Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:880

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51373

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:880

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:880.

Foomatic[1] is a compreensive, spooler-independent database of
printers, printer drivers and driver descriptions.

The foomatic-rip filter in foomatic-filters contains a
vulnerability[2][3] caused by insufficient checking of command-line
parameters and environment variables which may allow arbitrary remote
command execution on the print server with the permissions of the
spooler user (lp).

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.linuxprinting.org/foomatic.html
http://www.linuxprinting.org/pipermail/foomatic-devel/2004q3/001996.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0801
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:880
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0801
BugTraq ID: 11184
http://www.securityfocus.com/bid/11184
Conectiva Linux advisory: CLA-2004:880
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000880
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:094
SCO Security Bulletin: SCOSA-2005.12
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt
http://secunia.com/advisories/12557/
http://secunia.com/advisories/20312
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1
SuSE Security Announcement: SUSE-SA:2004:031 (Google Search)
http://www.novell.com/linux/security/advisories/2004_31_cups.html
SuSE Security Announcement: SUSE-SA:2006:026 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-May/0007.html
http://www.trustix.net/errata/2004/0047/
XForce ISS Database: foomatic-command-execution(17388)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17388

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51373
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:880
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:880. Foomatic[1] is a compreensive, spooler-independent database of printers, printer drivers and driver descriptions. The foomatic-rip filter in foomatic-filters contains a vulnerability[2][3] caused by insufficient checking of command-line parameters and environment variables which may allow arbitrary remote command execution on the print server with the permissions of the spooler user (lp). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.linuxprinting.org/foomatic.html http://www.linuxprinting.org/pipermail/foomatic-devel/2004q3/001996.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0801 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:880 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0801 BugTraq ID: 11184 http://www.securityfocus.com/bid/11184 Conectiva Linux advisory: CLA-2004:880 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000880 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:094 SCO Security Bulletin: SCOSA-2005.12 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt http://secunia.com/advisories/12557/ http://secunia.com/advisories/20312 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1 SuSE Security Announcement: SUSE-SA:2004:031 (Google Search) http://www.novell.com/linux/security/advisories/2004_31_cups.html SuSE Security Announcement: SUSE-SA:2006:026 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-May/0007.html http://www.trustix.net/errata/2004/0047/ XForce ISS Database: foomatic-command-execution(17388) https://exchange.xforce.ibmcloud.com/vulnerabilities/17388
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com