发布时间 :2006-07-25 19:04:00
修订时间 :2011-03-07 21:37:51

[原文]The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands.

[CNNVD]fbi fbgs framebuffer Postscript/PDF viewer 过滤器绕过漏洞(CNNVD-200607-432)

        fbi 2.01之前版本中的 fbgs framebuffer Postscript/PDF viewer有一个可妨碍过滤器正常工作的输入错误,可以使用户协助式攻击者绕过过滤器并执行恶意的Postscript命令。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  fbida-fbgs-typo-security-bypass(28038)
(UNKNOWN)  VUPEN  ADV-2006-2982
(UNKNOWN)  BID  19131

- 漏洞信息

fbi fbgs framebuffer Postscript/PDF viewer 过滤器绕过漏洞
中危 设计错误
2006-07-25 00:00:00 2006-08-28 00:00:00
        fbi 2.01之前版本中的 fbgs framebuffer Postscript/PDF viewer有一个可妨碍过滤器正常工作的输入错误,可以使用户协助式攻击者绕过过滤器并执行恶意的Postscript命令。

- 公告与补丁

        fbida fbida 2.01
        Debian exiftran_2.01-1.2sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge rge2_alpha.deb
        Debian exiftran_2.01-1.2sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge rge2_amd64.deb
        Debian exiftran_2.01-1.2sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge rge2_arm.deb
        Debian exiftran_2.01-1.2sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge rge2_hppa.deb
        Debian exiftran_2.01-1.2sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge rge2_i386.deb
        Debian exiftran_2.01-1.2sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge rge2_ia64.deb
        Debian exiftran_2.01-1.2sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge rge2_m68k.deb
        Debian exiftran_2.01-1.2sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge rge2_mips.deb
        Debian exiftran_2.01-1.2sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge rge2_mipsel.deb
        Debian exiftran_2.01-1.2sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge rge2_powerpc.deb
        Debian exiftran_2.01-1.2sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge rge2_s390.deb
        Debian exiftran_2.01-1.2sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge rge2_sparc.deb
        Debian fbi_2.01-1.2sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge alpha.deb
        Debian fbi_2.01-1.2sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge amd64.deb
        Debian fbi_2.01-1.2sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge arm.deb
        Debian fbi_2.01-1.2sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge hppa.deb
        Debian fbi_2.01-1.2sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge i386.deb
        Debian fbi_2.01-1.2sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge ia64.deb
        Debian fbi_2.01-1.2sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge m68k.deb
        Debian fbi_2.01-1.2sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge mips.deb
        Debian fbi_2.01-1.2sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge mipsel.deb
        Debian fbi_2.01-1.2sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge powerpc.deb
        Debian fbi_2.01-1.2sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge s390.deb
        Debian fbi_2.01-1.2sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge sparc.deb

- 漏洞信息 (F48566)

Debian Linux Security Advisory 1124-1 (PacketStormID:F48566)
2006-07-26 00:00:00

Debian Security Advisory 1124-1 - Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer contains a typo, which prevents the intended filter against malicious postscript commands from working correctly. This might lead to the deletion of user data when displaying a postscript file.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1124-1                                   Moritz Muehlenhoff
July 24th, 2006               
- --------------------------------------------------------------------------

Package        : fbi
Vulnerability  : typo
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2006-3119

Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer
contains a typo, which prevents the intended filter against malicious
postscript commands from working correctly. This might lead to the
deletion of user data when displaying a postscript file.

For the stable distribution (sarge) this problem has been fixed in
version 2.01-1.2sarge2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your fbi package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      735 36d0568b3c180e41cb1f6df809ff5e5b
      Size/MD5 checksum:     5088 3b4e9623e4aa9d333c3aee47c42f3422
      Size/MD5 checksum:   205822 7bf21eae612fd457155533a83ab075c2

  Alpha architecture:
      Size/MD5 checksum:    29542 b0a4b4a73a93bda7243fea211f5ead9f
      Size/MD5 checksum:    67686 303fed22421dda6d18e541425c6a945f

  AMD64 architecture:
      Size/MD5 checksum:    24528 359cf3eadf6294c39b4fe2b185aa1167
      Size/MD5 checksum:    57384 cb5af6bbe2bd5ea99966eab903f220bf

  ARM architecture:
      Size/MD5 checksum:    22494 4a750437cdd4fcb2049e8c33b5231b64
      Size/MD5 checksum:    51232 240a6f9509c00477bcbefe80a0fb7e70

  Intel IA-32 architecture:
      Size/MD5 checksum:    22712 809f7d0fcfce407e5679305b07b69967
      Size/MD5 checksum:    52200 e2b4fdc29c3787d0a843415c5e62bcc1

  Intel IA-64 architecture:
      Size/MD5 checksum:    33896 a60373a4938640174dc80b34c65dadc4
      Size/MD5 checksum:    79814 6b6bfc5816ca014e4d290b05834eceac

  HP Precision architecture:
      Size/MD5 checksum:    26914 164ccc167aa0fda01d9535c65db000cc
      Size/MD5 checksum:    60222 c215390ee5bef416b5a9eb9ad0b16a2e

  Motorola 680x0 architecture:
      Size/MD5 checksum:    20754 006ed3c7e982e08d14860282ac312fad
      Size/MD5 checksum:    47324 63732b97562e3b2e8f801128faf8b8b4

  Big endian MIPS architecture:
      Size/MD5 checksum:    26048 211c8a4c5398e403b7d7f4a1a4bb3c4f
      Size/MD5 checksum:    59498 6e68121650840d81e04b1bec82156f5c

  Little endian MIPS architecture:
      Size/MD5 checksum:    26122 74ffc8475a2acf27af99b83b7cd0cbc6
      Size/MD5 checksum:    59234 6b976898ad8c23b7da53449d6af2c3e0

  PowerPC architecture:
      Size/MD5 checksum:    25978 ec0d5e88f5e7c908ce7c053485ca415a
      Size/MD5 checksum:    57298 996b2e6523767b439583dad7c511df83

  IBM S/390 architecture:
      Size/MD5 checksum:    24472 8c030047c8d631a6a1c01079e7d352e7
      Size/MD5 checksum:    58050 e5bebfa9b1c7ab4a0cfac3bc8f5f4541

  Sun Sparc architecture:
      Size/MD5 checksum:    23074 5c0854fb34e3c6da7c12991dedae0910
      Size/MD5 checksum:    52484 72496fbe05968cfb7bd185414629033f

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.3 (GNU/Linux)



- 漏洞信息

fbida fbgs Arbitrary Postscript Code Execution
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-24 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

FBGS PostScript Filter Bypass Vulnerability
Design Error 19131
No Yes
2006-07-24 12:00:00 2006-08-23 11:34:00
Toth Andras has been credited with the discovery of this vulnerability.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
Gentoo Linux
fbida fbida 2.03
fbida fbida 2.01
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

The 'fbgs' utility is prone to a filter-bypass vulnerability. This issue occurs because the application fails to filter malicious PostScript commands properly.

An attacker can exploit this issue by deleting user data while displaying a PostScript file.

- 漏洞利用

Attackers create malicious PostScript files to exploit this issue; no specific exploit application is required.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at:

Please see the referenced advisories for more information.

fbida fbida 2.01

- 相关参考