 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.100685 |
| Categoría: | Privilege escalation |
| Título: | CUPS < 1.4.4 Multiple DoS and Privilege Escalation Vulnerabilities |
| Resumen: | CUPS (Common UNIX Printing System) service is prone to multiple; vulnerabilities. |
| Descripción: | Summary: CUPS (Common UNIX Printing System) service is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2010-0542: The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem does not check the return values of certain calloc calls. - CVE-2010-2431: The cupsFileOpen function allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack. - CVE-2010-2432: The cupsDoAuthentication function in auth.c in the client, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. Vulnerability Impact: Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts likely cause denial of service conditions. Affected Software/OS: CUPS versions prior to 1.4.4. Solution: Update to version 1.4.4 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0542 BugTraq ID: 40943 http://www.securityfocus.com/bid/40943 Debian Security Information: DSA-2176 (Google Search) http://www.debian.org/security/2011/dsa-2176 http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:232 http://www.mandriva.com/security/advisories?name=MDVSA-2010:234 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10365 http://securitytracker.com/id?1024121 http://secunia.com/advisories/43521 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://www.vupen.com/english/advisories/2011/0535 Common Vulnerability Exposure (CVE) ID: CVE-2010-2431 RedHat Security Advisories: RHSA-2010:0811 http://rhn.redhat.com/errata/RHSA-2010-0811.html http://www.vupen.com/english/advisories/2010/2856 Common Vulnerability Exposure (CVE) ID: CVE-2010-2432 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 |
| Copyright | Copyright (C) 2010 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |