| Vulnerability Name: | CVE-2003-0204 (CCN-11767) | ||||||||||||||||||||
| Assigned: | 2003-04-09 | ||||||||||||||||||||
| Published: | 2003-04-09 | ||||||||||||||||||||
| Updated: | 2016-10-18 | ||||||||||||||||||||
| Summary: | KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Apr 10 2003 - 08:16:02 CDT KDE Security Advisory: PS/PDF file handling vulnerability Source: CONFIRM Type: UNKNOWN http://bugs.kde.org/show_bug.cgi?id=53343 Source: CONFIRM Type: UNKNOWN http://bugs.kde.org/show_bug.cgi?id=56808 Source: MITRE Type: CNA CVE-2003-0204 Source: CONECTIVA Type: UNKNOWN CLA-2003:668 Source: CONECTIVA Type: UNKNOWN CLA-2003:747 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:668 kde Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:747 kde Source: BUGTRAQ Type: UNKNOWN 20030410 GLSA: kde-3.x (200304-04) Source: BUGTRAQ Type: UNKNOWN 20030411 GLSA: kde-2.x (200304-05) Source: BUGTRAQ Type: UNKNOWN 20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12 Source: BUGTRAQ Type: UNKNOWN 20030414 GLSA: kde-2.x (200304-05.1) Source: CCN Type: RHSA-2003-002 Updated KDE packages fix security issues Source: CCN Type: RHSA-2003-146 kdebase security update Source: CCN Type: CIAC Information Bulletin N-095 Red Hat Multiple Vulnerabilities in KDE Source: DEBIAN Type: Patch, Vendor Advisory DSA-284 Source: DEBIAN Type: UNKNOWN DSA-293 Source: DEBIAN Type: UNKNOWN DSA-296 Source: DEBIAN Type: DSA-284 kdegraphics -- insecure execution Source: DEBIAN Type: DSA-293 kdelibs -- insecure execution Source: DEBIAN Type: DSA-296 kdebase -- insecure execution Source: CCN Type: KDE Security Advisory 2003-04-09 PS/PDF file handling vulnerability Source: CONFIRM Type: Patch, Vendor Advisory http://www.kde.org/info/security/advisory-20030409-1.txt Source: CCN Type: Gentoo Linux Security Announcement 200304-04 kde-3.x arbitrary code execution Source: CCN Type: Gentoo Linux Security Announcement 200304-05 kde-2.x arbitrary code execution Source: CCN Type: Gentoo Linux Security Announcement 200304-05.1 kde-2.x arbitrary code execution Source: CCN Type: Gentoo Linux Security Announcement 200304-04.1 kdegraphics-3.1.x arbitrary code execution Source: MANDRAKE Type: UNKNOWN MDKSA-2003:049 Source: REDHAT Type: UNKNOWN RHSA-2003:002 Source: CCN Type: BID-7318 KDE Postscript/PDF File Processing Arbitrary Command Execution Vulnerability Source: CCN Type: slackware-security Mailing List, Thu Apr 17 15:32:15 PDT 2003 [slackware-security] Updated KDE packages available Source: CCN Type: TLSA-2003-28 PS/PDF file handling vulnerability Source: XF Type: UNKNOWN kde-ps-command-execution(11767) | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||