CVE-2006-3119
CVSS5.1
发布时间 :2006-07-25 19:04:00
修订时间 :2011-03-07 21:37:51
NMCOPS    

[原文]The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands.


[CNNVD]fbi fbgs framebuffer Postscript/PDF viewer 过滤器绕过漏洞(CNNVD-200607-432)

        fbi 2.01之前版本中的 fbgs framebuffer Postscript/PDF viewer有一个可妨碍过滤器正常工作的输入错误,可以使用户协助式攻击者绕过过滤器并执行恶意的Postscript命令。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3119
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3119
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-432
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2006/dsa-1124
(VENDOR_ADVISORY)  DEBIAN  DSA-1124
http://xforce.iss.net/xforce/xfdb/28038
(UNKNOWN)  XF  fbida-fbgs-typo-security-bypass(28038)
http://www.vupen.com/english/advisories/2006/2982
(UNKNOWN)  VUPEN  ADV-2006-2982
http://www.novell.com/linux/security/advisories/2006_19_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:019
http://secunia.com/advisories/21191
(UNKNOWN)  SECUNIA  21191
http://secunia.com/advisories/21169
(UNKNOWN)  SECUNIA  21169
http://www.securityfocus.com/bid/19131
(UNKNOWN)  BID  19131
http://security.gentoo.org/glsa/glsa-200608-22.xml
(UNKNOWN)  GENTOO  GLSA-200608-22
http://secunia.com/advisories/21599
(UNKNOWN)  SECUNIA  21599
http://secunia.com/advisories/21459
(UNKNOWN)  SECUNIA  21459

- 漏洞信息

fbi fbgs framebuffer Postscript/PDF viewer 过滤器绕过漏洞
中危 设计错误
2006-07-25 00:00:00 2006-08-28 00:00:00
本地  
        fbi 2.01之前版本中的 fbgs framebuffer Postscript/PDF viewer有一个可妨碍过滤器正常工作的输入错误,可以使用户协助式攻击者绕过过滤器并执行恶意的Postscript命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        fbida fbida 2.01
        Debian exiftran_2.01-1.2sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_alpha.deb
        Debian exiftran_2.01-1.2sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_amd64.deb
        Debian exiftran_2.01-1.2sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_arm.deb
        Debian exiftran_2.01-1.2sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_hppa.deb
        Debian exiftran_2.01-1.2sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_i386.deb
        Debian exiftran_2.01-1.2sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_ia64.deb
        Debian exiftran_2.01-1.2sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_m68k.deb
        Debian exiftran_2.01-1.2sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_mips.deb
        Debian exiftran_2.01-1.2sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_mipsel.deb
        Debian exiftran_2.01-1.2sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_powerpc.deb
        Debian exiftran_2.01-1.2sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_s390.deb
        Debian exiftran_2.01-1.2sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge2_sparc.deb
        Debian fbi_2.01-1.2sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ alpha.deb
        Debian fbi_2.01-1.2sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ amd64.deb
        Debian fbi_2.01-1.2sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ arm.deb
        Debian fbi_2.01-1.2sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ hppa.deb
        Debian fbi_2.01-1.2sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ i386.deb
        Debian fbi_2.01-1.2sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ ia64.deb
        Debian fbi_2.01-1.2sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ m68k.deb
        Debian fbi_2.01-1.2sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ mips.deb
        Debian fbi_2.01-1.2sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ mipsel.deb
        Debian fbi_2.01-1.2sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ powerpc.deb
        Debian fbi_2.01-1.2sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ s390.deb
        Debian fbi_2.01-1.2sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ sparc.deb
        

- 漏洞信息 (F48566)

Debian Linux Security Advisory 1124-1 (PacketStormID:F48566)
2006-07-26 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-3119
[点击下载]

Debian Security Advisory 1124-1 - Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer contains a typo, which prevents the intended filter against malicious postscript commands from working correctly. This might lead to the deletion of user data when displaying a postscript file.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1124-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 24th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : fbi
Vulnerability  : typo
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2006-3119

Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer
contains a typo, which prevents the intended filter against malicious
postscript commands from working correctly. This might lead to the
deletion of user data when displaying a postscript file.

For the stable distribution (sarge) this problem has been fixed in
version 2.01-1.2sarge2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your fbi package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2.dsc
      Size/MD5 checksum:      735 36d0568b3c180e41cb1f6df809ff5e5b
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2.diff.gz
      Size/MD5 checksum:     5088 3b4e9623e4aa9d333c3aee47c42f3422
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01.orig.tar.gz
      Size/MD5 checksum:   205822 7bf21eae612fd457155533a83ab075c2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_alpha.deb
      Size/MD5 checksum:    29542 b0a4b4a73a93bda7243fea211f5ead9f
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_alpha.deb
      Size/MD5 checksum:    67686 303fed22421dda6d18e541425c6a945f

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_amd64.deb
      Size/MD5 checksum:    24528 359cf3eadf6294c39b4fe2b185aa1167
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_amd64.deb
      Size/MD5 checksum:    57384 cb5af6bbe2bd5ea99966eab903f220bf

  ARM architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_arm.deb
      Size/MD5 checksum:    22494 4a750437cdd4fcb2049e8c33b5231b64
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_arm.deb
      Size/MD5 checksum:    51232 240a6f9509c00477bcbefe80a0fb7e70

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_i386.deb
      Size/MD5 checksum:    22712 809f7d0fcfce407e5679305b07b69967
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_i386.deb
      Size/MD5 checksum:    52200 e2b4fdc29c3787d0a843415c5e62bcc1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_ia64.deb
      Size/MD5 checksum:    33896 a60373a4938640174dc80b34c65dadc4
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ia64.deb
      Size/MD5 checksum:    79814 6b6bfc5816ca014e4d290b05834eceac

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_hppa.deb
      Size/MD5 checksum:    26914 164ccc167aa0fda01d9535c65db000cc
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_hppa.deb
      Size/MD5 checksum:    60222 c215390ee5bef416b5a9eb9ad0b16a2e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_m68k.deb
      Size/MD5 checksum:    20754 006ed3c7e982e08d14860282ac312fad
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_m68k.deb
      Size/MD5 checksum:    47324 63732b97562e3b2e8f801128faf8b8b4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_mips.deb
      Size/MD5 checksum:    26048 211c8a4c5398e403b7d7f4a1a4bb3c4f
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_mips.deb
      Size/MD5 checksum:    59498 6e68121650840d81e04b1bec82156f5c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_mipsel.deb
      Size/MD5 checksum:    26122 74ffc8475a2acf27af99b83b7cd0cbc6
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_mipsel.deb
      Size/MD5 checksum:    59234 6b976898ad8c23b7da53449d6af2c3e0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_powerpc.deb
      Size/MD5 checksum:    25978 ec0d5e88f5e7c908ce7c053485ca415a
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_powerpc.deb
      Size/MD5 checksum:    57298 996b2e6523767b439583dad7c511df83

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_s390.deb
      Size/MD5 checksum:    24472 8c030047c8d631a6a1c01079e7d352e7
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_s390.deb
      Size/MD5 checksum:    58050 e5bebfa9b1c7ab4a0cfac3bc8f5f4541

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_sparc.deb
      Size/MD5 checksum:    23074 5c0854fb34e3c6da7c12991dedae0910
    http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_sparc.deb
      Size/MD5 checksum:    52484 72496fbe05968cfb7bd185414629033f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFExQaRXm3vHE4uyloRAiQgAJ4qPeQ93sCM0w86nEIW1z7QsRx4ywCgu+ez
4jdvLmA2K7QbRl205/2QqdI=
=79Oc
-----END PGP SIGNATURE-----





    

- 漏洞信息

27514
fbida fbgs Arbitrary Postscript Code Execution
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-24 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

FBGS PostScript Filter Bypass Vulnerability
Design Error 19131
No Yes
2006-07-24 12:00:00 2006-08-23 11:34:00
Toth Andras has been credited with the discovery of this vulnerability.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
Gentoo Linux
fbida fbida 2.03
fbida fbida 2.01
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

The 'fbgs' utility is prone to a filter-bypass vulnerability. This issue occurs because the application fails to filter malicious PostScript commands properly.

An attacker can exploit this issue by deleting user data while displaying a PostScript file.

- 漏洞利用

Attackers create malicious PostScript files to exploit this issue; no specific exploit application is required.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

Please see the referenced advisories for more information.


fbida fbida 2.01

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站