English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 134041 CVE Beschreibungen
und 69903 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.63967
Kategorie:FreeBSD Local Security Checks
Titel:FreeBSD Ports: cups-base
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: cups-base

CVE-2009-0163
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow.

CVE-2009-0164
The web interface for CUPS before 1.3.10 does not validate the HTTP
Host header in a client request, which makes it easier for remote
attackers to conduct DNS rebinding attacks.

CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, and other products allow remote
attackers to cause a denial of service (crash) via a crafted PDF file,
related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.

CVE-2009-0147
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, and other products allow remote
attackers to cause a denial of service (crash) via a crafted PDF file,
related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3)
JBIG2Stream::readGenericBitmap.

CVE-2009-0166
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
and other products allows remote attackers to cause a denial of
service (crash) via a crafted PDF file that triggers a free of
uninitialized memory.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://www.cups.org/articles.php?L582
http://www.vuxml.org/freebsd/736e55bc-39bb-11de-a493-001b77d09812.html

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 34571
BugTraq ID: 34665
BugTraq ID: 34568
Common Vulnerability Exposure (CVE) ID: CVE-2009-0163
Bugtraq: 20090417 rPSA-2009-0061-1 cups (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502750/100/0/threaded
Debian Security Information: DSA-1773 (Google Search)
http://www.debian.org/security/2009/dsa-1773
http://security.gentoo.org/glsa/glsa-200904-20.xml
http://www.redhat.com/support/errata/RHSA-2009-0428.html
http://www.redhat.com/support/errata/RHSA-2009-0429.html
SuSE Security Announcement: SUSE-SA:2009:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://www.ubuntu.com/usn/usn-760-1
http://www.securityfocus.com/bid/34571
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546
http://www.securitytracker.com/id?1022070
http://secunia.com/advisories/34481
http://secunia.com/advisories/34722
http://secunia.com/advisories/34852
http://secunia.com/advisories/34756
http://secunia.com/advisories/34747
Common Vulnerability Exposure (CVE) ID: CVE-2009-0164
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.securityfocus.com/bid/34665
http://secunia.com/advisories/35074
http://www.vupen.com/english/advisories/2009/1297
Common Vulnerability Exposure (CVE) ID: CVE-2009-0146
Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502761/100/0/threaded
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Debian Security Information: DSA-1790 (Google Search)
http://www.debian.org/security/2009/dsa-1790
Debian Security Information: DSA-1793 (Google Search)
http://www.debian.org/security/2009/dsa-1793
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
RedHat Security Advisories: RHSA-2009:0458
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://www.securityfocus.com/bid/34568
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632
http://www.securitytracker.com/id?1022073
http://secunia.com/advisories/34755
http://secunia.com/advisories/34291
http://secunia.com/advisories/34959
http://secunia.com/advisories/34963
http://secunia.com/advisories/35037
http://secunia.com/advisories/35065
http://secunia.com/advisories/34991
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://secunia.com/advisories/35685
http://www.vupen.com/english/advisories/2009/1065
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2010/1040
Common Vulnerability Exposure (CVE) ID: CVE-2009-0147
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941
Common Vulnerability Exposure (CVE) ID: CVE-2009-0166
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 69903 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2018 E-Soft Inc. Alle Rechte vorbehalten.