Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2012-004.NASL
HistoryJan 13, 2012 - 12:00 a.m.

Mandriva Linux Security Advisory : t1lib (MDVSA-2012:004)

2012-01-1300:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
13

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.278 Low

EPSS

Percentile

96.8%

JSON

Multiple vulnerabilities has been found and corrected in t1lib :

A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Different vulnerability than CVE-2010-2642 (CVE-2011-0433).

t1lib 5.1.2 and earlier reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764 (CVE-2011-1552).

Use-after-free vulnerability in t1lib 5.1.2 and earlier allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764 (CVE-2011-1553).

Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764 (CVE-2011-1554).

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2012:004. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(57530);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2011-0433", "CVE-2011-1552", "CVE-2011-1553", "CVE-2011-1554");
  script_bugtraq_id(47168, 47169);
  script_xref(name:"MDVSA", value:"2012:004");

  script_name(english:"Mandriva Linux Security Advisory : t1lib (MDVSA-2012:004)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in t1lib :

A heap-based buffer overflow flaw was found in the way AFM font file
parser, used for rendering of DVI files, in GNOME evince document
viewer and other products, processed line tokens from the given input
stream. A remote attacker could provide a DVI file, with embedded
specially crafted font file, and trick the local user to open it with
an application using the AFM font parser, leading to that particular
application crash or, potentially, arbitrary code execution with the
privileges of the user running the application. Different
vulnerability than CVE-2010-2642 (CVE-2011-0433).

t1lib 5.1.2 and earlier reads from invalid memory locations, which
allows remote attackers to cause a denial of service (application
crash) via a crafted Type 1 font in a PDF document, a different
vulnerability than CVE-2011-0764 (CVE-2011-1552).

Use-after-free vulnerability in t1lib 5.1.2 and earlier allows remote
attackers to cause a denial of service (application crash) via a PDF
document containing a crafted Type 1 font that triggers an invalid
memory write, a different vulnerability than CVE-2011-0764
(CVE-2011-1553).

Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers to
cause a denial of service (application crash) via a PDF document
containing a crafted Type 1 font that triggers an invalid memory read,
integer overflow, and invalid pointer dereference, a different
vulnerability than CVE-2011-0764 (CVE-2011-1554).

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.toucan-system.com/advisories/tssa-2011-01.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=679732"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64t1lib-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64t1lib-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64t1lib5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libt1lib-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libt1lib-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libt1lib5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:t1lib-config");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:t1lib-progs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64t1lib-devel-5.1.2-8.3mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64t1lib-static-devel-5.1.2-8.3mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64t1lib5-5.1.2-8.3mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libt1lib-devel-5.1.2-8.3mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libt1lib-static-devel-5.1.2-8.3mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libt1lib5-5.1.2-8.3mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"t1lib-config-5.1.2-8.3mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"t1lib-progs-5.1.2-8.3mdv2010.2", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64t1lib-devel-5.1.2-11.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64t1lib-static-devel-5.1.2-11.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64t1lib5-5.1.2-11.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libt1lib-devel-5.1.2-11.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libt1lib-static-devel-5.1.2-11.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libt1lib5-5.1.2-11.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"t1lib-config-5.1.2-11.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"t1lib-progs-5.1.2-11.2-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64t1lib-develp-cpe:/a:mandriva:linux:lib64t1lib-devel
mandrivalinuxlib64t1lib-static-develp-cpe:/a:mandriva:linux:lib64t1lib-static-devel
mandrivalinuxlib64t1lib5p-cpe:/a:mandriva:linux:lib64t1lib5
mandrivalinuxlibt1lib-develp-cpe:/a:mandriva:linux:libt1lib-devel
mandrivalinuxlibt1lib-static-develp-cpe:/a:mandriva:linux:libt1lib-static-devel
mandrivalinuxlibt1lib5p-cpe:/a:mandriva:linux:libt1lib5
mandrivalinuxt1lib-configp-cpe:/a:mandriva:linux:t1lib-config
mandrivalinuxt1lib-progsp-cpe:/a:mandriva:linux:t1lib-progs
mandrivalinux2010.1cpe:/o:mandriva:linux:2010.1
mandrivalinux2011cpe:/o:mandriva:linux:2011

Related

amazon 2
openvas 55
oraclelinux 4
nessus 51
debian 2
centos 3
redhat 4
fedora 4
osv 2
ubuntu 4
slackware 1
gentoo 2
securityvulns 4
ubuntucve 7
debiancve 7
prion 7
cvelist 7
cve 7
nvd 7
veracode 6
cbl_mariner 2
cert 1
amazon
amazon
Medium: texlive
2012-03-04 16:08:00
Medium: t1lib
2012-02-02 14:26:00
openvas
openvas
Fedora Update for t1lib FEDORA-2012-0266
2012-02-01 00:00:00
Mandriva Update for t1lib MDVSA-2012:004 (t1lib)
2012-01-13 00:00:00
Mandriva Update for t1lib MDVSA-2012:004 (t1lib)
2012-01-13 00:00:00
oraclelinux
oraclelinux
texlive security update
2012-02-15 00:00:00
t1lib security update
2012-01-24 00:00:00
tetex security update
2012-08-23 00:00:00
nessus
nessus
Oracle Linux 6 : t1lib (ELSA-2012-0062)
2013-07-12 00:00:00
Fedora 16 : t1lib-5.1.2-9.fc16 (2012-0289)
2012-01-30 00:00:00
Fedora 15 : t1lib-5.1.2-9.fc15 (2012-0266)
2012-01-30 00:00:00
debian
debian
[SECURITY] [DSA 2388-1] t1lib security update
2012-01-15 10:25:21
[SECURITY] [DSA 2357-1] evince security update
2011-12-04 10:54:13
centos
centos
kpathsea, mendexk, texlive security update
2012-02-16 13:36:55
t1lib security update
2012-01-30 20:25:25
tetex security update
2012-08-23 23:12:26
redhat
redhat
(RHSA-2012:0137) Moderate: texlive security update
2012-02-15 00:00:00
(RHSA-2012:0062) Moderate: t1lib security update
2012-01-24 00:00:00
(RHSA-2012:1201) Moderate: tetex security update
2012-08-23 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: t1lib-5.1.2-9.fc15
2012-01-28 03:28:44
[SECURITY] Fedora 16 Update: t1lib-5.1.2-9.fc16
2012-01-28 03:23:39
[SECURITY] Fedora 14 Update: evince-2.32.0-3.fc14
2011-01-08 21:26:09
osv
osv
t1lib - several
2012-01-14 00:00:00
evince - several
2011-12-03 00:00:00
ubuntu
ubuntu
t1lib vulnerabilities
2012-01-19 00:00:00
t1lib vulnerability
2011-12-21 00:00:00
Evince vulnerability
2012-01-25 00:00:00
slackware
slackware
[slackware-security] t1lib
2012-08-16 06:32:38
gentoo
gentoo
T1Lib: : Multiple vulnerabilities
2017-01-23 00:00:00
Evince: Multiple vulnerabilities
2011-11-20 00:00:00
securityvulns
securityvulns
t1lib / xpdf library multiple security vulnerabilities
2012-01-16 00:00:00
TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution
2011-03-29 00:00:00
[USN-1035-1] Evince vulnerabilities
2011-01-07 00:00:00
ubuntucve
ubuntucve
CVE-2011-0433
2012-01-13 00:00:00
CVE-2011-1554
2011-03-31 00:00:00
CVE-2011-1553
2011-03-31 00:00:00
debiancve
debiancve
CVE-2011-1554
2011-03-31 23:55:00
CVE-2011-1553
2011-03-31 23:55:00
CVE-2011-0433
2012-11-19 12:10:48
prion
prion
Heap overflow
2012-11-19 12:10:00
Integer overflow
2011-03-31 23:55:00
Code injection
2011-03-31 23:55:00
cvelist
cvelist
CVE-2011-0433
2012-11-19 11:00:00
CVE-2011-1554
2011-03-31 23:00:00
CVE-2011-1552
2011-03-31 23:00:00
cve
cve
CVE-2011-1554
2011-03-31 23:55:00
CVE-2011-1553
2011-03-31 23:55:00
CVE-2011-0433
2012-11-19 12:10:48
nvd
nvd
CVE-2011-1554
2011-03-31 23:55:00
CVE-2011-1553
2011-03-31 23:55:00
CVE-2011-0433
2012-11-19 12:10:48
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:07:01
Denial Of Service (DoS)
2020-04-10 01:07:02
Denial Of Service (DoS)
2020-04-10 01:07:02
cbl_mariner
cbl_mariner
CVE-2010-2642 affecting package t1lib 5.1.2-28
2024-07-08 21:08:44
CVE-2011-0433 affecting package t1lib 5.1.2-28
2024-07-08 21:08:44
cert
cert
Foolabs Xpdf contains a denial of service vulnerability
2011-03-21 00:00:00

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.278 Low

EPSS

Percentile

96.8%

JSON
Related for MANDRIVA_MDVSA-2012-004.NASL
amazon2openvas55oraclelinux4nessus51debian2centos3redhat4fedora4osv2ubuntu4slackware1gentoo2securityvulns4ubuntucve7debiancve7prion7cvelist7cve7nvd7veracode6cbl_mariner2cert1