Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.60731
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2008:0192
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0192.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

A heap buffer overflow flaw was found in a CUPS administration interface
CGI script. A local attacker able to connect to the IPP port (TCP port 631)
could send a malicious request causing the script to crash or, potentially,
execute arbitrary code as the lp user. Please note: the default CUPS
configuration in Red Hat Enterprise Linux 5 does not allow remote
connections to the IPP TCP port. (CVE-2008-0047)

Red Hat would like to thank regenrecht for reporting this issue.

This issue did not affect the versions of CUPS as shipped with Red Hat
Enterprise Linux 3 or 4.

Two overflows were discovered in the HP-GL/2-to-PostScript filter. An
attacker could create a malicious HP-GL/2 file that could possibly execute
arbitrary code as the lp user if the file is printed. (CVE-2008-0053)

A buffer overflow flaw was discovered in the GIF decoding routines used by
CUPS image converting filters imagetops and imagetoraster. An attacker
could create a malicious GIF file that could possibly execute arbitrary
code as the lp user if the file was printed. (CVE-2008-1373)

All cups users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0192.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-0047
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 28307
http://www.securityfocus.com/bid/28307
Cert/CC Advisory: TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Debian Security Information: DSA-1530 (Google Search)
http://www.debian.org/security/2008/dsa-1530
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html
http://security.gentoo.org/glsa/glsa-200804-01.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674
http://www.mandriva.com/security/advisories?name=MDVSA-2008:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10085
http://www.redhat.com/support/errata/RHSA-2008-0192.html
http://www.securitytracker.com/id?1019646
http://secunia.com/advisories/29420
http://secunia.com/advisories/29431
http://secunia.com/advisories/29448
http://secunia.com/advisories/29485
http://secunia.com/advisories/29573
http://secunia.com/advisories/29603
http://secunia.com/advisories/29634
http://secunia.com/advisories/29655
http://secunia.com/advisories/29750
SuSE Security Announcement: SUSE-SA:2008:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html
http://www.ubuntu.com/usn/usn-598-1
http://www.vupen.com/english/advisories/2008/0921/references
http://www.vupen.com/english/advisories/2008/0924/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-0053
BugTraq ID: 28304
http://www.securityfocus.com/bid/28304
BugTraq ID: 28334
http://www.securityfocus.com/bid/28334
Debian Security Information: DSA-1625 (Google Search)
http://www.debian.org/security/2008/dsa-1625
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10356
http://www.redhat.com/support/errata/RHSA-2008-0206.html
http://www.securitytracker.com/id?1019672
http://secunia.com/advisories/29630
http://secunia.com/advisories/29659
http://secunia.com/advisories/31324
SuSE Security Announcement: SUSE-SA:2008:020 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html
XForce ISS Database: macos-cups-inputvalidation-unspecified(41272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41272
Common Vulnerability Exposure (CVE) ID: CVE-2008-1373
BugTraq ID: 28544
http://www.securityfocus.com/bid/28544
Bugtraq: 20080404 rPSA-2008-0136-1 cups (Google Search)
http://www.securityfocus.com/archive/1/490486/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11479
http://www.securitytracker.com/id?1019739
http://secunia.com/advisories/29661
http://www.vupen.com/english/advisories/2008/1059/references
XForce ISS Database: cups-gifreadlzw-bo(41587)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41587
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.