Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2010 Greenbone Networks GmbHOPENVAS:840459
HistoryJul 16, 2010 - 12:00 a.m.

Ubuntu Update for ghostscript vulnerabilities USN-961-1

2010-07-1600:00:00
Copyright (c) 2010 Greenbone Networks GmbH
plugins.openvas.org
15

EPSS

0.77

Percentile

98.3%

JSON

Ubuntu Update for Linux kernel vulnerabilities USN-961-1

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_961_1.nasl 7965 2017-12-01 07:38:25Z santu $
#
# Ubuntu Update for ghostscript vulnerabilities USN-961-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "David Srbecky discovered that Ghostscript incorrectly handled debug
  logging. If a user or automated system were tricked into opening a crafted
  PDF file, an attacker could cause a denial of service or execute arbitrary
  code with privileges of the user invoking the program. This issue only
  affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for
  affected releases should reduce the vulnerability to a denial of service.
  (CVE-2009-4270)

  It was discovered that Ghostscript incorrectly handled certain malformed
  files. If a user or automated system were tricked into opening a crafted
  Postscript or PDF file, an attacker could cause a denial of service or
  execute arbitrary code with privileges of the user invoking the program.
  This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897)
  
  Dan Rosenberg discovered that Ghostscript incorrectly handled certain
  recursive Postscript files. If a user or automated system were tricked into
  opening a crafted Postscript file, an attacker could cause a denial of
  service or execute arbitrary code with privileges of the user invoking the
  program. (CVE-2010-1628)
  
  Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript
  incorrectly handled certain malformed Postscript files. If a user or
  automated system were tricked into opening a crafted Postscript file, an
  attacker could cause a denial of service or execute arbitrary code with
  privileges of the user invoking the program. This issue only affected
  Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1869)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-961-1";
tag_affected = "ghostscript vulnerabilities on Ubuntu 8.04 LTS ,
  Ubuntu 9.04 ,
  Ubuntu 9.10 ,
  Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";


if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-961-1/");
  script_id(840459);
  script_version("$Revision: 7965 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name: "USN", value: "961-1");
  script_cve_id("CVE-2009-4270", "CVE-2009-4897", "CVE-2010-1628", "CVE-2010-1869");
  script_name("Ubuntu Update for ghostscript vulnerabilities USN-961-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU9.10")
{

  if ((res = isdpkgvuln(pkg:"ghostscript-cups", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript-x", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs-dev", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs8", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript-doc", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-gpl", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs-esp-dev", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-aladdin", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-common", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-esp-x", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-esp", ver:"8.70.dfsg.1-0ubuntu3.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU10.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"ghostscript-cups", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript-x", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs-dev", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs8", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript-doc", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-common", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs-esp-dev", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-aladdin", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-esp-x", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-esp", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-gpl", ver:"8.71.dfsg.1-0ubuntu5.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU9.04")
{

  if ((res = isdpkgvuln(pkg:"ghostscript-x", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs-dev", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs8", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript-doc", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-gpl", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs-esp-dev", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-aladdin", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-common", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-esp-x", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-esp", ver:"8.64.dfsg.1-0ubuntu8.1", rls:"UBUNTU9.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU8.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"ghostscript-x", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs-dev", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs8", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"ghostscript-doc", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-gpl", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libgs-esp-dev", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-aladdin", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-common", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-esp-x", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"gs-esp", ver:"8.61.dfsg.1-1ubuntu3.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

openvas 30
ubuntu 1
nessus 13
osv 2
fedora 4
debian 3
debiancve 4
ubuntucve 4
nvd 4
cvelist 4
prion 4
checkpoint_advisories 2
cve 4
gentoo 1
seebug 1
redhatcve 1
securityvulns 3
openvas
openvas
Ubuntu: Security Advisory (USN-961-1)
2010-07-16 00:00:00
Mandriva Update for sane MDVA-2010:134 (sane)
2010-04-30 00:00:00
Mandriva Update for sane MDVA-2010:134 (sane)
2010-04-30 00:00:00
ubuntu
ubuntu
Ghostscript vulnerabilities
2010-07-13 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : ghostscript vulnerabilities (USN-961-1)
2010-07-14 00:00:00
Mandriva Linux Security Advisory : ghostscript (MDVSA-2010:134)
2010-07-30 00:00:00
openSUSE Security Update : ghostscript-devel (openSUSE-SU-2010:0425-1)
2010-07-23 00:00:00
osv
osv
ghostscript - several vulnerabilities
2010-08-19 00:00:00
ghostscript - several vulnerabilities
2010-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: ghostscript-8.71-7.fc12
2010-08-17 05:44:47
[SECURITY] Fedora 12 Update: ghostscript-8.71-16.fc12
2010-10-14 23:02:13
[SECURITY] Fedora 13 Update: ghostscript-8.71-10.fc13
2010-08-17 05:25:42
debian
debian
[SECURITY] [DSA 2093-1] New ghostscript packages fix several vulnerabilities
2010-08-19 08:20:58
[SECURITY] [DSA 2093-1] New ghostscript packages fix several vulnerabilities
2010-08-19 08:20:58
[SECURITY] [DSA 2080-1] New ghostscript packages fix several vulnerabilities
2010-08-01 01:24:55
debiancve
debiancve
CVE-2009-4897
2010-07-22 05:40:03
CVE-2010-1628
2010-05-19 22:30:00
CVE-2009-4270
2009-12-21 16:30:00
ubuntucve
ubuntucve
CVE-2009-4897
2010-05-12 00:00:00
CVE-2009-4270
2009-12-21 00:00:00
CVE-2010-1628
2010-05-19 00:00:00
nvd
nvd
CVE-2010-1628
2010-05-19 22:30:00
CVE-2009-4897
2010-07-22 05:40:03
CVE-2009-4270
2009-12-21 16:30:00
cvelist
cvelist
CVE-2009-4897
2010-07-22 01:00:00
CVE-2010-1628
2010-05-19 22:00:00
CVE-2009-4270
2009-12-21 16:00:00
prion
prion
Buffer overflow
2010-07-22 05:40:00
Memory corruption
2010-05-19 22:30:00
Stack overflow
2010-05-12 11:46:00
checkpoint_advisories
checkpoint_advisories
Ghostscript Pdf parsing Buffer Overflow - Ver2 (CVE-2009-4897)
2014-03-03 00:00:00
GhostScript PostScript Parser Stack Overflow (CVE-2010-1869)
2010-05-11 00:00:00
cve
cve
CVE-2009-4897
2010-07-22 05:40:03
CVE-2010-1628
2010-05-19 22:30:00
CVE-2009-4270
2009-12-21 16:30:00
gentoo
gentoo
GPL Ghostscript: Multiple vulnerabilities
2014-12-13 00:00:00
seebug
seebug
Ghostscript errprintf()函数PDFζ–‡δ»Άε€„η†ζ ˆζΊ’ε‡ΊζΌζ΄ž
2009-12-23 00:00:00
redhatcve
redhatcve
CVE-2009-4270
2015-10-30 10:23:19
securityvulns
securityvulns
Ghostscript buffer overflow
2010-05-18 00:00:00
GhostScript Vulnerability Clarification - CVE-2010-1869
2010-05-18 00:00:00
Multiple memory corruption vulnerabilities in Ghostscript
2010-05-12 00:00:00

EPSS

0.77

Percentile

98.3%

JSON
Related for OPENVAS:840459
openvas30ubuntu1nessus13osv2fedora4debian3debiancve4ubuntucve4nvd4cvelist4prion4checkpoint_advisories2cve4gentoo1seebug1redhatcve1securityvulns3