Mandrake Linux Security Advisory : ghostscript (MDKSA-2007:208)

2009-04-2300:00:00

www.tenable.com

A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.

Newer versions of ghostscript contain an embedded copy of libjasper and as such is vulnerable to this issue.

Updated packages have been patched to prevent this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2007:208. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(37643);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-2721");
  script_xref(name:"MDKSA", value:"2007:208");

  script_name(english:"Mandrake Linux Security Advisory : ghostscript (MDKSA-2007:208)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A function in the JasPer JPEG-2000 library before 1.900 could allow a
remote user-assisted attack to cause a crash and possibly corrupt the
heap via malformed image files.

Newer versions of ghostscript contain an embedded copy of libjasper
and as such is vulnerable to this issue.

Updated packages have been patched to prevent this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-X");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-dvipdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-module-X");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gs8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gs8-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ijs1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ijs1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgs8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgs8-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libijs1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libijs1-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"ghostscript-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"ghostscript-X-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"ghostscript-common-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"ghostscript-doc-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"ghostscript-dvipdf-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"ghostscript-module-X-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64gs8-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64gs8-devel-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ijs1-0.35-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ijs1-devel-0.35-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libgs8-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libgs8-devel-8.60-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libijs1-0.35-55.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libijs1-devel-0.35-55.1mdv2008.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinux2008.0cpe:/o:mandriva:linux:2008.0
mandrivalinuxghostscriptp-cpe:/a:mandriva:linux:ghostscript
mandrivalinuxghostscript-xp-cpe:/a:mandriva:linux:ghostscript-x
mandrivalinuxghostscript-commonp-cpe:/a:mandriva:linux:ghostscript-common
mandrivalinuxghostscript-docp-cpe:/a:mandriva:linux:ghostscript-doc
mandrivalinuxghostscript-dvipdfp-cpe:/a:mandriva:linux:ghostscript-dvipdf
mandrivalinuxghostscript-module-xp-cpe:/a:mandriva:linux:ghostscript-module-x
mandrivalinuxlib64gs8p-cpe:/a:mandriva:linux:lib64gs8
mandrivalinuxlib64gs8-develp-cpe:/a:mandriva:linux:lib64gs8-devel
mandrivalinuxlib64ijs1p-cpe:/a:mandriva:linux:lib64ijs1

Vendor	Product	Version	CPE
mandriva	linux	2008.0	cpe:/o:mandriva:linux:2008.0
mandriva	linux	ghostscript	p-cpe:/a:mandriva:linux:ghostscript
mandriva	linux	ghostscript-x	p-cpe:/a:mandriva:linux:ghostscript-x
mandriva	linux	ghostscript-common	p-cpe:/a:mandriva:linux:ghostscript-common
mandriva	linux	ghostscript-doc	p-cpe:/a:mandriva:linux:ghostscript-doc
mandriva	linux	ghostscript-dvipdf	p-cpe:/a:mandriva:linux:ghostscript-dvipdf
mandriva	linux	ghostscript-module-x	p-cpe:/a:mandriva:linux:ghostscript-module-x
mandriva	linux	lib64gs8	p-cpe:/a:mandriva:linux:lib64gs8
mandriva	linux	lib64gs8-devel	p-cpe:/a:mandriva:linux:lib64gs8-devel
mandriva	linux	lib64ijs1	p-cpe:/a:mandriva:linux:lib64ijs1