CVE-2002-1384
CVSS7.2
发布时间 :2003-01-02 00:00:00
修订时间 :2016-10-17 22:26:38
NMCOPS    

[原文]Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.


[CNNVD]Xpdf/CUPS pdftops整型溢出漏洞(CNNVD-200301-007)

        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。Xpdf是开放源代码查看PDF文件程序。CUPS和Xpdf包含pdftops和pdftotext两个转换PDF到postscript和文本文件的程序。
        pdftops转换程序存在整数溢出漏洞,本地攻击者可以利用这个漏洞提供恶意数据破坏内存信息,以'lp'用户权限在系统上执行任意指令。
        pdftops由于没有正确处理用户提供的超大数据,可导致发生整数溢出,攻击者提供恶意文件诱使用户处理,可能以'lp'用户权限执行任意指令。利用方法很多样,如:
        ColorSpace以1,431,655,768个元素建立,每个元素包含3个组件。而1,431,655,768由于过大而不能存储在32位整数中,高位就会被截断:
        ...
         /CS
         [
         /Indexed
         /RGB
         1431655768
         7 0 R
         ]
        ...
        上面的'7 0 r'指的是一个流,会被读入到上面分配的一个数组中。这个流一般在它读到最高索引号或者流末端停止。如果提供足够的数据可导致应用程序访问错误内存而崩溃。精心构建提供的数据可以覆盖函数指针而以'lp'权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.4_2
cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:easy_software_products:cups:1.1.4_3
cpe:/a:easy_software_products:cups:1.0.4
cpe:/a:xpdf:xpdf:2.1
cpe:/a:xpdf:xpdf:1.1
cpe:/a:xpdf:xpdf:2.0
cpe:/a:xpdf:xpdf:1.0
cpe:/a:easy_software_products:cups:1.1.4_5
cpe:/a:xpdf:xpdf:0.90
cpe:/a:easy_software_products:cups:1.1.10
cpe:/a:xpdf:xpdf:0.91
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:easy_software_products:cups:1.1.14
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:xpdf:xpdf:1.0a
cpe:/a:easy_software_products:cups:1.1.1
cpe:/a:easy_software_products:cups:1.0.4_8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1384
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1384
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200301-007
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=104152282309980&w=2
(UNKNOWN)  GENTOO  GLSA-200301-1
http://www.debian.org/security/2003/dsa-222
(UNKNOWN)  DEBIAN  DSA-222
http://www.debian.org/security/2003/dsa-226
(UNKNOWN)  DEBIAN  DSA-226
http://www.debian.org/security/2003/dsa-232
(UNKNOWN)  DEBIAN  DSA-232
http://www.idefense.com/advisory/12.23.02.txt
(VENDOR_ADVISORY)  MISC  http://www.idefense.com/advisory/12.23.02.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
(UNKNOWN)  MANDRAKE  MDKSA-2003:001
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002
(UNKNOWN)  MANDRAKE  MDKSA-2003:002
http://www.novell.com/linux/security/advisories/2003_002_cups.html
(UNKNOWN)  SUSE  SUSE-SA:2003:002
http://www.redhat.com/support/errata/RHSA-2002-295.html
(UNKNOWN)  REDHAT  RHSA-2002:295
http://www.redhat.com/support/errata/RHSA-2002-307.html
(UNKNOWN)  REDHAT  RHSA-2002:307
http://www.redhat.com/support/errata/RHSA-2003-037.html
(UNKNOWN)  REDHAT  RHSA-2003:037
http://www.redhat.com/support/errata/RHSA-2003-216.html
(UNKNOWN)  REDHAT  RHSA-2003:216
http://www.securityfocus.com/bid/6475
(UNKNOWN)  BID  6475
http://xforce.iss.net/xforce/xfdb/10937
(VENDOR_ADVISORY)  XF  pdftops-integer-overflow(10937)

- 漏洞信息

Xpdf/CUPS pdftops整型溢出漏洞
高危 边界条件错误
2003-01-02 00:00:00 2005-05-13 00:00:00
本地  
        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。Xpdf是开放源代码查看PDF文件程序。CUPS和Xpdf包含pdftops和pdftotext两个转换PDF到postscript和文本文件的程序。
        pdftops转换程序存在整数溢出漏洞,本地攻击者可以利用这个漏洞提供恶意数据破坏内存信息,以'lp'用户权限在系统上执行任意指令。
        pdftops由于没有正确处理用户提供的超大数据,可导致发生整数溢出,攻击者提供恶意文件诱使用户处理,可能以'lp'用户权限执行任意指令。利用方法很多样,如:
        ColorSpace以1,431,655,768个元素建立,每个元素包含3个组件。而1,431,655,768由于过大而不能存储在32位整数中,高位就会被截断:
        ...
         /CS
         [
         /Indexed
         /RGB
         1431655768
         7 0 R
         ]
        ...
        上面的'7 0 r'指的是一个流,会被读入到上面分配的一个数组中。这个流一般在它读到最高索引号或者流末端停止。如果提供足够的数据可导致应用程序访问错误内存而崩溃。精心构建提供的数据可以覆盖函数指针而以'lp'权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Easy Software Products
        ----------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Easy Software Products Upgrade CUPS 1.1.18
        
        http://www.cups.org/software.html

        Xpdf
        ----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Xpdf Patch xpdf-2.01-patch1
        ftp://ftp.foolabs.com/pub/xpdf/xpdf-2.01-patch1

- 漏洞信息 (F30796)

RHSA-2003:037-09.txt (PacketStormID:F30796)
2003-02-07 00:00:00
Red Hat Security  redhat.com
remote,vulnerability
linux,redhat
CVE-2002-1384
[点击下载]

Red Hat Security Advisory RHSA-2003:037-09 - Xpdf v2.01 and below contains remote vulnerabilities which allow attackers to execute code via malformed PDF files.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=utf-8" />
<title>RHSA-2003:037-09.txt ≈ Packet Storm</title>
<meta name="description" content="Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers" />
<meta name="keywords" content="security,exploit,advisory,whitepaper,xss,csrf,overflow,scanner,vulnerability" />
<link rel="shortcut icon" href="/img/pss.ico" />
<link rel="stylesheet" media="screen,print,handheld" href="http://packetstatic.com/css1366870159/pss.css" type="text/css" />
<!--[if lt ie 8]><link rel="stylesheet" type="text/css" href="http://packetstatic.com/css1366870159/ie.css" /><![endif]-->
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pt.js"></script>
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pss.js"></script>
<link rel="search" type="application/opensearchdescription+xml" href="http://packetstormsecurity.com/opensearch.xml" title="Packet Storm Site Search" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Headlines" href="http://rss.packetstormsecurity.com/news/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Recent Files" href="http://rss.packetstormsecurity.com/files/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Exploits" href="http://rss.packetstormsecurity.com/files/tags/exploit/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Advisories" href="http://rss.packetstormsecurity.com/files/tags/advisory/" />
</head>
<body id="files">
<div id="t">
   <div id="tc">
      <a id="top" href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="315" height="65" id="logo" alt="packet storm" /></a>
      <div id="slogan">the original cloud security
</div>
      <div id="account"><a href="https://packetstormsecurity.com/account/register/">Register</a> | <a href="https://packetstormsecurity.com/account/login/">Login</a></div>
      <div id="search">
        <form method="get" action="/search/"><input type="text" name="q" id="q" maxlength="120" value="Search …" /><button type="submit"></button><div id="q-tabs"><label for="s-files" class="on">Files</label><label for="s-news">News</label><label for="s-users">Users</label><label for="s-authors">Authors</label><input type="radio" value="files" name="s" id="s-files" /><input type="radio" value="news" name="s" id="s-news" /><input type="radio" value="users" name="s" id="s-users" /><input type="radio" value="authors" name="s" id="s-authors" /></div></form>
      </div>
   </div>
    <div id="tn"><div id="tnc">
        <a href="/" id="tn-home"><span>Home</span></a> <a href="/files/" id="tn-files"><span>Files</span></a> <a href="/news/" id="tn-news"><span>News</span></a> <a href="/about/" id="tn-about"><span>About</span></a> <a href="/contact/" id="tn-contact"><span>Contact</span></a> <a href="/submit/" id="tn-submit"><span>Add New</span></a>
    </div></div>
    <div id="tn2"></div>
</div>

<div id="c">

 <div id="cc">
     <div id="m">
    

    
    
    
     
    <div class="h1"><h1>RHSA-2003:037-09.txt</h1></div>
<dl id="F30796" class="file first">
<dt><a class="ico text-plain" href="/files/download/30796/RHSA-2003%3A037-09.txt" title="Size: 6.7 KB"><strong>RHSA-2003:037-09.txt</strong></a></dt>
<dd class="datetime">Posted <a href="/files/date/2003-02-07/" title="08:01:43 UTC">Feb  7, 2003</a></dd>
<dd class="refer">Authored by <a href="/files/author/2536/" class="person">Red Hat Security</a> | Site <a href="http://www.redhat.com/support/errata">redhat.com</a></dd>
<dd class="detail"><p>Red Hat Security Advisory RHSA-2003:037-09 - Xpdf v2.01 and below contains remote vulnerabilities which allow attackers to execute code via malformed PDF files.</p></dd>
<dd class="tags"><span>tags</span> | <a href="/files/tags/remote">remote</a>, <a href="/files/tags/vulnerability">vulnerability</a></dd>
<dd class="os"><span>systems</span> | <a href="/files/os/linux">linux</a>, <a href="/files/os/redhat">redhat</a></dd>
<dd class="cve"><span>advisories</span> | <a href="/files/cve/CVE-2002-1384">CVE-2002-1384</a></dd>
<dd class="md5"><span>MD5</span> | <code>e03f78eb9115b7270ce9b4704c58fb50</code></dd>
<dd class="act-links"><a href="/files/download/30796/RHSA-2003%3A037-09.txt" title="Size: 6.7 KB" rel="nofollow">Download</a> | <a href="/files/favorite/30796/" class="fav" rel="nofollow">Favorite</a> | <a href="/files/30796/RHSA-2003-037-09.txt.html">Comments <span>(0)</span></a></dd>
</dl>
<div id="extra-links"><a href="/files/related/30796/RHSA-2003-037-09.txt.html" id="related">Related Files</a><div id="share">
<h2>Share This</h2>
<ul>
<li><iframe scrolling="no" frameborder="0" allowtransparency="true" style="border: medium none; overflow: hidden; width: 80px; height: 21px;" src="http://www.facebook.com/plugins/like.php?href=http://packetstormsecurity.com/files/30796/RHSA-2003-037-09.txt.html&layout=button_count&show_faces=true&width=250&action=like&font&colorscheme=light&height=21"></iframe></li><li><iframe scrolling="no" frameborder="0" tabindex="0" allowtransparency="true" src="http://platform0.twitter.com/widgets/tweet_button.html?_=1286138321418&count=horizontal&lang=en&text=RHSA-2003:037-09.txt&url=http://packetstormsecurity.com/files/30796/RHSA-2003-037-09.txt.html&via=packet_storm" style="width: 110px; height: 20px;" title="Twitter"></iframe></li><li><a href="http://www.linkedin.com/shareArticle?mini=true&url=http://packetstormsecurity.com/files/30796/RHSA-2003-037-09.txt.html&title=RHSA-2003:037-09.txt&source=Packet+Storm" class="LinkedIn">LinkedIn</a></li><li><a href="http://www.reddit.com/submit?url=http://packetstormsecurity.com/files/30796/RHSA-2003-037-09.txt.html&title=RHSA-2003:037-09.txt" class="Reddit">Reddit</a></li><li><a href="http://digg.com/submit?phase=2&url=http://packetstormsecurity.com/files/30796/RHSA-2003-037-09.txt.html" class="Digg">Digg</a></li><li><a href="http://www.stumbleupon.com/submit?url=http://packetstormsecurity.com/files/30796/RHSA-2003-037-09.txt.html&title=RHSA-2003:037-09.txt" class="StumbleUpon">StumbleUpon</a></li></ul>
</div>
</div>
<div class="h1"><h1>RHSA-2003:037-09.txt</h1></div>
<div class="src">
<div><a href="/mirrors/">Change Mirror</a> <a href="/files/download/30796/RHSA-2003%3A037-09.txt">Download</a></div>
<pre><code>---------------------------------------------------------------------<br />                   Red Hat, Inc. Red Hat Security Advisory<br /><br />Synopsis:          Updated Xpdf packages fix security vulnerability<br />Advisory ID:       RHSA-2003:037-09<br />Issue date:        0000-01-01<br />Updated on:        2003-02-06<br />Product:           Red Hat Linux<br />Keywords:          <br />Cross references:  <br />Obsoletes:         RHSA-2000:060<br />CVE Names:         CAN-2002-1384<br />---------------------------------------------------------------------<br /><br />1. Topic:<br /><br />Updated Xpdf packages are now available that fix a vulnerability in which a<br />maliciously-crafted pdf document could run arbitrary code.<br /><br />2. Relevant releases/architectures:<br /><br />Red Hat Linux 6.2 - i386<br />Red Hat Linux 7.0 - i386<br />Red Hat Linux 7.1 - i386<br />Red Hat Linux 7.2 - i386, ia64<br />Red Hat Linux 7.3 - i386<br />Red Hat Linux 8.0 - i386<br /><br />3. Problem description:<br /><br />Xpdf is a viewer for Portable Document Format (PDF) files.<br /><br />During an audit of CUPS, a printing system, Zen Parsec found an integer<br />overflow vulnerability in the pdftops filter.  Since the code for pdftops<br />is taken from the Xpdf project, all versions of Xpdf including 2.01 are<br />also vulnerable to this issue.  An attacker could create a PDF<br />file that could execute arbitrary code.  This could would have the same<br />access privileges as the user who viewed the file with Xpdf.<br /><br />All users of Xpdf are advised to upgrade to these erratum packages.  For<br />Red Hat Linux 8.0 we have included new packages based on Xpdf 1.01 with a<br />patch to correct this issue.  For Red Hat Linux 7.0, 7.1, 7.2, and 7.3 we<br />have upgraded Xpdf to version 1.00 with a patch to correct this issue.  For<br />Red Hat Linux 6.2 we have upgraded Xpdf to version 0.92 with a patch to<br />correct this issue.<br /><br />4. Solution:<br /><br />Before applying this update, make sure all previously released errata<br />relevant to your system have been applied.<br /><br />To update all RPMs for your particular architecture, run:<br /><br />rpm -Fvh [filenames]<br /><br />where [filenames] is a list of the RPMs you wish to upgrade.  Only those<br />RPMs which are currently installed will be updated.  Those RPMs which are<br />not installed but included in the list will not be updated.  Note that you<br />can also use wildcards (*.rpm) if your current directory *only* contains the<br />desired RPMs.<br /><br />Please note that this update is also available via Red Hat Network.  Many<br />people find this an easier way to apply updates.  To use Red Hat Network,<br />launch the Red Hat Update Agent with the following command:<br /><br />up2date<br /><br />This will start an interactive process that will result in the appropriate<br />RPMs being upgraded on your system.<br /><br />5. RPMs required:<br /><br />Red Hat Linux 6.2:<br /><br />SRPMS:<br />ftp://updates.redhat.com/6.2/en/os/SRPMS/xpdf-0.92-1.62.0.src.rpm<br /><br />i386:<br />ftp://updates.redhat.com/6.2/en/os/i386/xpdf-0.92-1.62.0.i386.rpm<br /><br />Red Hat Linux 7.0:<br /><br />SRPMS:<br />ftp://updates.redhat.com/7.0/en/os/SRPMS/xpdf-0.92-2.70.0.src.rpm<br /><br />i386:<br />ftp://updates.redhat.com/7.0/en/os/i386/xpdf-0.92-2.70.0.i386.rpm<br /><br />Red Hat Linux 7.1:<br /><br />SRPMS:<br />ftp://updates.redhat.com/7.1/en/os/SRPMS/xpdf-0.92-4.71.0.src.rpm<br /><br />i386:<br />ftp://updates.redhat.com/7.1/en/os/i386/xpdf-0.92-4.71.0.i386.rpm<br /><br />Red Hat Linux 7.2:<br /><br />SRPMS:<br />ftp://updates.redhat.com/7.2/en/os/SRPMS/xpdf-0.92-8.src.rpm<br /><br />i386:<br />ftp://updates.redhat.com/7.2/en/os/i386/xpdf-0.92-8.i386.rpm<br /><br />ia64:<br />ftp://updates.redhat.com/7.2/en/os/ia64/xpdf-0.92-8.ia64.rpm<br /><br />Red Hat Linux 7.3:<br /><br />SRPMS:<br />ftp://updates.redhat.com/7.3/en/os/SRPMS/xpdf-1.00-5.src.rpm<br /><br />i386:<br />ftp://updates.redhat.com/7.3/en/os/i386/xpdf-1.00-5.i386.rpm<br />ftp://updates.redhat.com/7.3/en/os/i386/xpdf-chinese-simplified-1.00-5.i386.rpm<br />ftp://updates.redhat.com/7.3/en/os/i386/xpdf-chinese-traditional-1.00-5.i386.rpm<br />ftp://updates.redhat.com/7.3/en/os/i386/xpdf-korean-1.00-5.i386.rpm<br />ftp://updates.redhat.com/7.3/en/os/i386/xpdf-japanese-1.00-5.i386.rpm<br /><br />Red Hat Linux 8.0:<br /><br />SRPMS:<br />ftp://updates.redhat.com/8.0/en/os/SRPMS/xpdf-1.01-10.src.rpm<br /><br />i386:<br />ftp://updates.redhat.com/8.0/en/os/i386/xpdf-1.01-10.i386.rpm<br />ftp://updates.redhat.com/8.0/en/os/i386/xpdf-chinese-simplified-1.01-10.i386.rpm<br />ftp://updates.redhat.com/8.0/en/os/i386/xpdf-chinese-traditional-1.01-10.i386.rpm<br />ftp://updates.redhat.com/8.0/en/os/i386/xpdf-korean-1.01-10.i386.rpm<br />ftp://updates.redhat.com/8.0/en/os/i386/xpdf-japanese-1.01-10.i386.rpm<br /><br /><br /><br />6. Verification:<br /><br />MD5 sum                          Package Name<br />--------------------------------------------------------------------------<br />14f5a760b10a2022fe11b13a608679e4 6.2/en/os/SRPMS/xpdf-0.92-1.62.0.src.rpm<br />84273042eac769bca8e0ae41e40cbb51 6.2/en/os/i386/xpdf-0.92-1.62.0.i386.rpm<br />2ec914d67d16b66eb4777793c4927d2b 7.0/en/os/SRPMS/xpdf-0.92-2.70.0.src.rpm<br />e9f8f9b571951d832dcfe6310c222600 7.0/en/os/i386/xpdf-0.92-2.70.0.i386.rpm<br />777407e0f43e7586f4ef22681eb5311b 7.1/en/os/SRPMS/xpdf-0.92-4.71.0.src.rpm<br />69f703be285030506d5775c7e258353e 7.1/en/os/i386/xpdf-0.92-4.71.0.i386.rpm<br />6aef839487e9ef365c8a1e083cdb8d40 7.2/en/os/SRPMS/xpdf-0.92-8.src.rpm<br />a5b8632b5e3fdae729fd138c79511f37 7.2/en/os/i386/xpdf-0.92-8.i386.rpm<br />9833d7aaa358bf91daac2927d85ecca4 7.2/en/os/ia64/xpdf-0.92-8.ia64.rpm<br />d3f8e5d7bbfe3c10c924b8e8e2c855e2 7.3/en/os/SRPMS/xpdf-1.00-5.src.rpm<br />970dcce631dd221352e4079de6fc8cc8 7.3/en/os/i386/xpdf-1.00-5.i386.rpm<br />1281db16a674bbba70a40f22b8da44c1 7.3/en/os/i386/xpdf-chinese-simplified-1.00-5.i386.rpm<br />f9ad4618251a7aaabc62767dda269177 7.3/en/os/i386/xpdf-chinese-traditional-1.00-5.i386.rpm<br />c796d0feb9f67344104393c82c4c707c 7.3/en/os/i386/xpdf-japanese-1.00-5.i386.rpm<br />8313eca768d1741372b18a304400bec9 7.3/en/os/i386/xpdf-korean-1.00-5.i386.rpm<br />d9e8a55e8fc1a1c2accf738372f541f1 8.0/en/os/SRPMS/xpdf-1.01-10.src.rpm<br />5ff0fab12ef736f60e9d9608a4c17d59 8.0/en/os/i386/xpdf-1.01-10.i386.rpm<br />b175f4484b7b652164b4065b9c04f700 8.0/en/os/i386/xpdf-chinese-simplified-1.01-10.i386.rpm<br />b79bb5155ef492835453dd0eb07af345 8.0/en/os/i386/xpdf-chinese-traditional-1.01-10.i386.rpm<br />15058d3a0a53536f6300d4e5c52c00b1 8.0/en/os/i386/xpdf-japanese-1.01-10.i386.rpm<br />028755012a882c6ed4024b7b4c601911 8.0/en/os/i386/xpdf-korean-1.01-10.i386.rpm<br /><br /><br />These packages are GPG signed by Red Hat, Inc. for security.  Our key<br />is available at http://www.redhat.com/about/contact/pgpkey.html<br /><br />You can verify each package with the following command:<br />    <br />    rpm --checksig -v <filename><br /><br />If you only wish to verify that each package has not been corrupted or<br />tampered with, examine only the md5sum with the following command:<br />    <br />    md5sum <filename><br /><br /><br />7. References:<br /><br />http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1384<br /><br />8. Contact:<br /><br />The Red Hat security contact is <security@redhat.com>.  More contact<br />details at http://www.redhat.com/solutions/security/news/contact.html<br /><br />Copyright 2003 Red Hat, Inc.<br /><br /><br /><br /></code></pre>
</div>
<div id="comments">
<h2>Comments</h2><a href="http://rss.packetstormsecurity.com/files/30796" class="rss-cmt"><img src="http://packetstatic.com/img1353978071/bt_rss.gif" width="16" height="16" alt="RSS Feed" /> <span>Subscribe to this comment feed</span></a><br /><p id="comment-none">No comments yet, be the first!</p></div>
<div id="comment-form" style="display:none"></div><div id="comment-login"><a href="https://packetstormsecurity.com/account/login/">Login</a> or <a href="https://packetstormsecurity.com/account/register/">Register</a> to post a comment</div>
    
    
     </div>
    
      <div id="adblock">
        
      </div>
      <div id="mn">
        <div class="mn-like-us">
<ul>
<li><a href="https://twitter.com/packet_storm"><img src="http://packetstatic.com/img1353978071/s_twitter.png" width="24" height="24" alt="Follow on Twitter" /> Follow us on Twitter</a></li>
<li><a href="https://www.facebook.com/packetstormfeed"><img src="http://packetstatic.com/img1353978071/s_facebook.png" width="24" height="24" alt="Follow on Facebook" /> Follow us on Facebook</a></li>
<li><a href="/feeds"><img src="http://packetstatic.com/img1353978071/s_rss.png" width="24" height="24" alt="View RSS Feeds" /> Subscribe to an RSS Feed</a></li>
</ul>
</div>
<div class="mn-like-us"><ul><li style="border-color: #afa; background: #efe"><a style="border-color: #6f6; background: #afa; color: #060; padding-left: 0;" href="/bugbounty/"><span style="color:#393">$ $ $</span>  Write Exploits? Get Paid!</a></li></ul></div>
<div>
<form id="cal" action="/files/cal/" method="post">
<h2>File Archive:</h2><h3>April 2013</h3>
<button id="cal-prev" name="cal-prev" type="button" value="2013-4"><span><</span></button><ul class="dotw"><li>Su</li><li>Mo</li><li>Tu</li><li>We</li><li>Th</li><li>Fr</li><li>Sa</li></ul>
<ul><li></li><li class="low"><a href="/files/date/2013-04-01/">1</a><div class="stats"><div class="point"></div><div class="date">Apr 1st</div><div class="count">10 Files</div></div></li><li class="med"><a href="/files/date/2013-04-02/">2</a><div class="stats"><div class="point"></div><div class="date">Apr 2nd</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-03/">3</a><div class="stats"><div class="point"></div><div class="date">Apr 3rd</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-04/">4</a><div class="stats"><div class="point"></div><div class="date">Apr 4th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-05/">5</a><div class="stats"><div class="point"></div><div class="date">Apr 5th</div><div class="count">30 Files</div></div></li><li class="low"><a href="/files/date/2013-04-06/">6</a><div class="stats"><div class="point"></div><div class="date">Apr 6th</div><div class="count">4 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-07/">7</a><div class="stats"><div class="point"></div><div class="date">Apr 7th</div><div class="count">12 Files</div></div></li><li class="med"><a href="/files/date/2013-04-08/">8</a><div class="stats"><div class="point"></div><div class="date">Apr 8th</div><div class="count">23 Files</div></div></li><li class="med"><a href="/files/date/2013-04-09/">9</a><div class="stats"><div class="point"></div><div class="date">Apr 9th</div><div class="count">26 Files</div></div></li><li class="med"><a href="/files/date/2013-04-10/">10</a><div class="stats"><div class="point"></div><div class="date">Apr 10th</div><div class="count">30 Files</div></div></li><li class="high"><a href="/files/date/2013-04-11/">11</a><div class="stats"><div class="point"></div><div class="date">Apr 11th</div><div class="count">63 Files</div></div></li><li class="low"><a href="/files/date/2013-04-12/">12</a><div class="stats"><div class="point"></div><div class="date">Apr 12th</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-13/">13</a><div class="stats"><div class="point"></div><div class="date">Apr 13th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-14/">14</a><div class="stats"><div class="point"></div><div class="date">Apr 14th</div><div class="count">2 Files</div></div></li><li class="low"><a href="/files/date/2013-04-15/">15</a><div class="stats"><div class="point"></div><div class="date">Apr 15th</div><div class="count">11 Files</div></div></li><li class="med"><a href="/files/date/2013-04-16/">16</a><div class="stats"><div class="point"></div><div class="date">Apr 16th</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-17/">17</a><div class="stats"><div class="point"></div><div class="date">Apr 17th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-18/">18</a><div class="stats"><div class="point"></div><div class="date">Apr 18th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-19/">19</a><div class="stats"><div class="point"></div><div class="date">Apr 19th</div><div class="count">19 Files</div></div></li><li class="low"><a href="/files/date/2013-04-20/">20</a><div class="stats"><div class="point"></div><div class="date">Apr 20th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-21/">21</a><div class="stats"><div class="point"></div><div class="date">Apr 21st</div><div class="count">3 Files</div></div></li><li class="low"><a href="/files/date/2013-04-22/">22</a><div class="stats"><div class="point"></div><div class="date">Apr 22nd</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-23/">23</a><div class="stats"><div class="point"></div><div class="date">Apr 23rd</div><div class="count">13 Files</div></div></li><li class="low"><a href="/files/date/2013-04-24/">24</a><div class="stats"><div class="point"></div><div class="date">Apr 24th</div><div class="count">11 Files</div></div></li><li class="none today"><a href="/files/date/2013-04-25/">25</a><div class="stats"><div class="point"></div><div class="date">Apr 25th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-26/">26</a><div class="stats"><div class="point"></div><div class="date">Apr 26th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-27/">27</a><div class="stats"><div class="point"></div><div class="date">Apr 27th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2013-04-28/">28</a><div class="stats"><div class="point"></div><div class="date">Apr 28th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-29/">29</a><div class="stats"><div class="point"></div><div class="date">Apr 29th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-30/">30</a><div class="stats"><div class="point"></div><div class="date">Apr 30th</div><div class="count">0 Files</div></div></li><li></li><li></li><li></li><li></li></ul>
</form></div>
<div id="mn-top-author" class="top-ten">
<h2>Top Authors In Last 30 Days</h2>
<ul>
<li><a href="/files/authors/3786">Mandriva</a> <span>126 files</span></li>
<li><a href="/files/authors/4676">Red Hat</a> <span>44 files</span></li>
<li><a href="/files/authors/3695">Ubuntu</a> <span>28 files</span></li>
<li><a href="/files/authors/2985">Cisco Systems</a> <span>17 files</span></li>
<li><a href="/files/authors/2821">Debian</a> <span>11 files</span></li>
<li><a href="/files/authors/4612">HP</a> <span>11 files</span></li>
<li><a href="/files/authors/8993">juan vazquez</a> <span>9 files</span></li>
<li><a href="/files/authors/8123">Michael Messner</a> <span>7 files</span></li>
<li><a href="/files/authors/8035">High-Tech Bridge SA</a> <span>7 files</span></li>
<li><a href="/files/authors/8982">Slackware Security Team</a> <span>7 files</span></li>
</ul>
</div>
<div id="mn-tag-file"><h2>File Tags</h2><ul><li><a href="/files/tags/activex/">ActiveX</a> <span>(873)</span></li><li><a href="/files/tags/advisory/">Advisory</a> <span>(55,748)</span></li><li><a href="/files/tags/arbitrary/">Arbitrary</a> <span>(8,747)</span></li><li><a href="/files/tags/bbs/">BBS</a> <span>(2,859)</span></li><li><a href="/files/tags/bypass/">Bypass</a> <span>(575)</span></li><li><a href="/files/tags/cgi/">CGI</a> <span>(847)</span></li><li><a href="/files/tags/code_execution/">Code Execution</a> <span>(3,370)</span></li><li><a href="/files/tags/cracker/">Cracker</a> <span>(685)</span></li><li><a href="/files/tags/csrf/">CSRF</a> <span>(1,857)</span></li><li><a href="/files/tags/denial_of_service/">DoS</a> <span>(14,917)</span></li><li><a href="/files/tags/encryption/">Encryption</a> <span>(2,115)</span></li><li><a href="/files/tags/exploit/">Exploit</a> <span>(29,367)</span></li><li><a href="/files/tags/file_inclusion/">File Inclusion</a> <span>(3,386)</span></li><li><a href="/files/tags/firewall/">Firewall</a> <span>(748)</span></li><li><a href="/files/tags/info_disclosure/">Info Disclosure</a> <span>(1,212)</span></li><li><a href="/files/tags/intrusion_detection/">Intrusion Detection</a> <span>(663)</span></li><li><a href="/files/tags/java/">Java</a> <span>(1,320)</span></li><li><a href="/files/tags/javascript/">JavaScript</a> <span>(503)</span></li><li><a href="/files/tags/kernel/">Kernel</a> <span>(2,825)</span></li><li><a href="/files/tags/local/">Local</a> <span>(10,570)</span></li><li><a href="/files/tags/magazine/">Magazine</a> <span>(503)</span></li><li><a href="/files/tags/overflow/">Overflow</a> <span>(8,311)</span></li><li><a href="/files/tags/perl/">Perl</a> <span>(1,213)</span></li><li><a href="/files/tags/php/">PHP</a> <span>(3,984)</span></li><li><a href="/files/tags/proof_of_concept/">Proof of Concept</a> <span>(1,589)</span></li><li><a href="/files/tags/protocol/">Protocol</a> <span>(1,839)</span></li><li><a href="/files/tags/python/">Python</a> <span>(705)</span></li><li><a href="/files/tags/remote/">Remote</a> <span>(19,367)</span></li><li><a href="/files/tags/root/">Root</a> <span>(2,443)</span></li><li><a href="/files/tags/scanner/">Scanner</a> <span>(1,317)</span></li><li><a href="/files/tags/tool/">Security Tool</a> <span>(5,638)</span></li><li><a href="/files/tags/shell/">Shell</a> <span>(1,943)</span></li><li><a href="/files/tags/shellcode/">Shellcode</a> <span>(772)</span></li><li><a href="/files/tags/sniffer/">Sniffer</a> <span>(781)</span></li><li><a href="/files/tags/spoof/">Spoof</a> <span>(1,653)</span></li><li><a href="/files/tags/sql_injection/">SQL Injection</a> <span>(12,575)</span></li><li><a href="/files/tags/tcp/">TCP</a> <span>(1,961)</span></li><li><a href="/files/tags/trojan/">Trojan</a> <span>(541)</span></li><li><a href="/files/tags/udp/">UDP</a> <span>(713)</span></li><li><a href="/files/tags/virus/">Virus</a> <span>(573)</span></li><li><a href="/files/tags/vulnerability/">Vulnerability</a> <span>(22,058)</span></li><li><a href="/files/tags/web/">Web</a> <span>(5,497)</span></li><li><a href="/files/tags/paper/">Whitepaper</a> <span>(2,850)</span></li><li><a href="/files/tags/x86/">x86</a> <span>(585)</span></li><li><a href="/files/tags/xss/">XSS</a> <span>(12,267)</span></li><li><a href="/files/tags/">Other</a></li></ul></div><div id="mn-arch-file"><h2>File Archives</h2><ul><li><a href="/files/date/2013-04/">April 2013</a></li><li><a href="/files/date/2013-03/">March 2013</a></li><li><a href="/files/date/2013-02/">February 2013</a></li><li><a href="/files/date/2013-01/">January 2013</a></li><li><a href="/files/date/2012-12/">December 2012</a></li><li><a href="/files/date/2012-11/">November 2012</a></li><li><a href="/files/date/2012-10/">October 2012</a></li><li><a href="/files/date/2012-09/">September 2012</a></li><li><a href="/files/date/2012-08/">August 2012</a></li><li><a href="/files/date/2012-07/">July 2012</a></li><li><a href="/files/date/2012-06/">June 2012</a></li><li><a href="/files/date/2012-05/">May 2012</a></li><li><a href="/files/date/">Older</a></li></ul></div><div id="mn-os-file"><h2>Systems</h2><ul><li><a href="/files/os/aix/">AIX</a> <span>(371)</span></li><li><a href="/files/os/apple/">Apple</a> <span>(1,067)</span></li><li><a href="/files/os/bsd/">BSD</a> <span>(305)</span></li><li><a href="/files/os/cisco/">Cisco</a> <span>(1,393)</span></li><li><a href="/files/os/debian/">Debian</a> <span>(4,133)</span></li><li><a href="/files/os/fedora/">Fedora</a> <span>(1,663)</span></li><li><a href="/files/os/freebsd/">FreeBSD</a> <span>(1,053)</span></li><li><a href="/files/os/gentoo/">Gentoo</a> <span>(2,646)</span></li><li><a href="/files/os/hpux/">HPUX</a> <span>(735)</span></li><li><a href="/files/os/iphone/">iPhone</a> <span>(99)</span></li><li><a href="/files/os/irix/">IRIX</a> <span>(218)</span></li><li><a href="/files/os/juniper/">Juniper</a> <span>(63)</span></li><li><a href="/files/os/linux/">Linux</a> <span>(23,246)</span></li><li><a href="/files/os/osx/">Mac OS X</a> <span>(453)</span></li><li><a href="/files/os/mandriva/">Mandriva</a> <span>(2,472)</span></li><li><a href="/files/os/netbsd/">NetBSD</a> <span>(244)</span></li><li><a href="/files/os/openbsd/">OpenBSD</a> <span>(422)</span></li><li><a href="/files/os/redhat/">RedHat</a> <span>(3,170)</span></li><li><a href="/files/os/slackware/">Slackware</a> <span>(447)</span></li><li><a href="/files/os/solaris/">Solaris</a> <span>(1,524)</span></li><li><a href="/files/os/suse/">SUSE</a> <span>(1,440)</span></li><li><a href="/files/os/ubuntu/">Ubuntu</a> <span>(3,312)</span></li><li><a href="/files/os/unix/">UNIX</a> <span>(7,126)</span></li><li><a href="/files/os/unixware/">UnixWare</a> <span>(152)</span></li><li><a href="/files/os/windows/">Windows</a> <span>(4,233)</span></li><li><a href="/files/os/">Other</a></li></ul></div>
      </div>

  </div>

</div>

<div id="f">
  <div id="fc">

    <div class="f-box" style="margin: 50px 0 0 0;">
        <a href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="218" alt="packet storm" /></a>
    <p class="copy">© 2013 Packet Storm. All rights reserved.</p>
    </div>

    <div class="f-box">
    <dl>
      <dt>Site Links</dt>
      <dd><a href="/news/date/">News by Month</a></dd>
      <dd><a href="/news/tags/">News Tags</a></dd>
      <dd><a href="/files/date/">Files by Month</a></dd>
      <dd><a href="/files/tags/">File Tags</a></dd>
      <dd><a href="/files/directory/">File Directory</a></dd>
    </dl>    
    </div>

    <div class="f-box">
    <dl>
      <dt>About Us</dt>
      <dd><a href="/about/">History & Purpose</a></dd>
      <dd><a href="/contact/">Contact Information</a></dd>
      <dd><a href="/legal/tos.html">Terms of Service</a></dd>
      <dd><a href="/legal/privacy.html">Privacy Statement</a></dd>
      <dd><a href="/legal/copyright.html">Copyright Information</a></dd>
    </dl>
    </div>

    <div class="f-box">
	<dl>
      <dt>Services</dt>
      <dd><a href="/services/">Security Services</a></dd>
      <dt style="margin-top:1.5em;">Hosting By</dt>
      <dd><a href="http://www.rokabear.com/">Rokabear</a></dd>
      <dd><a href="/mirrors/">Global Mirror List</a></dd>
    </dl>   
    </div>
    <div class="f-box">
    <ul class="f-follow">
     <li><a href="https://twitter.com/packet_storm"><img width="24" height="24" alt="Follow on Twitter" src="http://packetstatic.com/img1353978071/s_twitter.png" /> Follow us on Twitter</a></li>
     <li><a href="https://www.facebook.com/packetstormfeed"><img width="24" height="24" alt="Follow on Facebook" src="http://packetstatic.com/img1353978071/s_facebook.png" /> Follow us on Facebook</a></li>
     <li><a href="/feeds"><img width="24" height="24" alt="View RSS Feeds" src="http://packetstatic.com/img1353978071/s_rss.png" /> Subscribe to an RSS Feed</a></li>
    </ul>
    </div>

  </div>
</div>

<div id="o-box"><img src="http://packetstatic.com/img1353978071/o_close.png" alt="close" height="30" width="30" id="o-close" /><div id="o-main"></div></div>


<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18885198-1']); _gaq.push(['_setDomainName', '.packetstormsecurity.com']); _gaq.push(['_trackPageview']); (function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})(); </script><noscript><img src="http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1765733214&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=RHSA-2003%3A037-09.txt%u2248%20Packet%20Storm&utmhn=packetstormsecurity.com&utmr=-&utmp=%2Ffiles%2F30796%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1765733214.1366884906.1366884906.1366884906.1%3B%2B__utmz%3D32867617.1366884906.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)" width="2" height="2" alt="" /></noscript>
<!-- Thu, 25 Apr 2013 10:15:04 GMT -->
</body>
</html>
    

- 漏洞信息

10747
pdftops ColorSpace Entry Elements Local Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-12-23 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Xpdf/CUPS pdftops Integer Overflow Vulnerability
Boundary Condition Error 6475
No Yes
2002-12-23 12:00:00 2009-07-11 07:17:00
Discovery of this issue is credited to zen-parse.

- 受影响的程序版本

Xpdf Xpdf 2.0 1
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Terra Soft Solutions Yellow Dog Linux 3.0
Xpdf Xpdf 2.0
Xpdf Xpdf 1.0 1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
Xpdf Xpdf 1.0 0a
Xpdf Xpdf 1.0 0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Xpdf Xpdf 0.93
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
Xpdf Xpdf 0.92
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0.3
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ Sun Linux 5.0
+ Sun Linux 5.0
+ Turbolinux Turbolinux 6.0
+ Turbolinux Turbolinux 6.0
+ Turbolinux Turbolinux 6.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 7.0
Xpdf Xpdf 0.91
- Debian Linux 2.2
Xpdf Xpdf 0.90
+ Caldera OpenLinux Desktop 2.3
+ Caldera OpenLinux Desktop 2.3
+ Caldera OpenLinux eBuilder 3.0
+ Caldera OpenLinux eBuilder 3.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux 4.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0
- Mandriva Linux Mandrake 6.0
+ SCO eDesktop 2.4
+ SCO eDesktop 2.4
+ SCO eServer 2.3
+ SCO eServer 2.3
Easy Software Products CUPS 1.1.17
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Easy Software Products CUPS 1.1.14
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Easy Software Products CUPS 1.1.13
Easy Software Products CUPS 1.1.10
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
Easy Software Products CUPS 1.1.7
Easy Software Products CUPS 1.1.6
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Easy Software Products CUPS 1.1.4 -5
Easy Software Products CUPS 1.1.4 -3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.4 -2
+ Debian Linux 2.3
Easy Software Products CUPS 1.1.4
+ Debian Linux 2.3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.1
+ RedHat PowerTools 7.0
Easy Software Products CUPS 1.0.4 -8
+ Debian Linux 2.2
Easy Software Products CUPS 1.0.4
+ Debian Linux 2.2
Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2

- 不受影响的程序版本

Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2

- 漏洞讨论

The Xpdf/CUPS pdftops filter is prone to an integer overflow. As a result, it may be possible to corrupt memory with attacker-supplied data and cause arbitrary code to be executed.

The method of exploitation may vary. If an attacker can entice a user to print a malformed file from the command line using the vulnerable filter, it may be possible to execute code with the privileges of that user. Other methods of exploitation may allow the attacker to gain elevated privileges (such as that of the 'lp' user).

- 漏洞利用

iDefense has developed a functional exploit, however it has not been released to the public.

- 解决方案

This issue has been addressed in CUPS 1.1.18 and later.

Conectiva has released advisory CLA-2003:702 to address this issue. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Gentoo Linux has released an advisory. Users who have installed app-text/xpdf-1.01-r1 or earlier are advised to update their systems by issuing the following commands:

emerge rsync
emerge xpdf
emerge clean

Debian has released an advisory (DSA 222-1) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

The Xpdf vendor has released a patch which addresses this issue. Users are advised to upgrade to Xpdf 2.01 and apply the patch.


Xpdf Xpdf 0.90

Xpdf Xpdf 0.92

Xpdf Xpdf 1.0 1

Xpdf Xpdf 1.0 0

Easy Software Products CUPS 1.0.4 -8

Easy Software Products CUPS 1.0.4

Easy Software Products CUPS 1.1.1

Easy Software Products CUPS 1.1.10

Easy Software Products CUPS 1.1.13

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.17

Easy Software Products CUPS 1.1.4 -5

Easy Software Products CUPS 1.1.4 -2

Easy Software Products CUPS 1.1.4

Easy Software Products CUPS 1.1.4 -3

Easy Software Products CUPS 1.1.6

Easy Software Products CUPS 1.1.7

Xpdf Xpdf 2.0 1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站