Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0033)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0033

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0033)

Resumen: The remote host is missing an update for the 'hplip' package(s) announced via the MGASA-2014-0033 advisory.

Descripción: Summary:
The remote host is missing an update for the 'hplip' package(s) announced via the MGASA-2014-0033 advisory.

Vulnerability Insight:
It was discovered that the HPLIP Polkit daemon incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files. (CVE-2013-6402)

It was discovered that HPLIP contained an upgrade tool that would download
code in an unsafe fashion. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to execute arbitrary
code. (CVE-2013-6427)

Additionally, this update should fix issues regarding wireless connection
to printer hplip after 3.12.9 and prior to version 3.12.11 had issues with
setting up wireless connection to printers due to internal code changes
which had not been applied consistently.

Affected Software/OS:
'hplip' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-6402
DSA-2829
http://www.debian.org/security/2013/dsa-2829
USN-2085-1
http://www.ubuntu.com/usn/USN-2085-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
https://bugzilla.novell.com/show_bug.cgi?id=852368
https://security-tracker.debian.org/tracker/CVE-2013-6402
openSUSE-SU-2014:0127
http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html
openSUSE-SU-2014:0146
http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-6427
[oss-security] 20131204 Re: CVE needed for hplip insecure auto update feature?
http://openwall.com/lists/oss-security/2013/12/05/2
https://bugzilla.novell.com/show_bug.cgi?id=853405

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0033
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0033)
Resumen:	The remote host is missing an update for the 'hplip' package(s) announced via the MGASA-2014-0033 advisory.
Descripción:	Summary: The remote host is missing an update for the 'hplip' package(s) announced via the MGASA-2014-0033 advisory. Vulnerability Insight: It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. (CVE-2013-6402) It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code. (CVE-2013-6427) Additionally, this update should fix issues regarding wireless connection to printer hplip after 3.12.9 and prior to version 3.12.11 had issues with setting up wireless connection to printers due to internal code changes which had not been applied consistently. Affected Software/OS: 'hplip' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6402 DSA-2829 http://www.debian.org/security/2013/dsa-2829 USN-2085-1 http://www.ubuntu.com/usn/USN-2085-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876 https://bugzilla.novell.com/show_bug.cgi?id=852368 https://security-tracker.debian.org/tracker/CVE-2013-6402 openSUSE-SU-2014:0127 http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html openSUSE-SU-2014:0146 http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6427 [oss-security] 20131204 Re: CVE needed for hplip insecure auto update feature? http://openwall.com/lists/oss-security/2013/12/05/2 https://bugzilla.novell.com/show_bug.cgi?id=853405
Copyright	Copyright (C) 2022 Greenbone AG