ID CVE-2006-3119
Summary The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands.
References
Vulnerable Configurations
  • cpe:2.3:a:fbi:fbi:2.00
    cpe:2.3:a:fbi:fbi:2.00
CVSS
Base: 5.1 (as of 27-07-2006 - 10:53)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1124.NASL
    description Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer contains a typo, which prevents the intended filter against malicious postscript commands from working correctly. This might lead to the deletion of user data when displaying a postscript file.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22666
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22666
    title Debian DSA-1124-1 : fbi - typo
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FBI-1915.NASL
    description The fbgs program did not activate security options in the postscript interpreter due to a typo (CVE-2006-3119). fbgs also used a temporary directory with predictable name (CVE-2006-1695).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27212
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27212
    title openSUSE 10 Security Update : fbi (fbi-1915)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-22 (fbida: Arbitrary command execution) Toth Andras has discovered a typographic mistake in the 'fbgs' script, shipped with fbida if the 'fbcon' and 'pdf' USE flags are both enabled. This script runs 'gs' without the -dSAFER option, thus allowing a PostScript file to execute, delete or create any kind of file on the system. Impact : A remote attacker can entice a vulnerable user to view a malicious PostScript or PDF file with fbgs, which may result with the execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22284
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22284
    title GLSA-200608-22 : fbida: Arbitrary command execution
refmap via4
bid 19131
debian DSA-1124
gentoo GLSA-200608-22
secunia
  • 21169
  • 21191
  • 21459
  • 21599
suse SUSE-SR:2006:019
vupen ADV-2006-2982
xf fbida-fbgs-typo-security-bypass(28038)
Last major update 07-03-2011 - 21:37
Published 25-07-2006 - 19:04
Last modified 19-07-2017 - 21:32
Back to Top