Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:1595

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66287

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:1595

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:1595.;;The Common UNIX Printing System (CUPS) provides a portable printing layer;for UNIX operating systems.;;A use-after-free flaw was found in the way CUPS handled references in its;file descriptors-handling interface. A remote attacker could, in a;specially-crafted way, query for the list of current print jobs for a;specific printer, leading to a denial of service (cupsd crash).;(CVE-2009-3553);;Several cross-site scripting (XSS) flaws were found in the way the CUPS web;server interface processed HTML form content. If a remote attacker could;trick a local user who is logged into the CUPS web interface into visiting;a specially-crafted HTML page, the attacker could retrieve and potentially;modify confidential CUPS administration data. (CVE-2009-2820);;Red Hat would like to thank Aaron Sigel of Apple Product Security for;responsibly reporting the CVE-2009-2820 issue.;;Users of cups are advised to upgrade to these updated packages, which;contain backported patches to correct these issues. After installing the;update, the cupsd daemon will be restarted automatically.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1595.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX operating systems.

A use-after-free flaw was found in the way CUPS handled references in its
file descriptors-handling interface. A remote attacker could, in a
specially-crafted way, query for the list of current print jobs for a
specific printer, leading to a denial of service (cupsd crash).
(CVE-2009-3553)

Several cross-site scripting (XSS) flaws were found in the way the CUPS web
server interface processed HTML form content. If a remote attacker could
trick a local user who is logged into the CUPS web interface into visiting
a specially-crafted HTML page, the attacker could retrieve and potentially
modify confidential CUPS administration data. (CVE-2009-2820)

Red Hat would like to thank Aaron Sigel of Apple Product Security for
responsibly reporting the CVE-2009-2820 issue.

Users of cups are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
update, the cupsd daemon will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2820
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
BugTraq ID: 36956
http://www.securityfocus.com/bid/36956
http://www.mandriva.com/security/advisories?name=MDVSA-2010:072
http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9153
http://www.redhat.com/support/errata/RHSA-2009-1595.html
http://secunia.com/advisories/37308
http://secunia.com/advisories/37360
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021115.1-1
http://www.vupen.com/english/advisories/2009/3184
Common Vulnerability Exposure (CVE) ID: CVE-2009-3553
275230
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1
37048
http://www.securityfocus.com/bid/37048
37360
37364
http://secunia.com/advisories/37364
38241
http://secunia.com/advisories/38241
43521
http://secunia.com/advisories/43521
ADV-2010-0173
http://www.vupen.com/english/advisories/2010/0173
ADV-2011-0535
http://www.vupen.com/english/advisories/2011/0535
APPLE-SA-2010-01-19-1
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
DSA-2176
http://www.debian.org/security/2011/dsa-2176
FEDORA-2009-12652
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00332.html
GLSA-201207-10
http://security.gentoo.org/glsa/glsa-201207-10.xml
MDVSA-2010:073
RHSA-2009:1595
USN-906-1
http://www.ubuntu.com/usn/USN-906-1
http://support.apple.com/kb/HT4004
http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs
http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs
http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs
http://www.cups.org/str.php?L3200
https://bugzilla.redhat.com/show_bug.cgi?id=530111
oval:org.mitre.oval:def:11183
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11183

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66287
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1595
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1595.;;The Common UNIX Printing System (CUPS) provides a portable printing layer;for UNIX operating systems.;;A use-after-free flaw was found in the way CUPS handled references in its;file descriptors-handling interface. A remote attacker could, in a;specially-crafted way, query for the list of current print jobs for a;specific printer, leading to a denial of service (cupsd crash).;(CVE-2009-3553);;Several cross-site scripting (XSS) flaws were found in the way the CUPS web;server interface processed HTML form content. If a remote attacker could;trick a local user who is logged into the CUPS web interface into visiting;a specially-crafted HTML page, the attacker could retrieve and potentially;modify confidential CUPS administration data. (CVE-2009-2820);;Red Hat would like to thank Aaron Sigel of Apple Product Security for;responsibly reporting the CVE-2009-2820 issue.;;Users of cups are advised to upgrade to these updated packages, which;contain backported patches to correct these issues. After installing the;update, the cupsd daemon will be restarted automatically.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1595. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially-crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially-crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2820 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 36956 http://www.securityfocus.com/bid/36956 http://www.mandriva.com/security/advisories?name=MDVSA-2010:072 http://www.mandriva.com/security/advisories?name=MDVSA-2010:073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9153 http://www.redhat.com/support/errata/RHSA-2009-1595.html http://secunia.com/advisories/37308 http://secunia.com/advisories/37360 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021115.1-1 http://www.vupen.com/english/advisories/2009/3184 Common Vulnerability Exposure (CVE) ID: CVE-2009-3553 275230 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1 37048 http://www.securityfocus.com/bid/37048 37360 37364 http://secunia.com/advisories/37364 38241 http://secunia.com/advisories/38241 43521 http://secunia.com/advisories/43521 ADV-2010-0173 http://www.vupen.com/english/advisories/2010/0173 ADV-2011-0535 http://www.vupen.com/english/advisories/2011/0535 APPLE-SA-2010-01-19-1 http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html DSA-2176 http://www.debian.org/security/2011/dsa-2176 FEDORA-2009-12652 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00332.html GLSA-201207-10 http://security.gentoo.org/glsa/glsa-201207-10.xml MDVSA-2010:073 RHSA-2009:1595 USN-906-1 http://www.ubuntu.com/usn/USN-906-1 http://support.apple.com/kb/HT4004 http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs http://www.cups.org/str.php?L3200 https://bugzilla.redhat.com/show_bug.cgi?id=530111 oval:org.mitre.oval:def:11183 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11183
Copyright	Copyright (C) 2009 E-Soft Inc.