Xpdf Multiple Remote Stream.CC Vulnerabilities
BID:26367
Info
Xpdf Multiple Remote Stream.CC Vulnerabilities
| Bugtraq ID: | 26367 |
| Class: | Unknown |
| CVE: |
CVE-2007-5392 CVE-2007-5393 CVE-2007-4352 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2007 12:00AM |
| Updated: | Jun 16 2008 10:31PM |
| Credit: | Alin Rad Pop of Secunia Research discovered these issues. |
| Vulnerable: |
Xpdf Xpdf 3.0 pl3 Xpdf Xpdf 3.0 pl2 Xpdf Xpdf 3.0 1pl1 Xpdf Xpdf 3.0 1 Xpdf Xpdf 3.0 0 Xpdf Xpdf 3.02pl1 Xpdf Xpdf 3.01 Xpdf Xpdf 3.0.1 (Patch 2) Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 3.0 x64 Turbolinux Appliance Server 3.0 Turbolinux Appliance Server 2.0 teTeX teTeX 1.0.7 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise SDK 9 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise Desktop 10 SP1 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 Slackware Linux 12.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc rPath rPath Linux 1 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux Extras 4.5.z RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux ES 4.5.z RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Red Hat Fedora Core7 Red Hat Fedora 8 Red Hat Fedora 7 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4.5.z Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux AS 2.1 IA64 Red Hat Enterprise Linux AS 2.1 Red Hat Enterprise Linux 5 Server pTeX pTeX 3.1.10 Poppler poppler 0.5.4 Poppler poppler 0.4.2 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 KDE KOffice 1.6.3 KDE KOffice 1.6.1 KDE KOffice 1.6 KDE KOffice 1.5.91 KDE KOffice 1.5.2 KDE KOffice 1.5 KDE KOffice 1.4.2 KDE KOffice 1.4.1 KDE KOffice 1.4 KDE KOffice 1.3.5 KDE KOffice 1.3.4 KDE KOffice 1.3.3 KDE KOffice 1.3.2 KDE KOffice 1.3.1 KDE KOffice 1.3 beta3 KDE KOffice 1.3 beta2 KDE KOffice 1.3 beta1 KDE KOffice 1.3 KDE KOffice 1.2.92 KDE KOffice 1.2.1 KDE KOffice 1.2 KDE KDE 3.5.8 KDE KDE 3.5.7 KDE KDE 3.5.6 KDE KDE 3.5.5 KDE KDE 3.5.4 KDE KDE 3.5.3 KDE KDE 3.5.2 KDE KDE 3.5.1 KDE KDE 3.5 KDE KDE 3.4.3 KDE KDE 3.4.2 KDE KDE 3.4.1 KDE KDE 3.4 KDE KDE 3.4 KDE KDE 3.3.2 KDE KDE 3.3.2 KDE KDE 3.3.1 KDE KDE 3.3 KDE KDE 3.2.3 KDE KDE 3.2.2 KDE KDE 3.2.1 KDE KDE 3.2 GNOME GPdf 2.8.3 GNOME GPdf 2.8.2 GNOME GPdf 2.8 Gentoo Linux Easy Software Products CUPS 1.2.12 Easy Software Products CUPS 1.1.23 Easy Software Products CUPS 1.1.17 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 CSTeX cstetex 2.0.2 Avaya Aura Application Enablement Services 3.1.3 |
| Not Vulnerable: |
Xpdf Xpdf 3.02pl2 |
Discussion
Xpdf Multiple Remote Stream.CC Vulnerabilities
Xpdf is prone to multiple remote vulnerabilities because of flaws in various functions in the 'Stream.cc' source file.
Attackers exploit these issues by coercing users to view specially crafted PDF files with the affected application.
Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.
Xpdf is prone to multiple remote vulnerabilities because of flaws in various functions in the 'Stream.cc' source file.
Attackers exploit these issues by coercing users to view specially crafted PDF files with the affected application.
Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.
Exploit / POC
Xpdf Multiple Remote Stream.CC Vulnerabilities
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Xpdf Multiple Remote Stream.CC Vulnerabilities
Solution:
Please see the referenced advisories for more information and fixes.
Xpdf Xpdf 3.0.1 (Patch 2)
Xpdf Xpdf 3.01
Xpdf Xpdf 3.0 1
Xpdf Xpdf 3.0 pl2
Xpdf Xpdf 3.0 pl3
KDE KDE 3.5.5
Solution:
Please see the referenced advisories for more information and fixes.
Xpdf Xpdf 3.0.1 (Patch 2)
-
Xpdf xpdf-3.02pl2.patch
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
Xpdf Xpdf 3.01
-
Debian xpdf-common_3.01-9.1+etch2_all.deb
Architecture independent
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9 .1+etch2_all.deb -
Debian xpdf-reader_3.01-9.1+etch2_amd64.deb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_amd64.deb -
Debian xpdf-reader_3.01-9.1+etch2_arm.deb
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_arm.deb -
Debian xpdf-reader_3.01-9.1+etch2_hppa.deb
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_hppa.deb -
Debian xpdf-reader_3.01-9.1+etch2_i386.deb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_i386.deb -
Debian xpdf-reader_3.01-9.1+etch2_ia64.deb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_ia64.deb -
Debian xpdf-reader_3.01-9.1+etch2_mips.deb
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_mips.deb -
Debian xpdf-reader_3.01-9.1+etch2_mipsel.deb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_mipsel.deb -
Debian xpdf-reader_3.01-9.1+etch2_powerpc.deb
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_powerpc.deb -
Debian xpdf-reader_3.01-9.1+etch2_s390.deb
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_s390.deb -
Debian xpdf-reader_3.01-9.1+etch2_sparc.deb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9 .1+etch2_sparc.deb -
Debian xpdf-utils_3.01-9.1+etch2_amd64.deb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_amd64.deb -
Debian xpdf-utils_3.01-9.1+etch2_arm.deb
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_arm.deb -
Debian xpdf-utils_3.01-9.1+etch2_hppa.deb
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_hppa.deb -
Debian xpdf-utils_3.01-9.1+etch2_i386.deb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_i386.deb -
Debian xpdf-utils_3.01-9.1+etch2_ia64.deb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_ia64.deb -
Debian xpdf-utils_3.01-9.1+etch2_mips.deb
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_mips.deb -
Debian xpdf-utils_3.01-9.1+etch2_mipsel.deb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_mipsel.deb -
Debian xpdf-utils_3.01-9.1+etch2_powerpc.deb
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_powerpc.deb -
Debian xpdf-utils_3.01-9.1+etch2_s390.deb
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_s390.deb -
Debian xpdf-utils_3.01-9.1+etch2_sparc.deb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9. 1+etch2_sparc.deb -
Debian xpdf_3.01-9.1+etch2_all.deb
Architecture independent
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch 2_all.deb -
Xpdf xpdf-3.02pl2.patch
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
Xpdf Xpdf 3.0 1
-
Xpdf xpdf-3.02pl2.patch
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
Xpdf Xpdf 3.0 pl2
-
Xpdf xpdf-3.02pl2.patch
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
Xpdf Xpdf 3.0 pl3
-
Xpdf xpdf-3.02pl2.patch
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
KDE KDE 3.5.5
-
KDE post-3.5.5-kdegraphics-CVE-2007-5393.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.5-kdegraphics-CVE- 2007-5393.diff
References
Xpdf Multiple Remote Stream.CC Vulnerabilities
References:
References:
- Xpdf Homepage (Xpdf)
- Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities (Secunia Research
) - Avaya Security Advisory ASA-2007-476 (Avaya)
- KDE Security Advisory: kpdf/kword/xpdf multiple xpdf based vulnerabilities (KDE)
- RHSA-2007:1021-3 cups security update (Red Hat)
- RHSA-2007:1022-2 cups security update (Red Hat)
- RHSA-2007:1023-2 cups security update (Red Hat)
- RHSA-2007:1024-6 - kdegraphics security update (RedHat)
- RHSA-2007:1025-5 gpdf security update (Red Hat)
- RHSA-2007:1026-3 poppler security update (Red Hat)
- RHSA-2007:1027-6 tetex security update (Red Hat)
- RHSA-2007:1028-5 tetex security update (Red Hat)
- RHSA-2007:1029-3 xpdf security update (Red Hat)
- RHSA-2007:1030-3 xpdf security update (Red Hat)
- RHSA-2007:1031-3 xpdf security update (Red Hat)
- RHSA-2007:1051 Important: kdegraphics security update (Red Hat)