CVE-2004-0889
CVSS10.0
发布时间 :2005-01-27 00:00:00
修订时间 :2016-10-17 22:49:46
NMCOP    

[原文]Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.


[CNNVD]Xpdf 整数溢出漏洞(CNNVD-200501-307)

        Xpdf是开放源代码查看PDF文件程序。
        xpdf 3.0版本存在整数溢出漏洞,这使得使用xpdf的程序包(如CUPS)也存在安全问题。
        攻击者可利用此漏洞进行拒绝服务攻击,也可能导致执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:tetex:tetex:2.0.2
cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/a:easy_software_products:cups:1.1.4_2
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/a:easy_software_products:cups:1.1.4_3
cpe:/a:tetex:tetex:2.0.1
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:redhat:fedora_core:core_2.0
cpe:/a:gnome:gpdf:0.112
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/a:kde:koffice:1.3_beta3
cpe:/a:kde:koffice:1.3_beta1
cpe:/a:kde:koffice:1.3_beta2
cpe:/a:pdftohtml:pdftohtml:0.33a
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:tetex:tetex:1.0.7
cpe:/a:tetex:tetex:2.0
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/a:easy_software_products:cups:1.1.1
cpe:/a:pdftohtml:pdftohtml:0.36
cpe:/a:pdftohtml:pdftohtml:0.35
cpe:/a:easy_software_products:cups:1.0.4
cpe:/a:xpdf:xpdf:3.0
cpe:/o:kde:kde:3.2.2
cpe:/a:xpdf:xpdf:1.1
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:kde:kde:3.2.1
cpe:/a:xpdf:xpdf:1.0
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/a:easy_software_products:cups:1.1.20
cpe:/a:kde:kpdf:3.2
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/a:easy_software_products:cups:1.1.19
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/a:kde:koffice:1.3.2KDE KOffice 1.3.2
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:pdftohtml:pdftohtml:0.34
cpe:/a:easy_software_products:cups:1.1.18
cpe:/a:pdftohtml:pdftohtml:0.33
cpe:/o:kde:kde:3.3
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/a:kde:koffice:1.3KDE KOffice 1.3
cpe:/a:kde:koffice:1.3.1KDE KOffice 1.3.1
cpe:/a:kde:koffice:1.3.3KDE KOffice 1.3.3
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/a:easy_software_products:cups:1.1.19_rc5
cpe:/o:kde:kde:3.2
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/a:easy_software_products:cups:1.1.15
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/a:easy_software_products:cups:1.1.16
cpe:/a:easy_software_products:cups:1.1.10
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:gnome:gpdf:0.131
cpe:/a:easy_software_products:cups:1.1.14
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/a:xpdf:xpdf:1.0a
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/o:kde:kde:3.2.3
cpe:/a:easy_software_products:cups:1.0.4_8
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:xpdf:xpdf:2.3
cpe:/a:xpdf:xpdf:2.1
cpe:/o:kde:kde:3.3.1
cpe:/a:xpdf:xpdf:2.0
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/a:easy_software_products:cups:1.1.12
cpe:/a:easy_software_products:cups:1.1.4_5
cpe:/a:xpdf:xpdf:0.90
cpe:/a:xpdf:xpdf:0.92
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/a:xpdf:xpdf:0.91
cpe:/a:xpdf:xpdf:0.93
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0
cpe:/a:pdftohtml:pdftohtml:0.32b
cpe:/a:pdftohtml:pdftohtml:0.32a
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0889
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0889
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-307
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109880927526773&w=2
(UNKNOWN)  SUSE  SUSE-SA:2004:039
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200410-20
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
(UNKNOWN)  GENTOO  GLSA-200410-30
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
(UNKNOWN)  MANDRAKE  MDKSA-2004:113
http://www.securityfocus.com/bid/11501
(UNKNOWN)  BID  11501
http://xforce.iss.net/xforce/xfdb/17819
(VENDOR_ADVISORY)  XF  xpdf-pdf-file-bo(17819)

- 漏洞信息

Xpdf 整数溢出漏洞
危急 缓冲区溢出
2005-01-27 00:00:00 2005-10-28 00:00:00
远程  
        Xpdf是开放源代码查看PDF文件程序。
        xpdf 3.0版本存在整数溢出漏洞,这使得使用xpdf的程序包(如CUPS)也存在安全问题。
        攻击者可利用此漏洞进行拒绝服务攻击,也可能导致执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.foolabs.com/xpdf/download.html

- 漏洞信息 (F34811)

MDKSA-2004:113.txt (PacketStormID:F34811)
2004-10-27 00:00:00
Chris Evans  mandrakesoft.com
advisory,overflow,arbitrary,code execution
linux,mandrake
CVE-2004-0888,CVE-2004-0889
[点击下载]

Mandrake Linux Security Update Advisory - Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=utf-8" />
<title>MDKSA-2004:113.txt ≈ Packet Storm</title>
<meta name="description" content="Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers" />
<meta name="keywords" content="security,exploit,advisory,whitepaper,xss,csrf,overflow,scanner,vulnerability" />
<link rel="shortcut icon" href="/img/pss.ico" />
<link rel="stylesheet" media="screen,print,handheld" href="http://packetstatic.com/css1366870159/pss.css" type="text/css" />
<!--[if lt ie 8]><link rel="stylesheet" type="text/css" href="http://packetstatic.com/css1366870159/ie.css" /><![endif]-->
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pt.js"></script>
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pss.js"></script>
<link rel="search" type="application/opensearchdescription+xml" href="http://packetstormsecurity.com/opensearch.xml" title="Packet Storm Site Search" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Headlines" href="http://rss.packetstormsecurity.com/news/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Recent Files" href="http://rss.packetstormsecurity.com/files/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Exploits" href="http://rss.packetstormsecurity.com/files/tags/exploit/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Advisories" href="http://rss.packetstormsecurity.com/files/tags/advisory/" />
</head>
<body id="files">
<div id="t">
   <div id="tc">
      <a id="top" href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="315" height="65" id="logo" alt="packet storm" /></a>
      <div id="slogan">seeing is believing
</div>
      <div id="account"><a href="https://packetstormsecurity.com/account/register/">Register</a> | <a href="https://packetstormsecurity.com/account/login/">Login</a></div>
      <div id="search">
        <form method="get" action="/search/"><input type="text" name="q" id="q" maxlength="120" value="Search …" /><button type="submit"></button><div id="q-tabs"><label for="s-files" class="on">Files</label><label for="s-news">News</label><label for="s-users">Users</label><label for="s-authors">Authors</label><input type="radio" value="files" name="s" id="s-files" /><input type="radio" value="news" name="s" id="s-news" /><input type="radio" value="users" name="s" id="s-users" /><input type="radio" value="authors" name="s" id="s-authors" /></div></form>
      </div>
   </div>
    <div id="tn"><div id="tnc">
        <a href="/" id="tn-home"><span>Home</span></a> <a href="/files/" id="tn-files"><span>Files</span></a> <a href="/news/" id="tn-news"><span>News</span></a> <a href="/about/" id="tn-about"><span>About</span></a> <a href="/contact/" id="tn-contact"><span>Contact</span></a> <a href="/submit/" id="tn-submit"><span>Add New</span></a>
    </div></div>
    <div id="tn2"></div>
</div>

<div id="c">

 <div id="cc">
     <div id="m">
    

    
    
    
     
    <div class="h1"><h1>MDKSA-2004:113.txt</h1></div>
<dl id="F34811" class="file first">
<dt><a class="ico text-plain" href="/files/download/34811/MDKSA-2004%3A113.txt" title="Size: 3.1 KB"><strong>MDKSA-2004:113.txt</strong></a></dt>
<dd class="datetime">Posted <a href="/files/date/2004-10-27/" title="03:15:56 UTC">Oct 27, 2004</a></dd>
<dd class="refer">Authored by <a href="/files/author/23/" class="person">Chris Evans</a> | Site <a href="http://www.mandrakesoft.com/security/advisories">mandrakesoft.com</a></dd>
<dd class="detail"><p>Mandrake Linux Security Update Advisory - Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.</p></dd>
<dd class="tags"><span>tags</span> | <a href="/files/tags/advisory">advisory</a>, <a href="/files/tags/overflow">overflow</a>, <a href="/files/tags/arbitrary">arbitrary</a>, <a href="/files/tags/code_execution">code execution</a></dd>
<dd class="os"><span>systems</span> | <a href="/files/os/linux">linux</a>, <a href="/files/os/mandrake">mandrake</a></dd>
<dd class="cve"><span>advisories</span> | <a href="/files/cve/CVE-2004-0888">CVE-2004-0888</a>, <a href="/files/cve/CVE-2004-0889">CVE-2004-0889</a></dd>
<dd class="md5"><span>MD5</span> | <code>dbbeceb18f4a83c657d4ce2e53f6f3b8</code></dd>
<dd class="act-links"><a href="/files/download/34811/MDKSA-2004%3A113.txt" title="Size: 3.1 KB" rel="nofollow">Download</a> | <a href="/files/favorite/34811/" class="fav" rel="nofollow">Favorite</a> | <a href="/files/34811/MDKSA-2004-113.txt.html">Comments <span>(0)</span></a></dd>
</dl>
<div id="extra-links"><a href="/files/related/34811/MDKSA-2004-113.txt.html" id="related">Related Files</a><div id="share">
<h2>Share This</h2>
<ul>
<li><iframe scrolling="no" frameborder="0" allowtransparency="true" style="border: medium none; overflow: hidden; width: 80px; height: 21px;" src="http://www.facebook.com/plugins/like.php?href=http://packetstormsecurity.com/files/34811/MDKSA-2004-113.txt.html&layout=button_count&show_faces=true&width=250&action=like&font&colorscheme=light&height=21"></iframe></li><li><iframe scrolling="no" frameborder="0" tabindex="0" allowtransparency="true" src="http://platform0.twitter.com/widgets/tweet_button.html?_=1286138321418&count=horizontal&lang=en&text=MDKSA-2004:113.txt&url=http://packetstormsecurity.com/files/34811/MDKSA-2004-113.txt.html&via=packet_storm" style="width: 110px; height: 20px;" title="Twitter"></iframe></li><li><a href="http://www.linkedin.com/shareArticle?mini=true&url=http://packetstormsecurity.com/files/34811/MDKSA-2004-113.txt.html&title=MDKSA-2004:113.txt&source=Packet+Storm" class="LinkedIn">LinkedIn</a></li><li><a href="http://www.reddit.com/submit?url=http://packetstormsecurity.com/files/34811/MDKSA-2004-113.txt.html&title=MDKSA-2004:113.txt" class="Reddit">Reddit</a></li><li><a href="http://digg.com/submit?phase=2&url=http://packetstormsecurity.com/files/34811/MDKSA-2004-113.txt.html" class="Digg">Digg</a></li><li><a href="http://www.stumbleupon.com/submit?url=http://packetstormsecurity.com/files/34811/MDKSA-2004-113.txt.html&title=MDKSA-2004:113.txt" class="StumbleUpon">StumbleUpon</a></li></ul>
</div>
</div>
<div class="h1"><h1>MDKSA-2004:113.txt</h1></div>
<div class="src">
<div><a href="/mirrors/">Change Mirror</a> <a href="/files/download/34811/MDKSA-2004%3A113.txt">Download</a></div>
<pre><code>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br /> _______________________________________________________________________<br /><br />                 Mandrakelinux Security Update Advisory<br /> _______________________________________________________________________<br /><br /> Package name:           xpdf<br /> Advisory ID:            MDKSA-2004:113<br /> Date:                   October 21st, 2004<br /><br /> Affected versions:   10.0, Corporate Server 2.1<br /> ______________________________________________________________________<br /><br /> Problem Description:<br /><br /> Chris Evans discovered numerous vulnerabilities in the xpdf package: <br /> <br /> Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.<br /> Also programs like cups which have embedded versions of xpdf.<br /> These can result in writing an arbitrary byte to an attacker controlled<br /> location which probably could lead to arbitrary code execution.<br /> (CAN-2004-0888)<br /> <br /> Multiple integer overflow issues affecting xpdf-3.0 only.        <br /> These can result in DoS or possibly arbitrary code execution.<br /> (CAN-2004-0889)<br /> <br /> Chris also discovered issues with infinite loop logic error affecting <br /> xpdf-3.0 only.     <br /> <br /> The updated packages are patched to deal with these issues.<br /> _______________________________________________________________________<br /><br /> References:<br /><br />  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888<br />  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889<br /> ______________________________________________________________________<br /><br /> Updated Packages:<br />  <br /> Mandrakelinux 10.0:<br /> 9b41364f41bb8ef2b655607bc60ab9a8  10.0/RPMS/xpdf-3.00-5.2.100mdk.i586.rpm<br /> 9c8a5aa2e170428d0afc3f8e5cbf092a  10.0/SRPMS/xpdf-3.00-5.2.100mdk.src.rpm<br /><br /> Mandrakelinux 10.0/AMD64:<br /> ff780c91545babd148b1c4b4761e822d  amd64/10.0/RPMS/xpdf-3.00-5.2.100mdk.amd64.rpm<br /> 9c8a5aa2e170428d0afc3f8e5cbf092a  amd64/10.0/SRPMS/xpdf-3.00-5.2.100mdk.src.rpm<br /><br /> Corporate Server 2.1:<br /> 12939cf7ca98085acc4f6ba5d741a8c6  corporate/2.1/RPMS/xpdf-1.01-4.3mdk.i586.rpm<br /> 730ddc5b8c381c0ff92844dd5fe99a72  corporate/2.1/SRPMS/xpdf-1.01-4.5.C21mdk.src.rpm<br /><br /> Corporate Server 2.1/x86_64:<br /> 5f22b8c7e2a03f4ad1d452b23348c967  x86_64/corporate/2.1/RPMS/xpdf-1.01-4.3mdk.x86_64.rpm<br /> 730ddc5b8c381c0ff92844dd5fe99a72  x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.5.C21mdk.src.rpm<br /> _______________________________________________________________________<br /><br /> To upgrade automatically use MandrakeUpdate or urpmi.  The verification<br /> of md5 checksums and GPG signatures is performed automatically for you.<br /><br /> All packages are signed by Mandrakesoft for security.  You can obtain<br /> the GPG public key of the Mandrakelinux Security Team by executing:<br /><br />  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98<br /><br /> You can view other update advisories for Mandrakelinux at:<br /><br />  http://www.mandrakesoft.com/security/advisories<br /><br /> If you want to report vulnerabilities, please contact<br /><br />  security_linux-mandrake.com<br /><br /> Type Bits/KeyID     Date       User ID<br /> pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team<br />  <security linux-mandrake.com><br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v1.0.7 (GNU/Linux)<br /><br />iD8DBQFBeHYdmqjQ0CJFipgRAjp2AJ4/eyAiugxbNY6LmfuFWytpBJf1wwCdGhNd<br />lwicbhCBpC47Qvfeu7/Y2EI=<br />=OF1k<br />-----END PGP SIGNATURE-----<br /></code></pre>
</div>
<div id="comments">
<h2>Comments</h2><a href="http://rss.packetstormsecurity.com/files/34811" class="rss-cmt"><img src="http://packetstatic.com/img1353978071/bt_rss.gif" width="16" height="16" alt="RSS Feed" /> <span>Subscribe to this comment feed</span></a><br /><p id="comment-none">No comments yet, be the first!</p></div>
<div id="comment-form" style="display:none"></div><div id="comment-login"><a href="https://packetstormsecurity.com/account/login/">Login</a> or <a href="https://packetstormsecurity.com/account/register/">Register</a> to post a comment</div>
    
    
     </div>
    
      <div id="adblock">
        
      </div>
      <div id="mn">
        <div class="mn-like-us">
<ul>
<li><a href="https://twitter.com/packet_storm"><img src="http://packetstatic.com/img1353978071/s_twitter.png" width="24" height="24" alt="Follow on Twitter" /> Follow us on Twitter</a></li>
<li><a href="https://www.facebook.com/packetstormfeed"><img src="http://packetstatic.com/img1353978071/s_facebook.png" width="24" height="24" alt="Follow on Facebook" /> Follow us on Facebook</a></li>
<li><a href="/feeds"><img src="http://packetstatic.com/img1353978071/s_rss.png" width="24" height="24" alt="View RSS Feeds" /> Subscribe to an RSS Feed</a></li>
</ul>
</div>
<div class="mn-like-us"><ul><li style="border-color: #afa; background: #efe"><a style="border-color: #6f6; background: #afa; color: #060; padding-left: 0;" href="/bugbounty/"><span style="color:#393">$ $ $</span>  Write Exploits? Get Paid!</a></li></ul></div>
<div>
<form id="cal" action="/files/cal/" method="post">
<h2>File Archive:</h2><h3>April 2013</h3>
<button id="cal-prev" name="cal-prev" type="button" value="2013-4"><span><</span></button><ul class="dotw"><li>Su</li><li>Mo</li><li>Tu</li><li>We</li><li>Th</li><li>Fr</li><li>Sa</li></ul>
<ul><li></li><li class="low"><a href="/files/date/2013-04-01/">1</a><div class="stats"><div class="point"></div><div class="date">Apr 1st</div><div class="count">10 Files</div></div></li><li class="med"><a href="/files/date/2013-04-02/">2</a><div class="stats"><div class="point"></div><div class="date">Apr 2nd</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-03/">3</a><div class="stats"><div class="point"></div><div class="date">Apr 3rd</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-04/">4</a><div class="stats"><div class="point"></div><div class="date">Apr 4th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-05/">5</a><div class="stats"><div class="point"></div><div class="date">Apr 5th</div><div class="count">30 Files</div></div></li><li class="low"><a href="/files/date/2013-04-06/">6</a><div class="stats"><div class="point"></div><div class="date">Apr 6th</div><div class="count">4 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-07/">7</a><div class="stats"><div class="point"></div><div class="date">Apr 7th</div><div class="count">12 Files</div></div></li><li class="med"><a href="/files/date/2013-04-08/">8</a><div class="stats"><div class="point"></div><div class="date">Apr 8th</div><div class="count">23 Files</div></div></li><li class="med"><a href="/files/date/2013-04-09/">9</a><div class="stats"><div class="point"></div><div class="date">Apr 9th</div><div class="count">26 Files</div></div></li><li class="med"><a href="/files/date/2013-04-10/">10</a><div class="stats"><div class="point"></div><div class="date">Apr 10th</div><div class="count">30 Files</div></div></li><li class="high"><a href="/files/date/2013-04-11/">11</a><div class="stats"><div class="point"></div><div class="date">Apr 11th</div><div class="count">63 Files</div></div></li><li class="low"><a href="/files/date/2013-04-12/">12</a><div class="stats"><div class="point"></div><div class="date">Apr 12th</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-13/">13</a><div class="stats"><div class="point"></div><div class="date">Apr 13th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-14/">14</a><div class="stats"><div class="point"></div><div class="date">Apr 14th</div><div class="count">2 Files</div></div></li><li class="low"><a href="/files/date/2013-04-15/">15</a><div class="stats"><div class="point"></div><div class="date">Apr 15th</div><div class="count">11 Files</div></div></li><li class="med"><a href="/files/date/2013-04-16/">16</a><div class="stats"><div class="point"></div><div class="date">Apr 16th</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-17/">17</a><div class="stats"><div class="point"></div><div class="date">Apr 17th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-18/">18</a><div class="stats"><div class="point"></div><div class="date">Apr 18th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-19/">19</a><div class="stats"><div class="point"></div><div class="date">Apr 19th</div><div class="count">19 Files</div></div></li><li class="low"><a href="/files/date/2013-04-20/">20</a><div class="stats"><div class="point"></div><div class="date">Apr 20th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-21/">21</a><div class="stats"><div class="point"></div><div class="date">Apr 21st</div><div class="count">3 Files</div></div></li><li class="low"><a href="/files/date/2013-04-22/">22</a><div class="stats"><div class="point"></div><div class="date">Apr 22nd</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-23/">23</a><div class="stats"><div class="point"></div><div class="date">Apr 23rd</div><div class="count">13 Files</div></div></li><li class="low"><a href="/files/date/2013-04-24/">24</a><div class="stats"><div class="point"></div><div class="date">Apr 24th</div><div class="count">11 Files</div></div></li><li class="none today"><a href="/files/date/2013-04-25/">25</a><div class="stats"><div class="point"></div><div class="date">Apr 25th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-26/">26</a><div class="stats"><div class="point"></div><div class="date">Apr 26th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-27/">27</a><div class="stats"><div class="point"></div><div class="date">Apr 27th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2013-04-28/">28</a><div class="stats"><div class="point"></div><div class="date">Apr 28th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-29/">29</a><div class="stats"><div class="point"></div><div class="date">Apr 29th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-30/">30</a><div class="stats"><div class="point"></div><div class="date">Apr 30th</div><div class="count">0 Files</div></div></li><li></li><li></li><li></li><li></li></ul>
</form></div>
<div id="mn-top-author" class="top-ten">
<h2>Top Authors In Last 30 Days</h2>
<ul>
<li><a href="/files/authors/3786">Mandriva</a> <span>126 files</span></li>
<li><a href="/files/authors/4676">Red Hat</a> <span>44 files</span></li>
<li><a href="/files/authors/3695">Ubuntu</a> <span>28 files</span></li>
<li><a href="/files/authors/2985">Cisco Systems</a> <span>17 files</span></li>
<li><a href="/files/authors/4612">HP</a> <span>11 files</span></li>
<li><a href="/files/authors/2821">Debian</a> <span>11 files</span></li>
<li><a href="/files/authors/8993">juan vazquez</a> <span>9 files</span></li>
<li><a href="/files/authors/8035">High-Tech Bridge SA</a> <span>7 files</span></li>
<li><a href="/files/authors/8982">Slackware Security Team</a> <span>7 files</span></li>
<li><a href="/files/authors/8123">Michael Messner</a> <span>7 files</span></li>
</ul>
</div>
<div id="mn-tag-file"><h2>File Tags</h2><ul><li><a href="/files/tags/activex/">ActiveX</a> <span>(873)</span></li><li><a href="/files/tags/advisory/">Advisory</a> <span>(55,748)</span></li><li><a href="/files/tags/arbitrary/">Arbitrary</a> <span>(8,747)</span></li><li><a href="/files/tags/bbs/">BBS</a> <span>(2,859)</span></li><li><a href="/files/tags/bypass/">Bypass</a> <span>(575)</span></li><li><a href="/files/tags/cgi/">CGI</a> <span>(847)</span></li><li><a href="/files/tags/code_execution/">Code Execution</a> <span>(3,370)</span></li><li><a href="/files/tags/cracker/">Cracker</a> <span>(685)</span></li><li><a href="/files/tags/csrf/">CSRF</a> <span>(1,857)</span></li><li><a href="/files/tags/denial_of_service/">DoS</a> <span>(14,917)</span></li><li><a href="/files/tags/encryption/">Encryption</a> <span>(2,115)</span></li><li><a href="/files/tags/exploit/">Exploit</a> <span>(29,367)</span></li><li><a href="/files/tags/file_inclusion/">File Inclusion</a> <span>(3,386)</span></li><li><a href="/files/tags/firewall/">Firewall</a> <span>(748)</span></li><li><a href="/files/tags/info_disclosure/">Info Disclosure</a> <span>(1,212)</span></li><li><a href="/files/tags/intrusion_detection/">Intrusion Detection</a> <span>(663)</span></li><li><a href="/files/tags/java/">Java</a> <span>(1,320)</span></li><li><a href="/files/tags/javascript/">JavaScript</a> <span>(503)</span></li><li><a href="/files/tags/kernel/">Kernel</a> <span>(2,825)</span></li><li><a href="/files/tags/local/">Local</a> <span>(10,570)</span></li><li><a href="/files/tags/magazine/">Magazine</a> <span>(503)</span></li><li><a href="/files/tags/overflow/">Overflow</a> <span>(8,311)</span></li><li><a href="/files/tags/perl/">Perl</a> <span>(1,213)</span></li><li><a href="/files/tags/php/">PHP</a> <span>(3,984)</span></li><li><a href="/files/tags/proof_of_concept/">Proof of Concept</a> <span>(1,589)</span></li><li><a href="/files/tags/protocol/">Protocol</a> <span>(1,839)</span></li><li><a href="/files/tags/python/">Python</a> <span>(705)</span></li><li><a href="/files/tags/remote/">Remote</a> <span>(19,367)</span></li><li><a href="/files/tags/root/">Root</a> <span>(2,443)</span></li><li><a href="/files/tags/scanner/">Scanner</a> <span>(1,317)</span></li><li><a href="/files/tags/tool/">Security Tool</a> <span>(5,638)</span></li><li><a href="/files/tags/shell/">Shell</a> <span>(1,943)</span></li><li><a href="/files/tags/shellcode/">Shellcode</a> <span>(772)</span></li><li><a href="/files/tags/sniffer/">Sniffer</a> <span>(781)</span></li><li><a href="/files/tags/spoof/">Spoof</a> <span>(1,653)</span></li><li><a href="/files/tags/sql_injection/">SQL Injection</a> <span>(12,575)</span></li><li><a href="/files/tags/tcp/">TCP</a> <span>(1,961)</span></li><li><a href="/files/tags/trojan/">Trojan</a> <span>(541)</span></li><li><a href="/files/tags/udp/">UDP</a> <span>(713)</span></li><li><a href="/files/tags/virus/">Virus</a> <span>(573)</span></li><li><a href="/files/tags/vulnerability/">Vulnerability</a> <span>(22,058)</span></li><li><a href="/files/tags/web/">Web</a> <span>(5,497)</span></li><li><a href="/files/tags/paper/">Whitepaper</a> <span>(2,850)</span></li><li><a href="/files/tags/x86/">x86</a> <span>(585)</span></li><li><a href="/files/tags/xss/">XSS</a> <span>(12,267)</span></li><li><a href="/files/tags/">Other</a></li></ul></div><div id="mn-arch-file"><h2>File Archives</h2><ul><li><a href="/files/date/2013-04/">April 2013</a></li><li><a href="/files/date/2013-03/">March 2013</a></li><li><a href="/files/date/2013-02/">February 2013</a></li><li><a href="/files/date/2013-01/">January 2013</a></li><li><a href="/files/date/2012-12/">December 2012</a></li><li><a href="/files/date/2012-11/">November 2012</a></li><li><a href="/files/date/2012-10/">October 2012</a></li><li><a href="/files/date/2012-09/">September 2012</a></li><li><a href="/files/date/2012-08/">August 2012</a></li><li><a href="/files/date/2012-07/">July 2012</a></li><li><a href="/files/date/2012-06/">June 2012</a></li><li><a href="/files/date/2012-05/">May 2012</a></li><li><a href="/files/date/">Older</a></li></ul></div><div id="mn-os-file"><h2>Systems</h2><ul><li><a href="/files/os/aix/">AIX</a> <span>(371)</span></li><li><a href="/files/os/apple/">Apple</a> <span>(1,067)</span></li><li><a href="/files/os/bsd/">BSD</a> <span>(305)</span></li><li><a href="/files/os/cisco/">Cisco</a> <span>(1,393)</span></li><li><a href="/files/os/debian/">Debian</a> <span>(4,133)</span></li><li><a href="/files/os/fedora/">Fedora</a> <span>(1,663)</span></li><li><a href="/files/os/freebsd/">FreeBSD</a> <span>(1,053)</span></li><li><a href="/files/os/gentoo/">Gentoo</a> <span>(2,646)</span></li><li><a href="/files/os/hpux/">HPUX</a> <span>(735)</span></li><li><a href="/files/os/iphone/">iPhone</a> <span>(99)</span></li><li><a href="/files/os/irix/">IRIX</a> <span>(218)</span></li><li><a href="/files/os/juniper/">Juniper</a> <span>(63)</span></li><li><a href="/files/os/linux/">Linux</a> <span>(23,246)</span></li><li><a href="/files/os/osx/">Mac OS X</a> <span>(453)</span></li><li><a href="/files/os/mandriva/">Mandriva</a> <span>(2,472)</span></li><li><a href="/files/os/netbsd/">NetBSD</a> <span>(244)</span></li><li><a href="/files/os/openbsd/">OpenBSD</a> <span>(422)</span></li><li><a href="/files/os/redhat/">RedHat</a> <span>(3,170)</span></li><li><a href="/files/os/slackware/">Slackware</a> <span>(447)</span></li><li><a href="/files/os/solaris/">Solaris</a> <span>(1,524)</span></li><li><a href="/files/os/suse/">SUSE</a> <span>(1,440)</span></li><li><a href="/files/os/ubuntu/">Ubuntu</a> <span>(3,312)</span></li><li><a href="/files/os/unix/">UNIX</a> <span>(7,126)</span></li><li><a href="/files/os/unixware/">UnixWare</a> <span>(152)</span></li><li><a href="/files/os/windows/">Windows</a> <span>(4,233)</span></li><li><a href="/files/os/">Other</a></li></ul></div>
      </div>

  </div>

</div>

<div id="f">
  <div id="fc">

    <div class="f-box" style="margin: 50px 0 0 0;">
        <a href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="218" alt="packet storm" /></a>
    <p class="copy">© 2013 Packet Storm. All rights reserved.</p>
    </div>

    <div class="f-box">
    <dl>
      <dt>Site Links</dt>
      <dd><a href="/news/date/">News by Month</a></dd>
      <dd><a href="/news/tags/">News Tags</a></dd>
      <dd><a href="/files/date/">Files by Month</a></dd>
      <dd><a href="/files/tags/">File Tags</a></dd>
      <dd><a href="/files/directory/">File Directory</a></dd>
    </dl>    
    </div>

    <div class="f-box">
    <dl>
      <dt>About Us</dt>
      <dd><a href="/about/">History & Purpose</a></dd>
      <dd><a href="/contact/">Contact Information</a></dd>
      <dd><a href="/legal/tos.html">Terms of Service</a></dd>
      <dd><a href="/legal/privacy.html">Privacy Statement</a></dd>
      <dd><a href="/legal/copyright.html">Copyright Information</a></dd>
    </dl>
    </div>

    <div class="f-box">
	<dl>
      <dt>Services</dt>
      <dd><a href="/services/">Security Services</a></dd>
      <dt style="margin-top:1.5em;">Hosting By</dt>
      <dd><a href="http://www.rokabear.com/">Rokabear</a></dd>
      <dd><a href="/mirrors/">Global Mirror List</a></dd>
    </dl>   
    </div>
    <div class="f-box">
    <ul class="f-follow">
     <li><a href="https://twitter.com/packet_storm"><img width="24" height="24" alt="Follow on Twitter" src="http://packetstatic.com/img1353978071/s_twitter.png" /> Follow us on Twitter</a></li>
     <li><a href="https://www.facebook.com/packetstormfeed"><img width="24" height="24" alt="Follow on Facebook" src="http://packetstatic.com/img1353978071/s_facebook.png" /> Follow us on Facebook</a></li>
     <li><a href="/feeds"><img width="24" height="24" alt="View RSS Feeds" src="http://packetstatic.com/img1353978071/s_rss.png" /> Subscribe to an RSS Feed</a></li>
    </ul>
    </div>

  </div>
</div>

<div id="o-box"><img src="http://packetstatic.com/img1353978071/o_close.png" alt="close" height="30" width="30" id="o-close" /><div id="o-main"></div></div>


<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18885198-1']); _gaq.push(['_setDomainName', '.packetstormsecurity.com']); _gaq.push(['_trackPageview']); (function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})(); </script><noscript><img src="http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1014216437&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=MDKSA-2004%3A113.txt%u2248%20Packet%20Storm&utmhn=packetstormsecurity.com&utmr=-&utmp=%2Ffiles%2F34811%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1014216437.1366880803.1366880803.1366880803.1%3B%2B__utmz%3D32867617.1366880803.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)" width="2" height="2" alt="" /></noscript>
<!-- Thu, 25 Apr 2013 09:06:41 GMT -->
</body>
</html>
    

- 漏洞信息

13149
Xpdf Multiple Unspecified Remote Overflows
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-10-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站