Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Two Gentoo Linux Security Advisories: 1. GLSA 200502-09 - Python: Arbitrary code execution through SimpleXMLRPCServer 2. GLSA 200502-10 - pdftohtml: Vulnerabilities in included Xpdf

February 2005

Two Gentoo Linux Security Advisories: 1. GLSA 200502-09 - Python: Arbitrary code execution through SimpleXMLRPCServer 2. GLSA 200502-10 - pdftohtml: Vulnerabilities in included Xpdf

ID: 00120
Ref: 103/2005
Date: 10 February 2005:14:09:54
Version: 1
Title: Two Gentoo Linux Security Advisories: 1. GLSA 200502-09 - Python: Arbitrary code execution through SimpleXMLRPCServer 2. GLSA 200502-10 - pdftohtml: Vulnerabilities in included Xpdf
Abstract:
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo

Title
=====

Two Gentoo Linux Security Advisories:

1. GLSA 200502-09 - Python: Arbitrary code execution through SimpleXMLRPCServer

2. GLSA 200502-10 - pdftohtml: Vulnerabilities in included Xpdf


Detail
======

1. Python-based XML-RPC servers may be vulnerable to remote execution of arbitrary code.

2. pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to
execution of arbitrary code upon converting a malicious PDF file.



1.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Python: Arbitrary code execution through SimpleXMLRPCServer
Date: February 08, 2005
Bugs: #80592
ID: 200502-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Python-based XML-RPC servers may be vulnerable to remote execution of arbitrary code.

Background
==========

Python is an interpreted, interactive, object-oriented, cross-platform programming language.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/python <= 2.3.4 >= 2.3.4-r1
*>= 2.3.3-r2
*>= 2.2.3-r6

Description
===========

Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library
that use the register_instance() method to register an object without a _dispatch() method are
vulnerable to a flaw allowing to read or modify globals of the associated module.

Impact
======

A remote attacker may be able to exploit the flaw in such XML-RPC servers to execute arbitrary
code on the server host with the rights of the XML-RPC server.

Workaround
==========

Python users that don't make use of any SimpleXMLRPCServer-based XML-RPC servers, or making use
of servers using only the register_function() method are not affected.


Resolution
==========

All Python users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose dev-lang/python

References
==========

[ 1 ] CAN-2005-0089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089
[ 2 ] Python PSF-2005-001
http://www.python.org/security/PSF-2005-001/

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200502-09.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security
of our users machines is of utmost importance to us. Any security concerns should be addressed
to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0





2.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: pdftohtml: Vulnerabilities in included Xpdf
Date: February 09, 2005
Bugs: #78629
ID: 200502-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file.

Background
==========

pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/pdftohtml < 0.36-r3 >= 0.36-r3

Description
===========

Xpdf is vulnerable to a buffer overflow, as described in GLSA 200501-28.

Impact
======

An attacker could entice a user to convert a specially-crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running pdftohtml.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All pdftohtml users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/pdftohtml-0.36-r3"

References
==========

[ 1 ] GLSA 200501-28
http://www.gentoo.org/security/en/glsa/glsa-200501-28.xml
[ 2 ] CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200502-10.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@niscc.gov.uk

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Gentoo for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |