ID de Prueba:	1.3.6.1.4.1.25623.1.0.51444
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:702
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:702. Cups[1] (Common UNIX Printing System) is an open-source, freely available and cross-platform printing solution for UNIX environments. iDefense published[2][3] some time ago several vulnerabilities in Cups researched by zen-parse which are being addressed now. Additionally, a new denial of service vulnerability[12] was discovered by Phil D'Amore of Red Hat and is also being fixed. The vulnerabilities outlined below affect only Conectiva Linux 7.0 and 8 (CL9 is not affected): 1. pdftops integer overflow (CVE-2002-1384)[3][4] 2. Multiple integer overflows (CVE-2002-1383)[5] 3. Race condition (CVE-2002-1366)[6] 4. Arbitrary printer creation and Root Certificate Design Flaw (CVE-2002-1367)[7] 5. Negative Length Memcpy() Calls (CVE-2002-1368)[8] 6. Unsafe Strncat Function Call in jobs.c (CVE-2002-1369)[9] 7. Zero Width Images in filters/image-gif.c (CVE-2002-1371)[10] 8. File Descriptor Resource Leaks (CVE-2002-1372)[11] The vulnerability below affects Conectiva Linux 7.0, 8 and 9: 9. Denial of service vulnerability (CVE-2003-0195)[12] Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:702 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1384 BugTraq ID: 6475 http://www.securityfocus.com/bid/6475 Debian Security Information: DSA-222 (Google Search) http://www.debian.org/security/2003/dsa-222 Debian Security Information: DSA-226 (Google Search) http://www.debian.org/security/2003/dsa-226 Debian Security Information: DSA-232 (Google Search) http://www.debian.org/security/2003/dsa-232 http://marc.info/?l=bugtraq&m=104152282309980&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002 http://www.idefense.com/advisory/12.23.02.txt http://www.redhat.com/support/errata/RHSA-2002-295.html http://www.redhat.com/support/errata/RHSA-2002-307.html http://www.redhat.com/support/errata/RHSA-2003-037.html http://www.redhat.com/support/errata/RHSA-2003-216.html SuSE Security Announcement: SUSE-SA:2003:002 (Google Search) http://www.novell.com/linux/security/advisories/2003_002_cups.html XForce ISS Database: pdftops-integer-overflow(10937) https://exchange.xforce.ibmcloud.com/vulnerabilities/10937 Common Vulnerability Exposure (CVE) ID: CVE-2002-1383 Bugtraq: 20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) (Google Search) http://marc.info/?l=bugtraq&m=104032149026670&w=2 Caldera Security Advisory: CSSA-2003-004.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt http://www.idefense.com/advisory/12.19.02.txt http://secunia.com/advisories/7756/ http://secunia.com/advisories/7794 http://secunia.com/advisories/7803 http://secunia.com/advisories/7843 http://secunia.com/advisories/7858 http://secunia.com/advisories/7907 http://secunia.com/advisories/7913/ http://secunia.com/advisories/8080/ http://secunia.com/advisories/9325/ SuSE Security Announcement: SuSE-SA:2003:002 (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Common Vulnerability Exposure (CVE) ID: CVE-2002-1366 BugTraq ID: 6435 http://www.securityfocus.com/bid/6435 XForce ISS Database: cups-certs-race-condition(10907) https://exchange.xforce.ibmcloud.com/vulnerabilities/10907 Common Vulnerability Exposure (CVE) ID: CVE-2002-1367 BugTraq ID: 6436 http://www.securityfocus.com/bid/6436 Conectiva Linux advisory: CLSA-2003:702 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 XForce ISS Database: cups-udp-add-printers(10908) https://exchange.xforce.ibmcloud.com/vulnerabilities/10908 Common Vulnerability Exposure (CVE) ID: CVE-2002-1368 BugTraq ID: 6437 http://www.securityfocus.com/bid/6437 http://www.mandriva.com/security/advisories?name=MDKSA-2003:001 XForce ISS Database: cups-neg-memcpy-bo(10909) https://exchange.xforce.ibmcloud.com/vulnerabilities/10909 Common Vulnerability Exposure (CVE) ID: CVE-2002-1369 BugTraq ID: 6438 http://www.securityfocus.com/bid/6438 XForce ISS Database: cups-strncat-options-bo(10910) https://exchange.xforce.ibmcloud.com/vulnerabilities/10910 Common Vulnerability Exposure (CVE) ID: CVE-2002-1371 BugTraq ID: 6439 http://www.securityfocus.com/bid/6439 XForce ISS Database: cups-zero-width-images(10911) https://exchange.xforce.ibmcloud.com/vulnerabilities/10911 Common Vulnerability Exposure (CVE) ID: CVE-2002-1372 BugTraq ID: 6440 http://www.securityfocus.com/bid/6440 XForce ISS Database: cups-file-descriptor-dos(10912) https://exchange.xforce.ibmcloud.com/vulnerabilities/10912
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.