Mandriva Linux Security Advisory : poppler (MDVSA-2013:272)

2013-11-2200:00:00

www.tenable.com

Updated poppler packages fix security vulnerabilities :

Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploits may result in denial-of-service conditions (CVE-2013-4473).

Poppler was found to have a user controlled format string vulnerability because it fails to sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition (CVE-2013-4474).

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2013:272. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71027);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2013-4473", "CVE-2013-4474");
  script_bugtraq_id(63368, 63374);
  script_xref(name:"MDVSA", value:"2013:272");

  script_name(english:"Mandriva Linux Security Advisory : poppler (MDVSA-2013:272)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated poppler packages fix security vulnerabilities :

Poppler is found to be affected by a stack based buffer overflow
vulnerability in the pdfseparate utility. Successfully exploiting this
issue could allow remote attackers to execute arbitrary code in the
context of the affected application. Failed exploits may result in
denial-of-service conditions (CVE-2013-4473).

Poppler was found to have a user controlled format string
vulnerability because it fails to sanitize user-supplied input. An
attacker may exploit this issue to execute arbitrary code in the
context of the vulnerable application. Failed exploit attempts will
likely result in a denial-of-service condition (CVE-2013-4474)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2013-0332.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64poppler-cpp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64poppler-cpp0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64poppler-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64poppler-gir0.18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64poppler-glib-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64poppler-glib8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64poppler19");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:poppler");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64poppler-cpp-devel-0.18.4-3.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64poppler-cpp0-0.18.4-3.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64poppler-devel-0.18.4-3.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64poppler-gir0.18-0.18.4-3.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64poppler-glib-devel-0.18.4-3.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64poppler-glib8-0.18.4-3.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64poppler19-0.18.4-3.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"poppler-0.18.4-3.2.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxlib64poppler-cpp-develp-cpe:/a:mandriva:linux:lib64poppler-cpp-devel
mandrivalinuxlib64poppler-cpp0p-cpe:/a:mandriva:linux:lib64poppler-cpp0
mandrivalinuxlib64poppler-develp-cpe:/a:mandriva:linux:lib64poppler-devel
mandrivalinuxlib64poppler-gir0.18p-cpe:/a:mandriva:linux:lib64poppler-gir0.18
mandrivalinuxlib64poppler-glib-develp-cpe:/a:mandriva:linux:lib64poppler-glib-devel
mandrivalinuxlib64poppler-glib8p-cpe:/a:mandriva:linux:lib64poppler-glib8
mandrivalinuxlib64poppler19p-cpe:/a:mandriva:linux:lib64poppler19
mandrivalinuxpopplerp-cpe:/a:mandriva:linux:poppler
mandrivabusiness_server1cpe:/o:mandriva:business_server:1

Vendor	Product	Version	CPE
mandriva	linux	lib64poppler-cpp-devel	p-cpe:/a:mandriva:linux:lib64poppler-cpp-devel
mandriva	linux	lib64poppler-cpp0	p-cpe:/a:mandriva:linux:lib64poppler-cpp0
mandriva	linux	lib64poppler-devel	p-cpe:/a:mandriva:linux:lib64poppler-devel
mandriva	linux	lib64poppler-gir0.18	p-cpe:/a:mandriva:linux:lib64poppler-gir0.18
mandriva	linux	lib64poppler-glib-devel	p-cpe:/a:mandriva:linux:lib64poppler-glib-devel
mandriva	linux	lib64poppler-glib8	p-cpe:/a:mandriva:linux:lib64poppler-glib8
mandriva	linux	lib64poppler19	p-cpe:/a:mandriva:linux:lib64poppler19
mandriva	linux	poppler	p-cpe:/a:mandriva:linux:poppler
mandriva	business_server	1	cpe:/o:mandriva:business_server:1