[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2005.42 Xpdf PDF Viewer Multiple Vulnerabilities
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2005.42 Xpdf PDF Viewer Multiple Vulnerabilities
- From: security@xxxxxxx
- Date: Thu, 20 Oct 2005 14:14:23 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.7 OpenServer 6.0.0 : Xpdf PDF Viewer
Multiple Vulnerabilities
Advisory number: SCOSA-2005.42
Issue date: 2005 October 18
Cross reference: sr894841 fz532914 erg712913
sr894861 fz532913 erg712914
CAN-2004-1125 CAN-2005-0064 CAN-2005-2097
______________________________________________________________________________
1. Problem Description
Xpdf is an open-source viewer for Portable Document Format (PDF)
files.
Buffer overflow in xpdf 3.00, allows remote attackers to cause a
denial of service (application crash) and possibly execute
arbitrary code via a crafted PDF file that causes the boundaries
of a maskColors array to be exceeded.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1125 to this issue.
Buffer overflow in xpdf 3.00 and earlier allows remote attackers
to execute arbitrary code via a PDF file with a large /Encrypt
/Length keyLength value.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0064 to this issue.
xpdf do not properly validate the "loca" table in PDF files, which
allows local users to cause a denial of service (disk consumption
and hang) via a PDF file with a "broken" loca table, which causes
a large temporary file to be created when xpdf attempts to
reconstruct the information.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-2097 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 xpdf distribution
OpenServer 6.0.0 xpdf distribution
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/507
4.2 Verification
MD5 (VOL.000.000) = 91322dcd210248ba4607235cb3e09436
MD5 (VOL.000.001) = c846cdfce81f1487c3684ee3af046fa5
MD5 (VOL.000.002) = be20d0832276353840517a3315853044
MD5 (VOL.000.003) = 748004313dcaf8827edc261ee196c035
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.
5. OpenServer 6.0.0
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/600
5.2 Verification
MD5 (VOL.000.000) = 2aa83f054b614c2db53418111bd2bfb0
MD5 (VOL.000.001) = e93806f0d79c1f9a925aeed1f4b7f659
MD5 (VOL.000.002) = 130e116d8463b57592955064a6e86fd6
MD5 (VOL.000.003) = a2d2a47f067527aa5a28c1a9721257b6
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.
6. References
Specific references for this advisory:
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents:
sr894841 fz532914 erg712913
sr894861 fz532913 erg712914
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)
iD8DBQFDVWDWaqoBO7ipriERAmJgAJ0d2AivC+71xWSPdrXYhJKpml0t3QCfSJiF
ka+J/vTtjx3Te+mMsG+ldeI=
=d7RF
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/