[转载]XPDF多个未明安全漏洞
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])发布时间:2006-2-23 15:00:52
文章作者:ADLab
文章来源:启明星辰
BUGTRAQ ID: 16748
CNCAN ID:CNCAN-2006022309
漏洞消息时间:2006-02-22
漏洞起因
未明错误
影响系统
Xpdf Xpdf 3.0 pl3
Xpdf Xpdf 3.0 pl2
Xpdf Xpdf 3.0 1pl1
Xpdf Xpdf 3.0 1
Xpdf Xpdf 3.0 0
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ RedHat Fedora Core3
+ RedHat Fedora Core2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Xpdf Xpdf 2.0 3
Xpdf Xpdf 2.0 2
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux WS 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux AS 3
Xpdf Xpdf 2.0 1
+ Conectiva Linux 9.0
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ MandrakeSoft Linux Mandrake 9.1
+ Terra Soft Solutions Yellow Dog Linux 3.0
Xpdf Xpdf 2.0
Xpdf Xpdf 1.0 1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Linux Mandrake 9.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 7.2
Xpdf Xpdf 1.0 0a
Xpdf Xpdf 1.0 0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Xpdf Xpdf 0.93
+ Conectiva Linux 8.0
Xpdf Xpdf 0.92
+ Conectiva Linux 7.0
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ Turbolinux Turbolinux 6.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0
Xpdf Xpdf 0.91
- Debian Linux 2.2
Xpdf Xpdf 0.90
+ Caldera OpenLinux Desktop 2.3
+ Caldera OpenLinux eBuilder 3.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
危害
远程攻击者可以利用漏洞进行缓冲区溢出或者拒绝服务攻击。
攻击所需条件
攻击者必须构建恶意PDF文件,诱使用户处理。
漏洞信息
XPDF是一款流行的PDF档查看程序。
XPDF存在多个未明安全问题,远程攻击者可以利用漏洞进行缓冲区溢出或者拒绝服务攻击。
厂商解决方案
Debian Linux可参考如下补丁:
[url]http://www.us.debian.org/security/2006/dsa-979[/url]
漏洞提供者
Derek Noonburg
漏洞消息链接
[url]http://www.us.debian.org/security/2006/dsa-979[/url]
漏洞消息标题
DSA-979-1 pdfkit.framework -- several vulnerabilities
页:
[1]