SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)
2007-12-13T00:00:00
ID SUSE_INKSCAPE-3061.NASL Type nessus Reporter This script is Copyright (C) 2007-2021 Tenable Network Security, Inc. Modified 2021-01-14T00:00:00
Description
Several format string problems where fixed in inkscape.
A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. (CVE-2007-1463)
Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-1464)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(29465);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-1463", "CVE-2007-1464");
script_name(english:"SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 10 host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"Several format string problems where fixed in inkscape.
- A format string vulnerability in Inkscape allows
user-assisted remote attackers to execute arbitrary code
via format string specifiers in a URI, which is not
properly handled by certain dialogs. (CVE-2007-1463)
- Format string vulnerability in the whiteboard Jabber
protocol in Inkscape allows user-assisted remote
attackers to execute arbitrary code via unspecified
vectors. (CVE-2007-1464)"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2007-1463.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2007-1464.html"
);
script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 3061.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2007/04/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
flag = 0;
if (rpm_check(release:"SLED10", sp:0, reference:"inkscape-0.43-20.5.3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else exit(0, "The host is not affected.");
{"id": "SUSE_INKSCAPE-3061.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)", "description": "Several format string problems where fixed in inkscape.\n\n - A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. (CVE-2007-1463)\n\n - Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-1464)", "published": "2007-12-13T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/29465", "reporter": "This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2007-1463.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1464", "http://support.novell.com/security/cve/CVE-2007-1464.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1463"], "cvelist": ["CVE-2007-1463", "CVE-2007-1464"], "immutableFields": [], "lastseen": "2021-08-19T13:12:09", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1463", "CVE-2007-1464"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-1463", "DEBIANCVE:CVE-2007-1464"]}, {"type": "gentoo", "idList": ["GLSA-200704-10"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200704-10.NASL", "MANDRAKE_MDKSA-2007-069.NASL", "SUSE_INKSCAPE-3062.NASL", "UBUNTU_USN-438-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830005", "OPENVAS:58216", "OPENVAS:830005", "OPENVAS:840104"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7500"]}, {"type": "ubuntu", "idList": ["USN-438-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-1463", "UB:CVE-2007-1464"]}], "rev": 4}, "score": {"value": 7.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-1463", "CVE-2007-1464"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-1463", "DEBIANCVE:CVE-2007-1464"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200704-10.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830005"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7500"]}, {"type": "ubuntu", "idList": ["USN-438-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-1463"]}]}, "exploitation": null, "vulnersScore": 7.9}, "pluginID": "29465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29465);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1463\", \"CVE-2007-1464\");\n\n script_name(english:\"SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several format string problems where fixed in inkscape.\n\n - A format string vulnerability in Inkscape allows\n user-assisted remote attackers to execute arbitrary code\n via format string specifiers in a URI, which is not\n properly handled by certain dialogs. (CVE-2007-1463)\n\n - Format string vulnerability in the whiteboard Jabber\n protocol in Inkscape allows user-assisted remote\n attackers to execute arbitrary code via unspecified\n vectors. (CVE-2007-1464)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1463.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1464.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3061.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"inkscape-0.43-20.5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:suse:suse_linux"], "solution": "Apply ZYPP patch number 3061.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2007-04-05T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1645250279}}
{"openvas": [{"lastseen": "2017-07-24T12:49:51", "description": "The remote host is missing updates announced in\nadvisory GLSA 200704-10.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200704-10 (Inkscape)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1464", "CVE-2007-1463"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:58216", "href": "http://plugins.openvas.org/nasl.php?oid=58216", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two format string vulnerabilities have been discovered in Inkscape,\nallowing for user-assisted execution of arbitrary code.\";\ntag_solution = \"All Inkscape users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/inkscape-0.45.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200704-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=171799\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200704-10.\";\n\n \n\nif(description)\n{\n script_id(58216);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-1463\", \"CVE-2007-1464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200704-10 (Inkscape)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/inkscape\", unaffected: make_list(\"ge 0.45.1\"), vulnerable: make_list(\"lt 0.45.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:31", "description": "Check for the Version of inkscape", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for inkscape MDKSA-2007:069 (inkscape)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1463"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830005", "href": "http://plugins.openvas.org/nasl.php?oid=830005", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for inkscape MDKSA-2007:069 (inkscape)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Format string vulnerability in Inkscape before 0.45.1 allows\n user-assisted remote attackers to execute arbitrary code via format\n string specifiers in a URI, which is not properly handled by certain\n dialogs.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"inkscape on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-03/msg00025.php\");\n script_id(830005);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:069\");\n script_cve_id(\"CVE-2007-1463\");\n script_name( \"Mandriva Update for inkscape MDKSA-2007:069 (inkscape)\");\n\n script_summary(\"Check for the Version of inkscape\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.44~4.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:29:54", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-438-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for inkscape vulnerability USN-438-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1463"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840104", "href": "http://plugins.openvas.org/nasl.php?oid=840104", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_438_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for inkscape vulnerability USN-438-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was discovered in Inkscape's use of format strings. If a user\n were tricked into opening a specially crafted URI in Inkscape, a remote\n attacker could execute arbitrary code with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-438-1\";\ntag_affected = \"inkscape vulnerability on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-438-1/\");\n script_id(840104);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"438-1\");\n script_cve_id(\"CVE-2007-1463\");\n script_name( \"Ubuntu Update for inkscape vulnerability USN-438-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.43-4ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.44-1ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.42-1ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:48", "description": "Check for the Version of inkscape", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for inkscape MDKSA-2007:069 (inkscape)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1463"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830005", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for inkscape MDKSA-2007:069 (inkscape)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Format string vulnerability in Inkscape before 0.45.1 allows\n user-assisted remote attackers to execute arbitrary code via format\n string specifiers in a URI, which is not properly handled by certain\n dialogs.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"inkscape on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-03/msg00025.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830005\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:069\");\n script_cve_id(\"CVE-2007-1463\");\n script_name( \"Mandriva Update for inkscape MDKSA-2007:069 (inkscape)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of inkscape\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.44~4.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T13:13:25", "description": "Several format string problems where fixed in inkscape.\n\nCVE-2007-1463: A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.\n\nCVE-2007-1464: Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.", "cvss3": {"score": null, "vector": null}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : inkscape (inkscape-3062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1463", "CVE-2007-1464"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:inkscape", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_INKSCAPE-3062.NASL", "href": "https://www.tenable.com/plugins/nessus/27272", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update inkscape-3062.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27272);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1463\", \"CVE-2007-1464\");\n\n script_name(english:\"openSUSE 10 Security Update : inkscape (inkscape-3062)\");\n script_summary(english:\"Check for the inkscape-3062 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several format string problems where fixed in inkscape.\n\nCVE-2007-1463: A format string vulnerability in Inkscape allows\nuser-assisted remote attackers to execute arbitrary code via format\nstring specifiers in a URI, which is not properly handled by certain\ndialogs.\n\nCVE-2007-1464: Format string vulnerability in the whiteboard Jabber\nprotocol in Inkscape allows user-assisted remote attackers to execute\narbitrary code via unspecified vectors.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected inkscape package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"inkscape-0.43-20.5.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"inkscape-0.44.1-26.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"inkscape\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:12:40", "description": "A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : inkscape vulnerability (USN-438-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1463", "CVE-2007-1464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:inkscape", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10"], "id": "UBUNTU_USN-438-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-438-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28034);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-1463\", \"CVE-2007-1464\");\n script_xref(name:\"USN\", value:\"438-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : inkscape vulnerability (USN-438-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in Inkscape's use of format strings. If a user\nwere tricked into opening a specially crafted URI in Inkscape, a\nremote attacker could execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/438-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected inkscape package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"inkscape\", pkgver:\"0.42-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"inkscape\", pkgver:\"0.43-4ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"inkscape\", pkgver:\"0.44-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"inkscape\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:14:03", "description": "The remote host is affected by the vulnerability described in GLSA-200704-10 (Inkscape: Two format string vulnerabilities)\n\n Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format string error in its Jabber whiteboard protocol.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted URI, possibly leading to execution of arbitrary code with the privileges of the user running Inkscape.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2007-04-19T00:00:00", "type": "nessus", "title": "GLSA-200704-10 : Inkscape: Two format string vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1463", "CVE-2007-1464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:inkscape", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200704-10.NASL", "href": "https://www.tenable.com/plugins/nessus/25055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200704-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25055);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1463\", \"CVE-2007-1464\");\n script_xref(name:\"GLSA\", value:\"200704-10\");\n\n script_name(english:\"GLSA-200704-10 : Inkscape: Two format string vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200704-10\n(Inkscape: Two format string vulnerabilities)\n\n Kees Cook has discovered two vulnerabilities in Inkscape. The\n application does not properly handle format string specifiers in some\n dialog boxes. Inkscape is also vulnerable to another format string\n error in its Jabber whiteboard protocol.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted URI,\n possibly leading to execution of arbitrary code with the privileges of\n the user running Inkscape.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200704-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Inkscape users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/inkscape-0.45.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/inkscape\", unaffected:make_list(\"ge 0.45.1\"), vulnerable:make_list(\"lt 0.45.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Inkscape\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:14:09", "description": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.\n\nUpdated packages have been patched to address this issue.", "cvss3": {"score": null, "vector": null}, "published": "2007-03-26T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : inkscape (MDKSA-2007:069)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1463", "CVE-2007-1464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:inkscape", "cpe:/o:mandriva:linux:2007"], "id": "MANDRAKE_MDKSA-2007-069.NASL", "href": "https://www.tenable.com/plugins/nessus/24895", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:069. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24895);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1463\", \"CVE-2007-1464\");\n script_xref(name:\"MDKSA\", value:\"2007:069\");\n\n script_name(english:\"Mandrake Linux Security Advisory : inkscape (MDKSA-2007:069)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Format string vulnerability in Inkscape before 0.45.1 allows\nuser-assisted remote attackers to execute arbitrary code via format\nstring specifiers in a URI, which is not properly handled by certain\ndialogs.\n\nUpdated packages have been patched to address this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected inkscape package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"inkscape-0.44-4.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:16:46", "description": "### Background\n\nInkscape is a vector graphics editor, using Scalable Vector Graphics (SVG) Format. \n\n### Description\n\nKees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format string error in its Jabber whiteboard protocol. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted URI, possibly leading to execution of arbitrary code with the privileges of the user running Inkscape. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Inkscape users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/inkscape-0.45.1\"", "cvss3": {}, "published": "2007-04-16T00:00:00", "type": "gentoo", "title": "Inkscape: Two format string vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1463", "CVE-2007-1464"], "modified": "2007-04-16T00:00:00", "id": "GLSA-200704-10", "href": "https://security.gentoo.org/glsa/200704-10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:00:06", "description": "Format string vulnerability in URIs displaying, security problems with Jabber protocol.", "edition": 2, "cvss3": {}, "published": "2007-03-29T00:00:00", "title": "Inkscape multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-1464", "CVE-2007-1463"], "modified": "2007-03-29T00:00:00", "id": "SECURITYVULNS:VULN:7500", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7500", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntucve": [{"lastseen": "2021-11-22T22:02:32", "description": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted\nremote attackers to execute arbitrary code via format string specifiers in\na URI, which is not properly handled by certain dialogs.", "cvss3": {}, "published": "2007-03-21T00:00:00", "type": "ubuntucve", "title": "CVE-2007-1463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1463"], "modified": "2007-03-21T00:00:00", "id": "UB:CVE-2007-1463", "href": "https://ubuntu.com/security/CVE-2007-1463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T22:02:32", "description": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape\nbefore 0.45.1 allows user-assisted remote attackers to execute arbitrary\ncode via unspecified vectors.", "cvss3": {}, "published": "2007-03-21T00:00:00", "type": "ubuntucve", "title": "CVE-2007-1464", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1464"], "modified": "2007-03-21T00:00:00", "id": "UB:CVE-2007-1464", "href": "https://ubuntu.com/security/CVE-2007-1464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:55:45", "description": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.", "cvss3": {}, "published": "2007-03-21T19:19:00", "type": "cve", "title": "CVE-2007-1463", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1463"], "modified": "2018-10-16T16:38:00", "cpe": ["cpe:/a:inkscape:inkscape:0.44", "cpe:/a:inkscape:inkscape:0.40", "cpe:/a:inkscape:inkscape:0.42.2", "cpe:/a:inkscape:inkscape:0.42", "cpe:/a:inkscape:inkscape:0.42.1", "cpe:/a:inkscape:inkscape:0.41", "cpe:/a:inkscape:inkscape:0.43"], "id": "CVE-2007-1463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:55:46", "description": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2007-03-21T19:19:00", "type": "cve", "title": "CVE-2007-1464", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1464"], "modified": "2018-10-16T16:38:00", "cpe": ["cpe:/a:inkscape:inkscape:0.45"], "id": "CVE-2007-1464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:inkscape:inkscape:0.45:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-03-07T07:33:09", "description": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.", "cvss3": {}, "published": "2007-03-21T19:19:00", "type": "debiancve", "title": "CVE-2007-1463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1463"], "modified": "2007-03-21T19:19:00", "id": "DEBIANCVE:CVE-2007-1463", "href": "https://security-tracker.debian.org/tracker/CVE-2007-1463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-07T07:33:09", "description": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2007-03-21T19:19:00", "type": "debiancve", "title": "CVE-2007-1464", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1464"], "modified": "2007-03-21T19:19:00", "id": "DEBIANCVE:CVE-2007-1464", "href": "https://security-tracker.debian.org/tracker/CVE-2007-1464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T13:35:44", "description": "A flaw was discovered in Inkscape's use of format strings. If a user \nwere tricked into opening a specially crafted URI in Inkscape, a remote \nattacker could execute arbitrary code with user privileges.\n", "cvss3": {}, "published": "2007-03-21T00:00:00", "type": "ubuntu", "title": "Inkscape vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1463"], "modified": "2007-03-21T00:00:00", "id": "USN-438-1", "href": "https://ubuntu.com/security/notices/USN-438-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
