Mandrake Linux Security Advisory : tetex (MDKSA-2007:230)

High Nessus Plugin ID 28324


The remote Mandrake Linux host is missing one or more security updates.


A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened (CVE-2007-4033).

Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).

A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag (CVE-2007-5935).

A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place (CVE-2007-5936).

Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file (CVE-2007-5937).

The updated packages have been patched to correct this issue.


Update the affected packages.

Plugin Details

Severity: High

ID: 28324

File Name: mandrake_MDKSA-2007-230.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2007/11/26

Modified: 2016/11/28

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:jadetex, p-cpe:/a:mandriva:linux:tetex, p-cpe:/a:mandriva:linux:tetex-afm, p-cpe:/a:mandriva:linux:tetex-context, p-cpe:/a:mandriva:linux:tetex-devel, p-cpe:/a:mandriva:linux:tetex-doc, p-cpe:/a:mandriva:linux:tetex-dvilj, p-cpe:/a:mandriva:linux:tetex-dvipdfm, p-cpe:/a:mandriva:linux:tetex-dvips, p-cpe:/a:mandriva:linux:tetex-latex, p-cpe:/a:mandriva:linux:tetex-mfwin, p-cpe:/a:mandriva:linux:tetex-texi2html, p-cpe:/a:mandriva:linux:tetex-usrlocal, p-cpe:/a:mandriva:linux:tetex-xdvi, p-cpe:/a:mandriva:linux:xmltex, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2007/11/20

Reference Information

CVE: CVE-2007-4033, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, CVE-2007-5935, CVE-2007-5936, CVE-2007-5937

BID: 25079, 26367, 26469

MDKSA: 2007:230

CWE: 119, 264