Damn Vulnerable Linux - The most vulnerable and exploitable operating system ever - DVL included XPDF vulnerability (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

The No.1 Training Environment for IT-Security in Academia & Industry! Proven during University Lectures and Organizational Training! DVL is for IT-Security educational purposes ONLY! By downloading DVL you agree not to do any illegal actions!

DVL 1.5 has now left planning status. Bug Fixing started!

DVL 1.5 has now left planning status. Bug Fixing started! Some new additions: Lazarus IDE, ArgoUML, BlueJ, Firefox Plugins updated. The DVL Wargame makes progresses as well!

DVL 1.5 now in planning status

DVL 1.5 has now the status "planning". Beside this we work on the concept for 2008. More information, more training and better videos (those which are 100% related to DVL). Stay tuned!

VMWare Player

Damn Vulnerable Linux is prepared to run under VMWare player!

Statistics

Members: 9099
News: 95
Web Links: 0
Visitors: 451469

DVL included XPDF vulnerability (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

Written by Dr. Thorsten Schneider

Secunia Research has discovered some vulnerabilities in Xpdf, which can e exploited by malicious people to compromise a user's system. 1) An array indexing error within the DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be xploited to corrupt memory via a specially crafted PDF file. 2) An integer overflow error within the "DCTStream::reset()" method in pdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. 3) A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter. Successful exploitation may allow execution of arbitrary code.

DVL Project Tracker

DVL 1.5 (Infectious Desease)

95 %

References

IITAC - International Institute (Certification and Training)
University of Bielefeld, Germany, Technical Faculty
Leibnitz University of Hannover, Germany (Secure Software Development Lecture)
University of Applied Sciences and Arts Hannover, Germany (Secure Software Development Lecture)
East Tennessee State University, U.S (Ethical Hacking Class)
University of the Basque Country, Spain (Computer Security Class)
University of Florida, U.S. (Student Infosec Team)
Institute Superieur Maritim, Algeria

License

License for Damn Vulnerable Linux distribution

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.

License for training material including all texts, audios and videos

This work is licensed under a Creative Commons NonCommercial Sampling Plus 1.0 License.

VMWare Player

Who's Online

Statistics

DVL Project Tracker

References

License