Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 Tenable Network Security, Inc.FEDORA_2005-1171.NASL
HistoryDec 20, 2005 - 12:00 a.m.

Fedora Core 4 : poppler-0.4.3-1.3 (2005-1171)

2005-12-2000:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
13
JSON

Several more flaws were discovered in Xpdf, which poppler is based on.
An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened.
The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3193 to these issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2005-1171.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20326);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2005-3193");
  script_xref(name:"FEDORA", value:"2005-1171");

  script_name(english:"Fedora Core 4 : poppler-0.4.3-1.3 (2005-1171)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several more flaws were discovered in Xpdf, which poppler is based on.
An attacker could construct a carefully crafted PDF file that could
cause poppler to crash or possibly execute arbitrary code when opened.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2005-3193 to these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/announce/2005-December/001689.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6dd87dbe"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected poppler, poppler-debuginfo and / or poppler-devel
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:poppler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:poppler-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:poppler-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC4", reference:"poppler-0.4.3-1.3")) flag++;
if (rpm_check(release:"FC4", reference:"poppler-debuginfo-0.4.3-1.3")) flag++;
if (rpm_check(release:"FC4", reference:"poppler-devel-0.4.3-1.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler / poppler-debuginfo / poppler-devel");
}
VendorProductVersionCPE
fedoraprojectfedorapopplerp-cpe:/a:fedoraproject:fedora:poppler
fedoraprojectfedorapoppler-debuginfop-cpe:/a:fedoraproject:fedora:poppler-debuginfo
fedoraprojectfedorapoppler-develp-cpe:/a:fedoraproject:fedora:poppler-devel
fedoraprojectfedora_core4cpe:/o:fedoraproject:fedora_core:4

Related

nessus 42
openvas 28
altlinux 1
gentoo 3
securityvulns 3
slackware 3
ubuntucve 1
cvelist 1
debiancve 1
cve 1
redhat 5
centos 8
oraclelinux 1
suse 1
nessus
nessus
Fedora Core 3 : gpdf-2.8.2-6.2 (2005-1146)
2005-12-15 00:00:00
Fedora Core 4 : poppler-0.4.1-1.2 (2005-1132)
2005-12-11 00:00:00
Slackware 10.2 / current : tetex PDF security (SSA:2006-142-01)
2006-05-23 00:00:00
openvas
openvas
Slackware Advisory SSA:2006-142-01 tetex PDF security
2012-09-11 00:00:00
Gentoo Security Advisory GLSA 200603-02 (tetex)
2008-09-24 00:00:00
Slackware: Security Advisory (SSA:2006-142-01)
2012-09-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package xpdf version 3.01-alt2pl1
2005-12-07 00:00:00
gentoo
gentoo
teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code
2006-03-04 00:00:00
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
2005-12-16 00:00:00
KPdf, KWord: Multiple overflows in included Xpdf code
2006-01-04 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability
2005-12-06 00:00:00
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities
2006-01-07 00:00:00
[Full-disclosure] [SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution
2006-02-01 00:00:00
slackware
slackware
[slackware-security] tetex PDF security
2006-05-22 22:14:23
[slackware-security] xpdf
2006-02-15 00:28:51
[slackware-security] kdegraphics
2006-02-15 00:27:14
ubuntucve
ubuntucve
CVE-2005-3193
2005-12-07 00:00:00
cvelist
cvelist
CVE-2005-3193
2005-12-07 00:00:00
debiancve
debiancve
CVE-2005-3193
2005-12-07 00:03:00
cve
cve
CVE-2005-3193
2005-12-07 00:03:00
redhat
redhat
(RHSA-2005:878) cups security update
2005-12-20 00:00:00
(RHSA-2005:867) gpdf security update
2005-12-20 00:00:00
(RHSA-2005:840) xpdf security update
2005-12-06 00:00:00
centos
centos
gpdf security update
2005-12-21 02:51:50
cups security update
2005-12-20 23:29:16
xpdf security update
2005-12-22 00:12:57
oraclelinux
oraclelinux
kdegraphics security update
2006-11-30 00:00:00
suse
suse
remote code execution in xpdf,kpdf,gpdf,kword
2006-01-11 12:03:37
JSON
Related for FEDORA_2005-1171.NASL
nessus42openvas28altlinux1gentoo3securityvulns3slackware3ubuntucve1cvelist1debiancve1cve1redhat5centos8oraclelinux1suse1