Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:1110

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70026

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:1110

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:1110.

Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. The package also includes
spooler-independent command line interfaces to manipulate queues and to
print files and manipulate print jobs. foomatic-rip is a print filter
written in C.

An input sanitization flaw was found in the foomatic-rip print filter. An
attacker could submit a print job with the username, title, or job options
set to appear as a command line option that caused the filter to use a
specified PostScript printer description (PPD) file, rather than the
administrator-set one. This could lead to arbitrary code execution with the
privileges of the lp user. (CVE-2011-2964)

All foomatic users should upgrade to this updated package, which contains
a backported patch to resolve this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1110.html

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2964
http://security.gentoo.org/glsa/glsa-201203-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:125
http://www.openwall.com/lists/oss-security/2011/07/13/3
http://www.openwall.com/lists/oss-security/2011/07/18/3
http://www.openwall.com/lists/oss-security/2011/07/28/1
http://www.redhat.com/support/errata/RHSA-2011-1110.html
http://secunia.com/advisories/45477
http://www.ubuntu.com/usn/USN-1194-1
XForce ISS Database: foomatic-foomatic-code-execution(68994)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68994

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70026
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:1110
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:1110. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in C. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the lp user. (CVE-2011-2964) All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1110.html Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2964 http://security.gentoo.org/glsa/glsa-201203-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:125 http://www.openwall.com/lists/oss-security/2011/07/13/3 http://www.openwall.com/lists/oss-security/2011/07/18/3 http://www.openwall.com/lists/oss-security/2011/07/28/1 http://www.redhat.com/support/errata/RHSA-2011-1110.html http://secunia.com/advisories/45477 http://www.ubuntu.com/usn/USN-1194-1 XForce ISS Database: foomatic-foomatic-code-execution(68994) https://exchange.xforce.ibmcloud.com/vulnerabilities/68994
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com