Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3517-1.NASL
HistoryJan 08, 2018 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS : poppler vulnerabilities (USN-3517-1)

2018-01-0800:00:00
Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. (CVE-2017-1000456)

It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-14976).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3517-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(105650);
  script_version("3.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2017-1000456", "CVE-2017-14976");
  script_xref(name:"USN", value:"3517-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : poppler vulnerabilities (USN-3517-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that poppler incorrectly handled certain files. If a
user or automated system were tricked into opening a crafted PDF file,
an attacker could execute arbitrary. (CVE-2017-1000456)

It was discovered that poppler incorrectly handled certain files. If a
user or automated system were tricked into opening a crafted PDF file,
an attacker could cause a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-14976).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3517-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1000456");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler44");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler58");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:poppler-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gir1.2-poppler-0.18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-private-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-dev");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'gir1.2-poppler-0.18', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-cpp-dev', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-cpp0', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-dev', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-glib-dev', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-glib8', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-private-dev', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-qt4-4', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-qt4-dev', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-qt5-1', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler-qt5-dev', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'libpoppler44', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '14.04', 'pkgname': 'poppler-utils', 'pkgver': '0.24.5-2ubuntu4.9'},
    {'osver': '16.04', 'pkgname': 'gir1.2-poppler-0.18', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-cpp-dev', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-cpp0', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-dev', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-glib-dev', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-glib8', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-private-dev', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-qt4-4', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-qt4-dev', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-qt5-1', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler-qt5-dev', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'libpoppler58', 'pkgver': '0.41.0-0ubuntu1.6'},
    {'osver': '16.04', 'pkgname': 'poppler-utils', 'pkgver': '0.41.0-0ubuntu1.6'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-poppler-0.18 / libpoppler-cpp-dev / libpoppler-cpp0 / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibpoppler44p-cpe:/a:canonical:ubuntu_linux:libpoppler44
canonicalubuntu_linuxlibpoppler58p-cpe:/a:canonical:ubuntu_linux:libpoppler58
canonicalubuntu_linuxpoppler-utilsp-cpe:/a:canonical:ubuntu_linux:poppler-utils
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linuxgir1.2-poppler-0.18p-cpe:/a:canonical:ubuntu_linux:gir1.2-poppler-0.18
canonicalubuntu_linuxlibpoppler-cpp-devp-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp-dev
canonicalubuntu_linuxlibpoppler-cpp0p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0
canonicalubuntu_linuxlibpoppler-devp-cpe:/a:canonical:ubuntu_linux:libpoppler-dev
canonicalubuntu_linuxlibpoppler-glib-devp-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev
Rows per page:
1-10 of 161

Related

ubuntu 1
openvas 13
nessus 17
gentoo 1
redhatcve 2
cve 3
debian 4
osv 5
prion 2
mageia 3
ubuntucve 3
fedora 6
debiancve 2
veracode 1
suse 1
ubuntu
ubuntu
poppler vulnerabilities
2018-01-08 00:00:00
openvas
openvas
Ubuntu Update for poppler USN-3517-1
2018-10-26 00:00:00
Fedora Update for poppler FEDORA-2018-20ba39cba9
2018-01-10 00:00:00
Debian LTS: Security Advisory for poppler (DLA-1228-1)
2018-01-09 00:00:00
nessus
nessus
GLSA-201804-03 : Poppler: Multiple vulnerabilities
2018-04-10 00:00:00
Debian DLA-1228-1 : poppler security update
2018-01-04 00:00:00
Fedora 26 : poppler (2018-20ba39cba9)
2018-01-10 00:00:00
gentoo
gentoo
Poppler: Multiple vulnerabilities
2018-04-08 00:00:00
redhatcve
redhatcve
CVE-2017-14976
2017-10-10 12:49:52
CVE-2017-1000456
2018-01-05 04:49:36
cve
cve
CVE-2017-14976
2017-10-02 01:29:00
CVE-2017-1000456
2018-01-02 18:29:00
CVE-2017-1000440
2017-12-30 07:29:00
debian
debian
[SECURITY] [DLA 1228-1] poppler security update
2018-01-03 13:21:53
[SECURITY] [DSA 4097-1] poppler security update
2018-01-25 12:22:52
[SECURITY] [DLA 1177-1] poppler security update
2017-11-18 18:27:50
osv
osv
poppler - security update
2018-01-03 00:00:00
poppler - security update
2018-01-25 00:00:00
CVE-2017-1000456
2018-01-02 18:29:00
prion
prion
Design/Logic Flaw
2018-01-02 18:29:00
Heap overflow
2017-10-02 01:29:00
mageia
mageia
Updated poppler packages fix security vulnerability
2018-01-11 22:36:44
Updated poppler packages fix security vulnerability
2018-01-14 19:54:13
Updated poppler packages fix security vulnerabilities
2017-11-06 11:22:52
ubuntucve
ubuntucve
CVE-2017-1000456
2018-01-02 00:00:00
CVE-2017-14976
2017-10-01 00:00:00
CVE-2019-12958
2019-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: poppler-0.52.0-11.fc26
2018-01-09 16:53:02
[SECURITY] Fedora 27 Update: poppler-0.57.0-7.fc27
2018-01-10 02:16:31
[SECURITY] Fedora 25 Update: mingw-poppler-0.45.0-5.fc25
2017-10-25 21:23:29
debiancve
debiancve
CVE-2017-1000456
2018-01-02 18:29:00
CVE-2017-14976
2017-10-02 01:29:00
veracode
veracode
Denial Of Service (DoS)
2018-06-08 09:56:38
suse
suse
Security update for poppler (moderate)
2018-06-16 15:10:22
JSON
Related for UBUNTU_USN-3517-1.NASL
ubuntu1openvas13nessus17gentoo1redhatcve2cve3debian4osv5prion2mageia3ubuntucve3fedora6debiancve2veracode1suse1