Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
cups
(Unknown)
Описание
Обнаруженные уязвимости позволяют удаленному пользователю вызвать отказ в обслуживании приложения или выполнить произвольный код на целевой системе.
Более подробное описание уязвимости:
<a href=http://www.securitylab.ru/vulnerability/242726.php>Множественные">http://www.securitylab.ru/vulnerability/242726.php">http://www.securitylab.ru/vulnerability/242726.php>Множественные переполнения буфера в Xpdf</a>
<a href=http://www.securitylab.ru/vulnerability/243725.php>Множественные">http://www.securitylab.ru/vulnerability/243725.php">http://www.securitylab.ru/vulnerability/243725.php>Множественные целочисленные переполнения в xpdf</a>
Более подробное описание уязвимости:
<a href=http://www.securitylab.ru/vulnerability/242726.php>Множественные">http://www.securitylab.ru/vulnerability/242726.php">http://www.securitylab.ru/vulnerability/242726.php>Множественные переполнения буфера в Xpdf</a>
<a href=http://www.securitylab.ru/vulnerability/243725.php>Множественные">http://www.securitylab.ru/vulnerability/243725.php">http://www.securitylab.ru/vulnerability/243725.php>Множественные целочисленные переполнения в xpdf</a>
Как исправить
Способов устранения уязвимости не существует в настоящее время. Некоторые производители Linux систем выпустили исправление.
https://gna.org/projects/gsimageapps
https://gna.org/projects/gsimageapps
Ссылки
MANDRIVA (MDKSA-2006:008): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:008
DEBIAN (DSA-931): http://www.debian.org/security/2005/dsa-931
DEBIAN (DSA-932): http://www.debian.org/security/2005/dsa-932
DEBIAN (DSA-937): http://www.debian.org/security/2005/dsa-937
DEBIAN (DSA-938): http://www.debian.org/security/2005/dsa-938
DEBIAN (DSA-940): http://www.debian.org/security/2005/dsa-940
MANDRAKE (MDKSA-2006:010): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:010
MANDRIVA (MDKSA-2006:012): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:012
SUSE (SUSE-SA:2006:001): http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
DEBIAN (DSA-936): http://www.debian.org/security/2006/dsa-936
DEBIAN (DSA-950): http://www.debian.org/security/2006/dsa-950
REDHAT (RHSA-2006:0160): http://www.redhat.com/support/errata/RHSA-2006-0160.html
SUSE (SUSE-SR:2006:002): http://www.novell.com/linux/security/advisories/2006_02_sr.html
SGI (20051201-01-U): ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
SGI (20060101-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
DEBIAN (DSA-961): http://www.debian.org/security/2006/dsa-961
DEBIAN (DSA-962): http://www.debian.org/security/2006/dsa-962
FEDORA (FEDORA-2005-1126): http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
FEDORA (FEDORA-2005-1127): http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
FRSIRT (ADV-2005-2787): http://www.frsirt.com/english/advisories/2005/2787
FEDORA (FLSA:175404): http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
SGI (20060201-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
SCO (SCOSA-2006.15): ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
SLACKWARE (SSA:2006-045-04): http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
SLACKWARE (SSA:2006-045-09): http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
MANDRIVA (MDKSA-2006:011): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:011
FEDORA (FLSA-2006:176751): http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
SUSE (SUSE-SR:2005:029): http://www.novell.com/linux/security/advisories/2005_29_sr.html
IDEFENSE (20051205 Multiple Vendor xpdf DCTStream Progressive Heap Overflow): http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
IDEFENSE (Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability): http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
IDEFENSE (20051205 Multiple Vendor xpdf DCTStream Progressive Heap Overflow): http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
IDEFENSE (Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability): http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
REDHAT (RHSA-2005:840): http://www.redhat.com/support/errata/RHSA-2005-840.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
BUGTRAQ (20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice): http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded
BID (15726): http://www.securityfocus.com/bid/15726
BID (15727): http://www.securityfocus.com/bid/15727
FRSIRT (ADV-2005-2786): http://www.frsirt.com/english/advisories/2005/2786
FRSIRT (ADV-2005-2789): http://www.frsirt.com/english/advisories/2005/2789
FRSIRT (ADV-2005-2790): http://www.frsirt.com/english/advisories/2005/2790
SECTRACK (1015309): http://securitytracker.com/id?1015309
SECTRACK (1015324): http://securitytracker.com/id?1015324
http://www.kde.org/info/security/advisory-20051207-1.txt
UBUNTU (USN-227-1): http://www.ubuntulinux.org/usn/usn-227-1
FRSIRT (ADV-2005-2788): http://www.frsirt.com/english/advisories/2005/2788
FRSIRT (ADV-2005-2856): http://www.frsirt.com/english/advisories/2005/2856
FEDORA (FEDORA-2005-1141): http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
FEDORA (FEDORA-2005-1142): http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
GENTOO (GLSA-200512-08): http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
REDHAT (RHSA-2005:867): http://www.redhat.com/support/errata/RHSA-2005-867.html
REDHAT (RHSA-2005:878): http://www.redhat.com/support/errata/RHSA-2005-878.html
XF (xpdf-dctstream-baseline-bo(23444)): http://xforce.iss.net/xforce/xfdb/23444
XF (xpdf-dctstream-progressive-bo(23443)): http://xforce.iss.net/xforce/xfdb/23443
REDHAT (RHSA-2005:868): http://rhn.redhat.com/errata/RHSA-2005-868.html
http://www.kde.org/info/security/advisory-20051207-2.txt
GENTOO (GLSA-200601-02): http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
MANDRIVA (MDKSA-2006:003): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:003
MANDRIVA (MDKSA-2006:004): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:004
MANDRIVA (MDKSA-2006:005): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:005
MANDRIVA (MDKSA-2006:006): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:006
TRUSTIX (TSLSA-2005-0072): http://www.trustix.org/errata/2005/0072/
SCO (SCOSA-2006.20): ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
SCO (SCOSA-2006.21): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
DEBIAN (DSA-931): http://www.debian.org/security/2005/dsa-931
DEBIAN (DSA-932): http://www.debian.org/security/2005/dsa-932
DEBIAN (DSA-937): http://www.debian.org/security/2005/dsa-937
DEBIAN (DSA-938): http://www.debian.org/security/2005/dsa-938
DEBIAN (DSA-940): http://www.debian.org/security/2005/dsa-940
MANDRAKE (MDKSA-2006:010): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:010
MANDRIVA (MDKSA-2006:012): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:012
SUSE (SUSE-SA:2006:001): http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
DEBIAN (DSA-936): http://www.debian.org/security/2006/dsa-936
DEBIAN (DSA-950): http://www.debian.org/security/2006/dsa-950
REDHAT (RHSA-2006:0160): http://www.redhat.com/support/errata/RHSA-2006-0160.html
SUSE (SUSE-SR:2006:002): http://www.novell.com/linux/security/advisories/2006_02_sr.html
SGI (20051201-01-U): ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
SGI (20060101-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
DEBIAN (DSA-961): http://www.debian.org/security/2006/dsa-961
DEBIAN (DSA-962): http://www.debian.org/security/2006/dsa-962
FEDORA (FEDORA-2005-1126): http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
FEDORA (FEDORA-2005-1127): http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
FRSIRT (ADV-2005-2787): http://www.frsirt.com/english/advisories/2005/2787
FEDORA (FLSA:175404): http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
SGI (20060201-01-U): ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
SCO (SCOSA-2006.15): ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
SLACKWARE (SSA:2006-045-04): http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
SLACKWARE (SSA:2006-045-09): http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
MANDRIVA (MDKSA-2006:011): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:011
FEDORA (FLSA-2006:176751): http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
SUSE (SUSE-SR:2005:029): http://www.novell.com/linux/security/advisories/2005_29_sr.html
IDEFENSE (20051205 Multiple Vendor xpdf DCTStream Progressive Heap Overflow): http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
IDEFENSE (Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability): http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
IDEFENSE (20051205 Multiple Vendor xpdf DCTStream Progressive Heap Overflow): http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
IDEFENSE (Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability): http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
REDHAT (RHSA-2005:840): http://www.redhat.com/support/errata/RHSA-2005-840.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
BUGTRAQ (20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice): http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded
BID (15726): http://www.securityfocus.com/bid/15726
BID (15727): http://www.securityfocus.com/bid/15727
FRSIRT (ADV-2005-2786): http://www.frsirt.com/english/advisories/2005/2786
FRSIRT (ADV-2005-2789): http://www.frsirt.com/english/advisories/2005/2789
FRSIRT (ADV-2005-2790): http://www.frsirt.com/english/advisories/2005/2790
SECTRACK (1015309): http://securitytracker.com/id?1015309
SECTRACK (1015324): http://securitytracker.com/id?1015324
http://www.kde.org/info/security/advisory-20051207-1.txt
UBUNTU (USN-227-1): http://www.ubuntulinux.org/usn/usn-227-1
FRSIRT (ADV-2005-2788): http://www.frsirt.com/english/advisories/2005/2788
FRSIRT (ADV-2005-2856): http://www.frsirt.com/english/advisories/2005/2856
FEDORA (FEDORA-2005-1141): http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
FEDORA (FEDORA-2005-1142): http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
GENTOO (GLSA-200512-08): http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
REDHAT (RHSA-2005:867): http://www.redhat.com/support/errata/RHSA-2005-867.html
REDHAT (RHSA-2005:878): http://www.redhat.com/support/errata/RHSA-2005-878.html
XF (xpdf-dctstream-baseline-bo(23444)): http://xforce.iss.net/xforce/xfdb/23444
XF (xpdf-dctstream-progressive-bo(23443)): http://xforce.iss.net/xforce/xfdb/23443
REDHAT (RHSA-2005:868): http://rhn.redhat.com/errata/RHSA-2005-868.html
http://www.kde.org/info/security/advisory-20051207-2.txt
GENTOO (GLSA-200601-02): http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
MANDRIVA (MDKSA-2006:003): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:003
MANDRIVA (MDKSA-2006:004): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:004
MANDRIVA (MDKSA-2006:005): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:005
MANDRIVA (MDKSA-2006:006): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:006
TRUSTIX (TSLSA-2005-0072): http://www.trustix.org/errata/2005/0072/
SCO (SCOSA-2006.20): ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
SCO (SCOSA-2006.21): ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt