CVE-2003-0204 - OpenCVE

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Kde	Kde

Configuration 1 [-]

OR	cpe:2.3:o:kde:kde:2.0:::::::*
	cpe:2.3:o:kde:kde:2.0.1:::::::*
	cpe:2.3:o:kde:kde:2.1:::::::*
	cpe:2.3:o:kde:kde:2.1.1:::::::*
	cpe:2.3:o:kde:kde:2.1.2:::::::*
	cpe:2.3:o:kde:kde:2.2:::::::*
	cpe:2.3:o:kde:kde:2.2.1:::::::*
	cpe:2.3:o:kde:kde:2.2.2:::::::*
	cpe:2.3:o:kde:kde:3.0:::::::*
	cpe:2.3:o:kde:kde:3.0.1:::::::*
	cpe:2.3:o:kde:kde:3.0.2:::::::*
	cpe:2.3:o:kde:kde:3.0.3:::::::*
	cpe:2.3:o:kde:kde:3.0.3a:::::::*
	cpe:2.3:o:kde:kde:3.0.4:::::::*
	cpe:2.3:o:kde:kde:3.0.5:::::::*
	cpe:2.3:o:kde:kde:3.0.5a:::::::*
	cpe:2.3:o:kde:kde:3.1:::::::*
	cpe:2.3:o:kde:kde:3.1.1:::::::*

References

Link	Resource
http://bugs.kde.org/show_bug.cgi?id=53343
http://bugs.kde.org/show_bug.cgi?id=56808
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
http://marc.info/?l=bugtraq&m=105001557020141&w=2
http://marc.info/?l=bugtraq&m=105012994719099&w=2
http://marc.info/?l=bugtraq&m=105017403010459&w=2
http://marc.info/?l=bugtraq&m=105034222521369&w=2
http://www.debian.org/security/2003/dsa-284	Patch Vendor Advisory
http://www.debian.org/security/2003/dsa-293
http://www.debian.org/security/2003/dsa-296
http://www.kde.org/info/security/advisory-20030409-1.txt	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:049
http://www.redhat.com/support/errata/RHSA-2003-002.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-15T04:00:00

Updated: 2016-10-17T13:57:01

Reserved: 2003-04-14T00:00:00

Link: CVE-2003-0204

JSON object: View

NVD Information

Status : Modified

Published: 2003-05-05T04:00:00.000

Modified: 2016-10-18T02:30:36.440

Link: CVE-2003-0204

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105017403010459&w=2"}, {"name": "MDKSA-2003:049", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:049"}, {"name": "CLA-2003:668", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668"}, {"name": "DSA-296", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2003/dsa-296"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.kde.org/show_bug.cgi?id=53343"}, {"name": "20030414 GLSA: kde-2.x (200304-05.1)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105034222521369&w=2"}, {"name": "CLA-2003:747", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20030409-1.txt"}, {"name": "RHSA-2003:002", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.kde.org/show_bug.cgi?id=56808"}, {"name": "20030410 GLSA: kde-3.x (200304-04)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105001557020141&w=2"}, {"name": "DSA-284", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2003/dsa-284"}, {"name": "DSA-293", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2003/dsa-293"}, {"name": "20030411 GLSA: kde-2.x (200304-05)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105012994719099&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105017403010459&w=2"}, {"name": "MDKSA-2003:049", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:049"}, {"name": "CLA-2003:668", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668"}, {"name": "DSA-296", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-296"}, {"name": "http://bugs.kde.org/show_bug.cgi?id=53343", "refsource": "CONFIRM", "url": "http://bugs.kde.org/show_bug.cgi?id=53343"}, {"name": "20030414 GLSA: kde-2.x (200304-05.1)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105034222521369&w=2"}, {"name": "CLA-2003:747", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747"}, {"name": "http://www.kde.org/info/security/advisory-20030409-1.txt", "refsource": "CONFIRM", "url": "http://www.kde.org/info/security/advisory-20030409-1.txt"}, {"name": "RHSA-2003:002", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-002.html"}, {"name": "http://bugs.kde.org/show_bug.cgi?id=56808", "refsource": "CONFIRM", "url": "http://bugs.kde.org/show_bug.cgi?id=56808"}, {"name": "20030410 GLSA: kde-3.x (200304-04)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105001557020141&w=2"}, {"name": "DSA-284", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-284"}, {"name": "DSA-293", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-293"}, {"name": "20030411 GLSA: kde-2.x (200304-05)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105012994719099&w=2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0204", "datePublished": "2003-04-15T04:00:00", "dateReserved": "2003-04-14T00:00:00", "dateUpdated": "2016-10-17T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6671EEE2-8CEC-41C7-9CF2-23D92A1B3DE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4F3ACDA-8DB4-4E59-B673-021CEBD03D8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C5E480F-A87E-4583-BC75-8596206C0895", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2EF4C94E-54BB-44DB-BB7D-841419C4D3A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B292C704-EDFA-4060-90DF-0A3906DB0AC9", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5DBFB51-48EB-41E5-9712-0A5368EE56A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEAE9343-7A7F-4CB0-8CEF-52D61BD689C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3F531972-E0A7-4E7C-A899-3766CEAAE2EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CEED379-3111-4451-B782-8C66CE568A1C", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B146FCD3-F6E7-4412-94FD-F9E66089C227", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "99CB51E4-0BFC-4C7C-B9EE-3DBCB0188D73", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C629F0C8-C765-4076-B426-80929F9CE285", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "E107A931-B670-42A8-9F75-EEA0EF3D09B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "671D1461-4AB4-4FB6-977D-733888A1BA9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "E268EFFF-6B28-4C64-B052-AFA3BB1E709F", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*", "matchCriteriaId": "CF9B6CD2-7343-4D68-BEC6-A7BB0E0F0962", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F98A556-D640-40F1-92C2-FC262F50F5C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7E2C256-8E9F-4D12-ABF4-FECE06B52CAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer."}, {"lang": "es", "value": "KDE 2 y KDE 3.1.1 y versiones 3.x anteriores permiten a atacantes ejecutar comandos arbitrarios mediante ficheros PostScript (PS) o PDF, relacionado con la falta de argumentos -dSAFER y -dPARANOIDSAFER"}], "id": "CVE-2003-0204", "lastModified": "2016-10-18T02:30:36.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-05-05T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.kde.org/show_bug.cgi?id=53343"}, {"source": "cve@mitre.org", "url": "http://bugs.kde.org/show_bug.cgi?id=56808"}, {"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668"}, {"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105001557020141&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105012994719099&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105017403010459&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105034222521369&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2003/dsa-284"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2003/dsa-293"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2003/dsa-296"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.kde.org/info/security/advisory-20030409-1.txt"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:049"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-002.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}