ID de Prueba:	1.3.6.1.4.1.25623.1.0.50666
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:001 (cups)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cups announced via advisory MDKSA-2003:001. iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:001 http://www.idefense.com/advisory/12.23.02.txt Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.