• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: teTeX DVI File Parsing Multiple Vulnerabilities

Severity: CRITICAL

Description:

teTeX is a TeX distribution for UNIX-compatible systems.

The application is prone to multiple vulnerabilities:

- A race-condition vulnerability in the 'dvips' application occurs because the software uses the 'tmpnam' function in an insecure way when converting DVI files. This causes a race condition on the temporary file. Attackers can exploit this issue to modify or view potentially sensitive data. (CVE-2007-5936)

- A stack-based buffer-overflow arises in the 'dvips' library when the application processes a specially crafted DVI file with an overly long hypertext reference. The issue occurs in the 'hpc.c' file and may allow remote attackers to execute arbitrary code in the context of the affected application. To exploit this issue, an attacker must entice the victim to use 'dvips' with the '-z' argument to open a malicious DVI file. (CVE-2007-5935)

- Multiple buffer-overflow vulnerabilities in the 'dviljk' application can occur when an attacker tricks an unsuspecting user into printing a specially crafted, malicious DVI file. (CVE-2007-5937)

Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, or obtain potentially sensitive information.

Affected Products:

• CSTeX cstetex 2.0.2
• Debian Linux 4.0 alpha
• Debian Linux 4.0 amd64
• Debian Linux 4.0 arm
• Debian Linux 4.0 hppa
• Debian Linux 4.0 ia-32
• Debian Linux 4.0 ia-64
• Debian Linux 4.0 m68k
• Debian Linux 4.0 mips
• Debian Linux 4.0 mipsel
• Debian Linux 4.0 powerpc
• Debian Linux 4.0 s/390
• Debian Linux 4.0 sparc
• Foresight Linux Foresight Linux 1.1
• Gentoo Linux
• Gentoo Linux 2007.0
• Linux kernel 2.4.19
• Linux kernel 2.4.21
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 x86_64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 x86_64
• Mandriva Linux Mandrake 2007.1
• Mandriva Linux Mandrake 2007.1 x86_64
• Mandriva Linux Mandrake 2008.0
• Mandriva Linux Mandrake 2008.0 x86_64
• Red Hat Desktop 3.0.0
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux Desktop version 4
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora 7
• Red Hat Fedora Core6
• SuSE Linux 10.0 ppc
• SuSE Linux 10.0 x86
• SuSE Linux 10.0 x86-64
• SuSE Linux 10.1 ppc
• SuSE Linux 10.1 x86
• SuSE Linux 10.1 x86-64
• SuSE Linux Desktop 10
• SuSE Novell Linux Desktop 9.0.0
• SuSE Novell Linux POS 9
• SuSE Open-Enterprise-Server
• SuSE SUSE Linux Enterprise Desktop 10
• SuSE SUSE Linux Enterprise Desktop 10 SP1
• SuSE SUSE Linux Enterprise Server 10 SP1
• SuSE SUSE Linux Enterprise Server 8
• SuSE SuSE Linux Openexchange Server 4.0.0
• SuSE UnitedLinux 1.0.0
• SuSE openSUSE 10.2
• SuSE openSUSE 10.3
• Tex Live TeX Live 2007
• Ubuntu Ubuntu Linux 6.06 LTS amd64
• Ubuntu Ubuntu Linux 6.06 LTS i386
• Ubuntu Ubuntu Linux 6.06 LTS powerpc
• Ubuntu Ubuntu Linux 6.06 LTS sparc
• Ubuntu Ubuntu Linux 6.10 amd64
• Ubuntu Ubuntu Linux 6.10 i386
• Ubuntu Ubuntu Linux 6.10 powerpc
• Ubuntu Ubuntu Linux 6.10 sparc
• Ubuntu Ubuntu Linux 7.04 amd64
• Ubuntu Ubuntu Linux 7.04 i386
• Ubuntu Ubuntu Linux 7.04 powerpc
• Ubuntu Ubuntu Linux 7.04 sparc
• Ubuntu Ubuntu Linux 7.10 amd64
• Ubuntu Ubuntu Linux 7.10 i386
• Ubuntu Ubuntu Linux 7.10 powerpc
• Ubuntu Ubuntu Linux 7.10 sparc
• pTeX pTeX 3.1.10
• rPath rPath Linux 1
• teTeX teTeX 3.0.0

References:

• CVE: CVE-2007-5935
• CVE: CVE-2007-5936
• CVE: CVE-2007-5937
• Debian: Debian Bug report logs - #447081: dvips -z segfault with really long url on \hre
• Gentoo: dviljk ChangeLog
• teTeX: The teTeX Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.