[SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root
2005-02-11T00:00:00
ID DEBIAN:DSA-676-1:68869 Type debian Reporter Debian Modified 2005-02-11T00:00:00
Description
Debian Security Advisory DSA 676-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 11th, 2005 http://www.debian.org/security/faq
Package : xpcd
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0074
Erik Sjölund discovered a buffer overflow in pcdsvgaview, an SVGA
PhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display
graphics on the Linux console for which root permissions are required.
A malicious user could overflow a fixed-size buffer and may cause the
program to execute arbitrary code with elevated privileges.
For the stable distribution (woody) this problem has been fixed in
version 2.08-8woody3.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your xpcd-svga package immediately.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
{"id": "DEBIAN:DSA-676-1:68869", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 676-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 11th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xpcd\nVulnerability : buffer overflow\nProblem-Type : local\nDebian-specific: no\nCVE ID : CAN-2005-0074\n\nErik Sj\u00f6lund discovered a buffer overflow in pcdsvgaview, an SVGA\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\ngraphics on the Linux console for which root permissions are required.\nA malicious user could overflow a fixed-size buffer and may cause the\nprogram to execute arbitrary code with elevated privileges.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.08-8woody3.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your xpcd-svga package immediately.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3.dsc\n Size/MD5 checksum: 706 b1e7b8aeafd929cd31f9403b6534c86b\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3.diff.gz\n Size/MD5 checksum: 14837 e67ca4ae6f6c0cc09033e195ad188825\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08.orig.tar.gz\n Size/MD5 checksum: 103104 59bf5b8d0466ecb3c58ed1fffcdf499e\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_alpha.deb\n Size/MD5 checksum: 81170 17302a158ec404cf6b7961b8434cec33\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_alpha.deb\n Size/MD5 checksum: 13494 a0a1cec324c9c5fb202e18f33ee5fa59\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_arm.deb\n Size/MD5 checksum: 68116 7219d4fbdf1602941a2e17bb136ab348\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_arm.deb\n Size/MD5 checksum: 11954 c47772b3c30cfc26be6f7c53450225bc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_i386.deb\n Size/MD5 checksum: 64336 33d7f7a4ddf29576e4a37b89c3feb8eb\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_i386.deb\n Size/MD5 checksum: 11840 3234d80da9074230309b8ac5e3e5e0c3\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-svga_2.08-8woody3_i386.deb\n Size/MD5 checksum: 20964 9aba7400f6af8a22c90ff3cb69a44431\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_ia64.deb\n Size/MD5 checksum: 97850 88da140c9f83d0f56768e80e08923b82\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_ia64.deb\n Size/MD5 checksum: 15450 9333d80f7e16cf885b5138291969d3fb\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_hppa.deb\n Size/MD5 checksum: 73434 e479d36155807d7b0b19cf62e40ade42\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_hppa.deb\n Size/MD5 checksum: 12944 cb8feab07d3cb23488f3487192d2f82d\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_m68k.deb\n Size/MD5 checksum: 62778 262bc4fa9f4a76c727aa7ae3be63dd02\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_m68k.deb\n Size/MD5 checksum: 11630 0240c6672a38049666b7383e9eb5b193\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_mips.deb\n Size/MD5 checksum: 73636 75f8f7d42cdbfd51e505c89516a7966a\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_mips.deb\n Size/MD5 checksum: 12736 f69a68c9c81edb75524945ee2e80b4d7\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_mipsel.deb\n Size/MD5 checksum: 73338 50c143655e01f6b5f347520ceab3eb52\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_mipsel.deb\n Size/MD5 checksum: 12710 26ef7c3f8c34638695ec779a68112d26\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_powerpc.deb\n Size/MD5 checksum: 68606 93640415d6d425b966399df9a1a9d703\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_powerpc.deb\n Size/MD5 checksum: 12040 19f723b6df1e32dbc5f57affba9ba773\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_s390.deb\n Size/MD5 checksum: 69770 97d7acf4119d481466e656d3889da854\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_s390.deb\n Size/MD5 checksum: 12636 d30e6ca31aa772884d92c245cc88bd35\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_sparc.deb\n Size/MD5 checksum: 72888 3b961c03a13520a27d3d87f45d8bf19f\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_sparc.deb\n Size/MD5 checksum: 11918 b5d3f11a60c394b60eee9d42bae4af70\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "published": "2005-02-11T00:00:00", "modified": "2005-02-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00054.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2005-0074"], "type": "debian", "lastseen": "2020-11-11T13:18:50", "edition": 3, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0074"]}, {"type": "freebsd", "idList": ["D337B206-200F-11DC-A197-0011098B2F36"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-676.NASL", "FREEBSD_PKG_D337B206200F11DCA1970011098B2F36.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:13713"]}, {"type": "openvas", "idList": ["OPENVAS:53506", "OPENVAS:58838"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:7806"]}], "modified": "2020-11-11T13:18:50", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2020-11-11T13:18:50", "rev": 2}, "vulnersScore": 7.6}, "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "arch": "all", "operator": "lt", "packageFilename": "xpcd_2.08-8woody3_all.deb", "packageName": "xpcd", "packageVersion": "2.08-8woody3"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:24:34", "description": "Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.", "edition": 4, "cvss3": {}, "published": "2005-02-11T05:00:00", "title": "CVE-2005-0074", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0074"], "modified": "2008-09-05T20:45:00", "cpe": ["cpe:/a:xpcd:xpcd:2.08"], "id": "CVE-2005-0074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0074", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:xpcd:xpcd:2.08:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "cvelist": ["CVE-2005-0074"], "edition": 1, "description": "## Vulnerability Description\nA local overflow exists in xpcd. Xpcd contains boundary errors in the functions \"main()\" in \"view.c\", \"CompleteAction()\" in \"complete.c\" and \"load_image()\" in \"plug-0.54.c\" which result in buffer overflows. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Technical Description\nIt appears the vendor has stopped maintaining xpcd.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA local overflow exists in xpcd. Xpcd contains boundary errors in the functions \"main()\" in \"view.c\", \"CompleteAction()\" in \"complete.c\" and \"load_image()\" in \"plug-0.54.c\" which result in buffer overflows. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://linux.bytesex.org/fbida/xpcd.html\nSecurity Tracker: 1013162\n[Secunia Advisory ID:14248](https://secuniaresearch.flexerasoftware.com/advisories/14248/)\n[Secunia Advisory ID:14250](https://secuniaresearch.flexerasoftware.com/advisories/14250/)\nOther Advisory URL: http://www.debian.org/security/2005/dsa-676\n[CVE-2005-0074](https://vulners.com/cve/CVE-2005-0074)\n", "modified": "2005-02-11T14:53:26", "published": "2005-02-11T14:53:26", "href": "https://vulners.com/osvdb/OSVDB:13713", "id": "OSVDB:13713", "title": "xpcd pcdsvgaview Local Overflow", "type": "osvdb", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0074"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-05T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58838", "href": "http://plugins.openvas.org/nasl.php?oid=58838", "type": "openvas", "title": "FreeBSD Ports: xpcd", "sourceData": "#\n#VID d337b206-200f-11dc-a197-0011098b2f36\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xpcd\n\nCVE-2005-0074\nBuffer overflow in pcdsvgaview in xpcd 2.08 allows local users to\nexecute arbitrary code.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.debian.org/security/2005/dsa-676\nhttp://www.vuxml.org/freebsd/d337b206-200f-11dc-a197-0011098b2f36.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58838);\n script_version(\"$Revision: 4218 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-05 16:20:48 +0200 (Wed, 05 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0074\");\n script_bugtraq_id(12523);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: xpcd\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xpcd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package xpcd version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0074"], "description": "The remote host is missing an update to xpcd\nannounced via advisory DSA 676-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53506", "href": "http://plugins.openvas.org/nasl.php?oid=53506", "type": "openvas", "title": "Debian Security Advisory DSA 676-1 (xpcd)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_676_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 676-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Erik Sj\u00f6lund discovered a buffer overflow in pcdsvgaview, an SVGA\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\ngraphics on the Linux console for which root permissions are required.\nA malicious user could overflow a fixed-size buffer and may cause the\nprogram to execute arbitrary code with elevated privileges.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.08-8woody3.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your xpcd-svga package immediately.\";\ntag_summary = \"The remote host is missing an update to xpcd\nannounced via advisory DSA 676-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20676-1\";\n\nif(description)\n{\n script_id(53506);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(12523);\n script_cve_id(\"CVE-2005-0074\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 676-1 (xpcd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xpcd\", ver:\"2.08-8woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpcd-gimp\", ver:\"2.08-8woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpcd-svga\", ver:\"2.08-8woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:35", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0074"], "description": "\nDebian Project reports:\n\nErik Sjolund discovered a buffer overflow in pcdsvgaview,\n\t an SVGA PhotoCD viewer. xpcd-svga is part of xpcd and uses\n\t svgalib to display graphics on the Linux console for which\n\t root permissions are required. A malicious user could\n\t overflow a fixed-size buffer and may cause the program to\n\t execute arbitrary code with elevated privileges.\n\n", "edition": 4, "modified": "2005-02-11T00:00:00", "published": "2005-02-11T00:00:00", "id": "D337B206-200F-11DC-A197-0011098B2F36", "href": "https://vuxml.freebsd.org/freebsd/d337b206-200f-11dc-a197-0011098b2f36.html", "title": "xpcd -- buffer overflow", "type": "freebsd", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:50:29", "description": "Debian Project reports :\n\nErik Sjolund discovered a buffer overflow in pcdsvgaview, an SVGA\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\ngraphics on the Linux console for which root permissions are required.\nA malicious user could overflow a fixed-size buffer and may cause the\nprogram to execute arbitrary code with elevated privileges.", "edition": 23, "published": "2011-10-14T00:00:00", "title": "FreeBSD : xpcd -- buffer overflow (d337b206-200f-11dc-a197-0011098b2f36)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0074"], "modified": "2011-10-14T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:xpcd"], "id": "FREEBSD_PKG_D337B206200F11DCA1970011098B2F36.NASL", "href": "https://www.tenable.com/plugins/nessus/56497", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56497);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0074\");\n script_bugtraq_id(12523);\n script_xref(name:\"DSA\", value:\"676\");\n\n script_name(english:\"FreeBSD : xpcd -- buffer overflow (d337b206-200f-11dc-a197-0011098b2f36)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Debian Project reports :\n\nErik Sjolund discovered a buffer overflow in pcdsvgaview, an SVGA\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\ngraphics on the Linux console for which root permissions are required.\nA malicious user could overflow a fixed-size buffer and may cause the\nprogram to execute arbitrary code with elevated privileges.\"\n );\n # http://www.freebsd.org/ports/portaudit/d337b206-200f-11dc-a197-0011098b2f36.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?365164d2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xpcd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"xpcd>0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T10:03:15", "description": "Erik Sjolund discovered a buffer overflow in pcdsvgaview, an SVGA\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\ngraphics on the Linux console for which root permissions are required.\nA malicious user could overflow a fixed-size buffer and may cause the\nprogram to execute arbitrary code with elevated privileges.", "edition": 25, "published": "2005-02-11T00:00:00", "title": "Debian DSA-676-1 : xpcd - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0074"], "modified": "2005-02-11T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:xpcd"], "id": "DEBIAN_DSA-676.NASL", "href": "https://www.tenable.com/plugins/nessus/16380", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-676. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16380);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-0074\");\n script_xref(name:\"DSA\", value:\"676\");\n\n script_name(english:\"Debian DSA-676-1 : xpcd - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Erik Sjolund discovered a buffer overflow in pcdsvgaview, an SVGA\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\ngraphics on the Linux console for which root permissions are required.\nA malicious user could overflow a fixed-size buffer and may cause the\nprogram to execute arbitrary code with elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-676\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xpcd-svga package immediately.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.08-8woody3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xpcd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"xpcd\", reference:\"2.08-8woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xpcd-gimp\", reference:\"2.08-8woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xpcd-svga\", reference:\"2.08-8woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:11", "bulletinFamily": "software", "cvelist": ["CVE-2005-0074"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 676-1 security debian org\r\nhttp://www.debian.org/security/ Martin Schulze\r\nFebruary 11th, 2005 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : xpcd\r\nVulnerability : buffer overflow\r\nProblem-Type : local\r\nDebian-specific: no\r\nCVE ID : CAN-2005-0074\r\n\r\nErik Sjölund discovered a buffer overflow in pcdsvgaview, an SVGA\r\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\r\ngraphics on the Linux console for which root permissions are required.\r\nA malicious user could overflow a fixed-size buffer and may cause the\r\nprogram to execute arbitrary code with elevated privileges.\r\n\r\nFor the stable distribution (woody) this problem has been fixed in\r\nversion 2.08-8woody3.\r\n\r\nFor the unstable distribution (sid) this problem will be fixed soon.\r\n\r\nWe recommend that you upgrade your xpcd-svga package immediately.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3.dsc\r\n Size/MD5 checksum: 706 b1e7b8aeafd929cd31f9403b6534c86b\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3.diff.gz\r\n Size/MD5 checksum: 14837 e67ca4ae6f6c0cc09033e195ad188825\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08.orig.tar.gz\r\n Size/MD5 checksum: 103104 59bf5b8d0466ecb3c58ed1fffcdf499e\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_alpha.deb\r\n Size/MD5 checksum: 81170 17302a158ec404cf6b7961b8434cec33\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_alpha.deb\r\n Size/MD5 checksum: 13494 a0a1cec324c9c5fb202e18f33ee5fa59\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_arm.deb\r\n Size/MD5 checksum: 68116 7219d4fbdf1602941a2e17bb136ab348\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_arm.deb\r\n Size/MD5 checksum: 11954 c47772b3c30cfc26be6f7c53450225bc\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_i386.deb\r\n Size/MD5 checksum: 64336 33d7f7a4ddf29576e4a37b89c3feb8eb\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_i386.deb\r\n Size/MD5 checksum: 11840 3234d80da9074230309b8ac5e3e5e0c3\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-svga_2.08-8woody3_i386.deb\r\n Size/MD5 checksum: 20964 9aba7400f6af8a22c90ff3cb69a44431\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_ia64.deb\r\n Size/MD5 checksum: 97850 88da140c9f83d0f56768e80e08923b82\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_ia64.deb\r\n Size/MD5 checksum: 15450 9333d80f7e16cf885b5138291969d3fb\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_hppa.deb\r\n Size/MD5 checksum: 73434 e479d36155807d7b0b19cf62e40ade42\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_hppa.deb\r\n Size/MD5 checksum: 12944 cb8feab07d3cb23488f3487192d2f82d\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_m68k.deb\r\n Size/MD5 checksum: 62778 262bc4fa9f4a76c727aa7ae3be63dd02\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_m68k.deb\r\n Size/MD5 checksum: 11630 0240c6672a38049666b7383e9eb5b193\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_mips.deb\r\n Size/MD5 checksum: 73636 75f8f7d42cdbfd51e505c89516a7966a\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_mips.deb\r\n Size/MD5 checksum: 12736 f69a68c9c81edb75524945ee2e80b4d7\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_mipsel.deb\r\n Size/MD5 checksum: 73338 50c143655e01f6b5f347520ceab3eb52\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_mipsel.deb\r\n Size/MD5 checksum: 12710 26ef7c3f8c34638695ec779a68112d26\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_powerpc.deb\r\n Size/MD5 checksum: 68606 93640415d6d425b966399df9a1a9d703\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_powerpc.deb\r\n Size/MD5 checksum: 12040 19f723b6df1e32dbc5f57affba9ba773\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_s390.deb\r\n Size/MD5 checksum: 69770 97d7acf4119d481466e656d3889da854\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_s390.deb\r\n Size/MD5 checksum: 12636 d30e6ca31aa772884d92c245cc88bd35\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_sparc.deb\r\n Size/MD5 checksum: 72888 3b961c03a13520a27d3d87f45d8bf19f\r\n http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_sparc.deb\r\n Size/MD5 checksum: 11918 b5d3f11a60c394b60eee9d42bae4af70\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- --------------------------------------------------------------------------------\r\n-\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce lists debian org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.0 (GNU/Linux)\r\n\r\niD8DBQFCDIjvW5ql+IAeqTIRAvGTAJ97jE9Bs6XpyiipZ06zSXk+pyusmwCgk21N\r\n9SnF44C8Bp70ipIHG5dbMxM=\r\n=wLsz\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "edition": 1, "modified": "2005-02-12T00:00:00", "published": "2005-02-12T00:00:00", "id": "SECURITYVULNS:DOC:7806", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7806", "title": "[SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
