-dev", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs8", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript-doc", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-gpl", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs-esp-dev", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-aladdin", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-common", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-esp-x", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-esp", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"ghostscript-cups", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript-x", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs-dev", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs8", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript-doc", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-common", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs-esp-dev", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-aladdin", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-esp-x", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-esp", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-gpl", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU9.04")
{
if ((res = isdpkgvuln(pkg:"ghostscript-x", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs-dev", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs8", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript-doc", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-gpl", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs-esp-dev", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-aladdin", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-common", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-esp-x", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-esp", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU8.04 LTS")
{
if ((res = isdpkgvuln(pkg:"ghostscript-x", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs-dev", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs8", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ghostscript-doc", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-gpl", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgs-esp-dev", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-aladdin", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-common", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-esp-x", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"gs-esp", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}