English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 132216 Descripciones CVE y
69390 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.60678
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-598-1 (cupsys)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to cupsys
announced via advisory USN-598-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

It was discovered that the CUPS administration interface contained a heap-
based overflow flaw. A local attacker, and a remote attacker if printer
sharing is enabled, could send a malicious request and possibly execute
arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04.
In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
(CVE-2008-0047)

It was discovered that the hpgl filter in CUPS did not properly validate
its input when parsing parameters. If a crafted HP-GL/2 file were printed,
an attacker could possibly execute arbitrary code as the non-root user
in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be
isolated by the AppArmor CUPS profile. (CVE-2008-0053)

It was discovered that CUPS had a flaw in its managing of remote shared
printers via IPP. A remote attacker could send a crafted UDP packet and
cause a denial of service or possibly execute arbitrary code as the
non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10,
attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0882)

It was discovered that CUPS did not properly perform bounds checking in
its GIF decoding routines. If a crafted GIF file were printed, an attacker
could possibly execute arbitrary code as the non-root user in Ubuntu 6.06
LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the
AppArmor CUPS profile. (CVE-2008-1373)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.8

Ubuntu 6.10:
cupsys 1.2.4-2ubuntu3.3

Ubuntu 7.04:
cupsys 1.2.8-0ubuntu8.3

Ubuntu 7.10:
cupsys 1.3.2-1ubuntu7.6

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-598-1

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-0047
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Debian Security Information: DSA-1530 (Google Search)
http://www.debian.org/security/2008/dsa-1530
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html
http://security.gentoo.org/glsa/glsa-200804-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:081
http://www.redhat.com/support/errata/RHSA-2008-0192.html
SuSE Security Announcement: SUSE-SA:2008:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html
http://www.ubuntu.com/usn/usn-598-1
Cert/CC Advisory: TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
BugTraq ID: 28307
http://www.securityfocus.com/bid/28307
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10085
http://www.vupen.com/english/advisories/2008/0921/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.securitytracker.com/id?1019646
http://secunia.com/advisories/29431
http://secunia.com/advisories/29448
http://secunia.com/advisories/29420
http://secunia.com/advisories/29485
http://secunia.com/advisories/29634
http://secunia.com/advisories/29573
http://secunia.com/advisories/29603
http://secunia.com/advisories/29655
http://secunia.com/advisories/29750
Common Vulnerability Exposure (CVE) ID: CVE-2008-0053
Debian Security Information: DSA-1625 (Google Search)
http://www.debian.org/security/2008/dsa-1625
http://www.redhat.com/support/errata/RHSA-2008-0206.html
SuSE Security Announcement: SUSE-SA:2008:020 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html
BugTraq ID: 28334
http://www.securityfocus.com/bid/28334
BugTraq ID: 28304
http://www.securityfocus.com/bid/28304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10356
http://www.securitytracker.com/id?1019672
http://secunia.com/advisories/29630
http://secunia.com/advisories/29659
http://secunia.com/advisories/31324
XForce ISS Database: macos-cups-inputvalidation-unspecified(41272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41272
Common Vulnerability Exposure (CVE) ID: CVE-2008-0882
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00792.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00832.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
http://www.mandriva.com/security/advisories?name=MDVSA-2008:051
http://www.redhat.com/support/errata/RHSA-2008-0157.html
SuSE Security Announcement: SUSE-SA:2008:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
BugTraq ID: 27906
http://www.securityfocus.com/bid/27906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9625
http://www.vupen.com/english/advisories/2008/0623
http://www.securitytracker.com/id?1019473
http://secunia.com/advisories/28994
http://secunia.com/advisories/29067
http://secunia.com/advisories/29120
http://secunia.com/advisories/29132
http://secunia.com/advisories/29251
Common Vulnerability Exposure (CVE) ID: CVE-2008-1373
Bugtraq: 20080404 rPSA-2008-0136-1 cups (Google Search)
http://www.securityfocus.com/archive/1/archive/1/490486/100/0/threaded
BugTraq ID: 28544
http://www.securityfocus.com/bid/28544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11479
http://www.vupen.com/english/advisories/2008/1059/references
http://www.securitytracker.com/id?1019739
http://secunia.com/advisories/29661
XForce ISS Database: cups-gifreadlzw-bo(41587)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41587
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 69390 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2018 E-Soft Inc. Todos los derechos reservados.