Detections
Analytics
Mandrake Linux Security Advisory : tetex (MDKSA-2007:109)
high Nessus Plugin ID 25311
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.Tetex 3.x uses an embedded copy of the gd source and may also be affected by this issue (CVE-2007-0455).
A buffer overflow in the open_sty function for makeindex in Tetex could allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename (CVE-2007-0650).
The updated packages have been patched to prevent these issues.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 25311
File Name: mandrake_MDKSA-2007-109.nasl
Version: 1.16
Type: local
Family: Mandriva Local Security Checks
Published: 5/25/2007
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:jadetex, p-cpe:/a:mandriva:linux:tetex, p-cpe:/a:mandriva:linux:tetex-afm, p-cpe:/a:mandriva:linux:tetex-context, p-cpe:/a:mandriva:linux:tetex-devel, p-cpe:/a:mandriva:linux:tetex-doc, p-cpe:/a:mandriva:linux:tetex-dvilj, p-cpe:/a:mandriva:linux:tetex-dvipdfm, p-cpe:/a:mandriva:linux:tetex-dvips, p-cpe:/a:mandriva:linux:tetex-latex, p-cpe:/a:mandriva:linux:tetex-mfwin, p-cpe:/a:mandriva:linux:tetex-texi2html, p-cpe:/a:mandriva:linux:tetex-usrlocal, p-cpe:/a:mandriva:linux:tetex-xdvi, p-cpe:/a:mandriva:linux:xmltex, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 5/23/2007
Reference Information
CVE: CVE-2007-0455, CVE-2007-0650
CWE: 119
MDKSA: 2007:109