Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1785-1.NASL
HistoryApr 03, 2013 - 12:00 a.m.

Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : poppler vulnerabilities (USN-1785-1)

2013-04-0300:00:00
Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1785-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(65787);
  script_version("1.9");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2013-1788", "CVE-2013-1789", "CVE-2013-1790");
  script_bugtraq_id(58198);
  script_xref(name:"USN", value:"1785-1");

  script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : poppler vulnerabilities (USN-1785-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were
tricked into opening a crafted PDF file, an attacker could cause a
denial of service or possibly execute arbitrary code with privileges
of the user invoking the program.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1785-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler13");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler19");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler28");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"libpoppler-glib2", pkgver:"0.6.4-1ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpoppler2", pkgver:"0.6.4-1ubuntu3.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libpoppler-glib4", pkgver:"0.12.4-0ubuntu5.3")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libpoppler5", pkgver:"0.12.4-0ubuntu5.3")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"libpoppler-glib6", pkgver:"0.16.7-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"libpoppler13", pkgver:"0.16.7-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"libpoppler-glib8", pkgver:"0.18.4-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"libpoppler19", pkgver:"0.18.4-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"libpoppler-glib8", pkgver:"0.20.4-0ubuntu1.2")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"libpoppler28", pkgver:"0.20.4-0ubuntu1.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpoppler-glib2 / libpoppler-glib4 / libpoppler-glib6 / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibpoppler2p-cpe:/a:canonical:ubuntu_linux:libpoppler2
canonicalubuntu_linuxlibpoppler28p-cpe:/a:canonical:ubuntu_linux:libpoppler28
canonicalubuntu_linuxlibpoppler5p-cpe:/a:canonical:ubuntu_linux:libpoppler5
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux11.10cpe:/o:canonical:ubuntu_linux:11.10
canonicalubuntu_linuxlibpoppler-glib2p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib2
canonicalubuntu_linuxlibpoppler-glib4p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib4
canonicalubuntu_linuxlibpoppler-glib6p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib6
canonicalubuntu_linuxlibpoppler-glib8p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8
canonicalubuntu_linuxlibpoppler13p-cpe:/a:canonical:ubuntu_linux:libpoppler13
Rows per page:
1-10 of 141

Related

openvas 15
ubuntu 1
nessus 8
securityvulns 2
fedora 4
osv 1
debian 1
cve 3
debiancve 3
prion 3
ubuntucve 3
gentoo 1
openvas
openvas
Fedora Update for poppler FEDORA-2013-3457
2013-03-15 00:00:00
Ubuntu: Security Advisory (USN-1785-1)
2013-04-05 00:00:00
Fedora Update for poppler FEDORA-2013-3473
2013-03-15 00:00:00
ubuntu
ubuntu
poppler vulnerabilities
2013-04-02 00:00:00
nessus
nessus
Fedora 17 : poppler-0.18.4-4.fc17 (2013-3457)
2013-03-14 00:00:00
SuSE 11.2 Security Update : poppler (SAT Patch Number 7560)
2013-04-03 00:00:00
Fedora 18 : poppler-0.20.2-10.fc18 (2013-3473)
2013-03-14 00:00:00
securityvulns
securityvulns
[USN-1785-1] poppler vulnerabilities
2013-04-02 00:00:00
poppler library multiple security vulnerabilities
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: poppler-0.20.2-10.fc18
2013-03-14 02:45:03
[SECURITY] Fedora 17 Update: poppler-0.18.4-4.fc17
2013-03-14 02:48:02
[SECURITY] Fedora 18 Update: poppler-0.20.2-16.fc18
2013-09-03 22:27:22
osv
osv
poppler - multiple issues
2013-07-10 00:00:00
debian
debian
[SECURITY] [DSA 2719-1] poppler security update
2013-07-11 01:42:11
cve
cve
CVE-2013-1788
2013-04-09 20:55:00
CVE-2013-1790
2013-04-09 20:55:00
CVE-2013-1789
2013-04-09 20:55:00
debiancve
debiancve
CVE-2013-1788
2013-04-09 20:55:00
CVE-2013-1790
2013-04-09 20:55:00
CVE-2013-1789
2013-04-09 20:55:00
prion
prion
Memory corruption
2013-04-09 20:55:00
Code injection
2013-04-09 20:55:00
Null pointer dereference
2013-04-09 20:55:00
ubuntucve
ubuntucve
CVE-2013-1790
2013-02-28 00:00:00
CVE-2013-1788
2013-02-28 00:00:00
CVE-2013-1789
2013-02-28 00:00:00
gentoo
gentoo
Poppler: Multiple vulnerabilities
2013-10-06 00:00:00
JSON
Related for UBUNTU_USN-1785-1.NASL
openvas15ubuntu1nessus8securityvulns2fedora4osv1debian1cve3debiancve3prion3ubuntucve3gentoo1