Turbolinux Local Security Tests : Turbolinux TLSA-2005-25 (cups)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52841

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2005-25 (cups)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to cups
announced via advisory TLSA-2005-25.

The Common UNIX Printing System provides a portable printing layer for
UNIX operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

Multiple vulnerabilities exist in CUPS:
- A buffer overflow vulnerability in hpgltops's ParseCommand function.
- The lppasswd command can corrupt the CUPS password file.

The vulnerability can allow remote attackers to cause a denial of
service or possibly execute arbitrary code.

An attacker could use lppasswd to corrupt the CUPS password file.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-25

Risk factor : High

CVSS Score:
6.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1267
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
http://tigger.uic.edu/~jlongs2/holes/cups.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620
http://www.redhat.com/support/errata/RHSA-2005-013.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
https://usn.ubuntu.com/50-1/
XForce ISS Database: cups-parsecommand-hpgl-bo(18604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18604
Common Vulnerability Exposure (CVE) ID: CVE-2004-1268
http://tigger.uic.edu/~jlongs2/holes/cups2.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398
XForce ISS Database: cups-lppasswd-passwd-truncate(18606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18606
Common Vulnerability Exposure (CVE) ID: CVE-2004-1269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545
XForce ISS Database: cups-lppasswd-dos(18608)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18608
Common Vulnerability Exposure (CVE) ID: CVE-2004-1270
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507
XForce ISS Database: cups-lppasswd-passwd-modify(18609)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18609

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52841
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-25 (cups)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cups announced via advisory TLSA-2005-25. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. Multiple vulnerabilities exist in CUPS: - A buffer overflow vulnerability in hpgltops's ParseCommand function. - The lppasswd command can corrupt the CUPS password file. The vulnerability can allow remote attackers to cause a denial of service or possibly execute arbitrary code. An attacker could use lppasswd to corrupt the CUPS password file. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-25 Risk factor : High CVSS Score: 6.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1267 http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:008 http://tigger.uic.edu/~jlongs2/holes/cups.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620 http://www.redhat.com/support/errata/RHSA-2005-013.html http://www.redhat.com/support/errata/RHSA-2005-053.html https://usn.ubuntu.com/50-1/ XForce ISS Database: cups-parsecommand-hpgl-bo(18604) https://exchange.xforce.ibmcloud.com/vulnerabilities/18604 Common Vulnerability Exposure (CVE) ID: CVE-2004-1268 http://tigger.uic.edu/~jlongs2/holes/cups2.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398 XForce ISS Database: cups-lppasswd-passwd-truncate(18606) https://exchange.xforce.ibmcloud.com/vulnerabilities/18606 Common Vulnerability Exposure (CVE) ID: CVE-2004-1269 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545 XForce ISS Database: cups-lppasswd-dos(18608) https://exchange.xforce.ibmcloud.com/vulnerabilities/18608 Common Vulnerability Exposure (CVE) ID: CVE-2004-1270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507 XForce ISS Database: cups-lppasswd-passwd-modify(18609) https://exchange.xforce.ibmcloud.com/vulnerabilities/18609
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com