English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59054
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:230 (tetex)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to tetex
announced via advisory MDKSA-2007:230.

A flaw in the t1lib library where an attacker could create a malicious
file that would cause tetex to crash or possibly execute arbitrary
code when opened (CVE-2007-4033).

Alin Rad Pop found several flaws in how PDF files are handled in tetex.
An attacker could create a malicious PDF file that would cause tetex to
crash or potentially execute arbitrary code when opened (CVE-2007-4352,
CVE-2007-5392, CVE-2007-5393).

A stack-based buffer overflow in dvips in tetex allows for
user-assisted attackers to execute arbitrary code via a DVI file with
a long href tag (CVE-2007-5935).

A vulnerability in dvips in tetex allows local users to obtain
sensitive information and modify certain data by creating certain
temporary files before they are processed by dviljk, which can then
be read or modified in place (CVE-2007-5936).

Multiple buffer overflows in dviljk in tetext may allow users-assisted
attackers to execute arbitrary code via a crafted DVI input file
(CVE-2007-5937).

The updated packages have been patched to correct this issue.

Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:230

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4033
BugTraq ID: 25079
http://www.securityfocus.com/bid/25079
Bugtraq: 20070921 Re: [Full-disclosure] [USN-515-1] t1lib vulnerability (Google Search)
http://www.securityfocus.com/archive/1/480239/100/100/threaded
Bugtraq: 20070921 Re: [USN-515-1] t1lib vulnerability (Google Search)
http://www.securityfocus.com/archive/1/480244/100/100/threaded
Bugtraq: 20080105 rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi (Google Search)
http://www.securityfocus.com/archive/1/485823/100/0/threaded
Bugtraq: 20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts (Google Search)
http://www.securityfocus.com/archive/1/487984/100/0/threaded
Debian Security Information: DSA-1390 (Google Search)
http://www.debian.org/security/2007/dsa-1390
https://www.exploit-db.com/exploits/4227
http://fedoranews.org/updates/FEDORA-2007-234.shtml
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
http://security.gentoo.org/glsa/glsa-200710-12.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:189
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://www.bugtraq.ir/adv/t1lib.txt
https://bugzilla.redhat.com/show_bug.cgi?id=303021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557
http://www.redhat.com/support/errata/RHSA-2007-1027.html
http://www.redhat.com/support/errata/RHSA-2007-1030.html
http://www.redhat.com/support/errata/RHSA-2007-1031.html
http://www.securitytracker.com/id?1018905
http://secunia.com/advisories/26241
http://secunia.com/advisories/26901
http://secunia.com/advisories/26981
http://secunia.com/advisories/26992
http://secunia.com/advisories/27239
http://secunia.com/advisories/27297
http://secunia.com/advisories/27439
http://secunia.com/advisories/27599
http://secunia.com/advisories/27718
http://secunia.com/advisories/27743
http://secunia.com/advisories/28345
http://secunia.com/advisories/30168
SuSE Security Announcement: SUSE-SR:2007:023 (Google Search)
http://www.novell.com/linux/security/advisories/2007_23_sr.html
http://www.ubuntu.com/usn/usn-515-1
XForce ISS Database: php-imagepsloadfont-bo(35620)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35620
Common Vulnerability Exposure (CVE) ID: CVE-2007-4352
BugTraq ID: 26367
http://www.securityfocus.com/bid/26367
Bugtraq: 20071107 Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/483372
Debian Security Information: DSA-1480 (Google Search)
http://www.debian.org/security/2008/dsa-1480
Debian Security Information: DSA-1509 (Google Search)
http://www.debian.org/security/2008/dsa-1509
Debian Security Information: DSA-1537 (Google Search)
http://www.debian.org/security/2008/dsa-1537
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html
http://security.gentoo.org/glsa/glsa-200711-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
http://secunia.com/secunia_research/2007-88/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979
http://www.redhat.com/support/errata/RHSA-2007-1021.html
http://www.redhat.com/support/errata/RHSA-2007-1022.html
http://www.redhat.com/support/errata/RHSA-2007-1024.html
http://www.redhat.com/support/errata/RHSA-2007-1025.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html
http://www.redhat.com/support/errata/RHSA-2007-1029.html
http://secunia.com/advisories/26503
http://secunia.com/advisories/27260
http://secunia.com/advisories/27553
http://secunia.com/advisories/27573
http://secunia.com/advisories/27574
http://secunia.com/advisories/27575
http://secunia.com/advisories/27577
http://secunia.com/advisories/27578
http://secunia.com/advisories/27615
http://secunia.com/advisories/27618
http://secunia.com/advisories/27619
http://secunia.com/advisories/27632
http://secunia.com/advisories/27634
http://secunia.com/advisories/27636
http://secunia.com/advisories/27637
http://secunia.com/advisories/27640
http://secunia.com/advisories/27641
http://secunia.com/advisories/27642
http://secunia.com/advisories/27645
http://secunia.com/advisories/27656
http://secunia.com/advisories/27658
http://secunia.com/advisories/27705
http://secunia.com/advisories/27721
http://secunia.com/advisories/27724
http://secunia.com/advisories/27856
http://secunia.com/advisories/28043
http://secunia.com/advisories/28812
http://secunia.com/advisories/29104
http://secunia.com/advisories/29604
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
SuSE Security Announcement: SUSE-SA:2007:060 (Google Search)
http://www.novell.com/linux/security/advisories/2007_60_pdf.html
http://www.ubuntu.com/usn/usn-542-1
http://www.ubuntu.com/usn/usn-542-2
http://www.vupen.com/english/advisories/2007/3774
http://www.vupen.com/english/advisories/2007/3775
http://www.vupen.com/english/advisories/2007/3776
http://www.vupen.com/english/advisories/2007/3779
http://www.vupen.com/english/advisories/2007/3786
XForce ISS Database: xpdf-dctstreamread-memory-corruption(38306)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38306
Common Vulnerability Exposure (CVE) ID: CVE-2007-5392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036
XForce ISS Database: xpdf-dctstreamreset-bo(38303)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38303
Common Vulnerability Exposure (CVE) ID: CVE-2007-5393
Debian Security Information: DSA-1408 (Google Search)
http://www.debian.org/security/2007/dsa-1408
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9839
http://www.redhat.com/support/errata/RHSA-2007-1023.html
http://www.redhat.com/support/errata/RHSA-2007-1028.html
http://www.redhat.com/support/errata/RHSA-2007-1051.html
http://secunia.com/advisories/27579
http://secunia.com/advisories/27772
XForce ISS Database: xpdf-ccittfaxstreamlookchar-bo(38304)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38304
Common Vulnerability Exposure (CVE) ID: CVE-2007-5935
BugTraq ID: 26469
http://www.securityfocus.com/bid/26469
http://security.gentoo.org/glsa/glsa-200711-26.xml
https://bugzilla.redhat.com/show_bug.cgi?id=368591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311
http://www.securitytracker.com/id?1019058
http://secunia.com/advisories/27672
http://secunia.com/advisories/27686
http://secunia.com/advisories/27967
http://secunia.com/advisories/28107
http://secunia.com/advisories/28412
SuSE Security Announcement: SUSE-SR:2008:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
https://usn.ubuntu.com/554-1/
http://www.vupen.com/english/advisories/2007/3896
Common Vulnerability Exposure (CVE) ID: CVE-2007-5936
http://bugs.gentoo.org/attachment.cgi?id=135423
http://osvdb.org/42238
Common Vulnerability Exposure (CVE) ID: CVE-2007-5937
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.