Detections
Analytics
Mandrake Linux Security Advisory : tetex (MDKSA-2004:166)
critical Nessus Plugin ID 16083
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as tetex (CVE-2004-0888).Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like tetex which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.
iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like tetex, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CVE-2004-1125).
The updated packages are patched to protect against these vulnerabilities.
Solution
Update the affected packages.Plugin Details
Severity: Critical
ID: 16083
File Name: mandrake_MDKSA-2004-166.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 1/2/2005
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:jadetex, p-cpe:/a:mandriva:linux:tetex, p-cpe:/a:mandriva:linux:tetex-afm, p-cpe:/a:mandriva:linux:tetex-context, p-cpe:/a:mandriva:linux:tetex-devel, p-cpe:/a:mandriva:linux:tetex-doc, p-cpe:/a:mandriva:linux:tetex-dvilj, p-cpe:/a:mandriva:linux:tetex-dvipdfm, p-cpe:/a:mandriva:linux:tetex-dvips, p-cpe:/a:mandriva:linux:tetex-latex, p-cpe:/a:mandriva:linux:tetex-mfwin, p-cpe:/a:mandriva:linux:tetex-texi2html, p-cpe:/a:mandriva:linux:tetex-xdvi, p-cpe:/a:mandriva:linux:xmltex, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 12/29/2004
Reference Information
CVE: CVE-2004-0888, CVE-2004-1125
CWE: 20
MDKSA: 2004:166