(Gentoo Issues Fix) 'gv' Postscript and PDF File Viewer Buffer Overflow May Execute Remotely Supplied Code in Malicioius Postscript or PDF Files
|
|
SecurityTracker Alert ID: 1010950
|
|
SecurityTracker URL: http://securitytracker.com/id?1010950
|
|
CVE Reference: CAN-2002-0838
(Links to External Site)
|
Date: Aug 13 2004
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 3.5.8
|
Description: A buffer overflow vulnerability was reported in the 'gv' postscript and PDF file viewer. A remote user can create a malicious file that, when viewed by the target user, will cause arbitrary code to be executed.
iDEFENSE reported that there is a buffer oveflow due to an unsafe sscanf() call.
A demonstration exploit is provided in the Source
Message (it is Base64 encoded). A demonstration exploit transcript is also provided:
[root@victim]# ls -al /tmp/itworked
/bin/ls:
/tmp/itworked: No such file or directory
[root@victim]# gv gv-exploit.pdf
[root@victim]# ls -al /tmp/itworked
- -rw-r--r--
1 root root 0 Aug 22 16:50 /tmp/itworked
|
Impact: A remote user can create a malicious file that, when viewed by gv, will cause arbitrary code to be executed by the target user's gv viewer. The code will run with the privileges of the target user.
|
Solution: Gentoo has released a fix and indicates that all gv users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-text/gv-3.5.8-r4"
# emerge ">=app-text/gv-3.5.8-r4"
|
Vendor URL: wwwthep.physik.uni-mainz.de/~plass/gv/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Gentoo)
|
Reported By: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 12 Aug 2004 13:33:07 +0200
From: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Subject: [gentoo-announce] [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: gv: Exploitable Buffer Overflow
Date: August 12, 2004
Bugs: #59385
ID: 200408-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
gv contains an exploitable buffer overflow that allows an attacker to
execute arbitrary code.
Background
==========
gv is a PostScript and PDF viewer for X which provides a user interface
for the ghostscript interpreter.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/gv <= 3.5.8-r3 >= 3.5.8-r4
Description
===========
gv contains a buffer overflow vulnerability where an unsafe sscanf()
call is used to interpret PDF and PostScript files.
Impact
======
By enticing a user to view a malformed PDF or PostScript file an
attacker could execute arbitrary code with the permissions of the user
running gv.
Workaround
==========
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of gv.
Resolution
==========
All gv users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-text/gv-3.5.8-r4"
# emerge ">=app-text/gv-3.5.8-r4"
References
==========
[ 1 ] CAN-2002-0838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200408-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/1.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBG1VzzKC5hMHO6rkRAnvTAJ4qHGounyrnZD4LdkcYK+edrKDlkgCeJgjz
VixGMT9TOgt24mDQyFJa018=
=FofW
-----END PGP SIGNATURE-----
|
|
