Test ID:	1.3.6.1.4.1.25623.1.0.51444
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:702
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:702. Cups[1] (Common UNIX Printing System) is an open-source, freely available and cross-platform printing solution for UNIX environments. iDefense published[2][3] some time ago several vulnerabilities in Cups researched by zen-parse which are being addressed now. Additionally, a new denial of service vulnerability[12] was discovered by Phil D'Amore of Red Hat and is also being fixed. The vulnerabilities outlined below affect only Conectiva Linux 7.0 and 8 (CL9 is not affected): 1. pdftops integer overflow (CVE-2002-1384)[3][4] 2. Multiple integer overflows (CVE-2002-1383)[5] 3. Race condition (CVE-2002-1366)[6] 4. Arbitrary printer creation and Root Certificate Design Flaw (CVE-2002-1367)[7] 5. Negative Length Memcpy() Calls (CVE-2002-1368)[8] 6. Unsafe Strncat Function Call in jobs.c (CVE-2002-1369)[9] 7. Zero Width Images in filters/image-gif.c (CVE-2002-1371)[10] 8. File Descriptor Resource Leaks (CVE-2002-1372)[11] The vulnerability below affects Conectiva Linux 7.0, 8 and 9: 9. Denial of service vulnerability (CVE-2003-0195)[12] Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:702 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1384 BugTraq ID: 6475 http://www.securityfocus.com/bid/6475 Debian Security Information: DSA-222 (Google Search) http://www.debian.org/security/2003/dsa-222 Debian Security Information: DSA-226 (Google Search) http://www.debian.org/security/2003/dsa-226 Debian Security Information: DSA-232 (Google Search) http://www.debian.org/security/2003/dsa-232 http://marc.info/?l=bugtraq&m=104152282309980&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002 http://www.idefense.com/advisory/12.23.02.txt http://www.redhat.com/support/errata/RHSA-2002-295.html http://www.redhat.com/support/errata/RHSA-2002-307.html http://www.redhat.com/support/errata/RHSA-2003-037.html http://www.redhat.com/support/errata/RHSA-2003-216.html SuSE Security Announcement: SUSE-SA:2003:002 (Google Search) http://www.novell.com/linux/security/advisories/2003_002_cups.html XForce ISS Database: pdftops-integer-overflow(10937) https://exchange.xforce.ibmcloud.com/vulnerabilities/10937 Common Vulnerability Exposure (CVE) ID: CVE-2002-1383 Bugtraq: 20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) (Google Search) http://marc.info/?l=bugtraq&m=104032149026670&w=2 Caldera Security Advisory: CSSA-2003-004.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt http://www.idefense.com/advisory/12.19.02.txt http://secunia.com/advisories/7756/ http://secunia.com/advisories/7794 http://secunia.com/advisories/7803 http://secunia.com/advisories/7843 http://secunia.com/advisories/7858 http://secunia.com/advisories/7907 http://secunia.com/advisories/7913/ http://secunia.com/advisories/8080/ http://secunia.com/advisories/9325/ SuSE Security Announcement: SuSE-SA:2003:002 (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Common Vulnerability Exposure (CVE) ID: CVE-2002-1366 BugTraq ID: 6435 http://www.securityfocus.com/bid/6435 XForce ISS Database: cups-certs-race-condition(10907) https://exchange.xforce.ibmcloud.com/vulnerabilities/10907 Common Vulnerability Exposure (CVE) ID: CVE-2002-1367 BugTraq ID: 6436 http://www.securityfocus.com/bid/6436 Conectiva Linux advisory: CLSA-2003:702 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 XForce ISS Database: cups-udp-add-printers(10908) https://exchange.xforce.ibmcloud.com/vulnerabilities/10908 Common Vulnerability Exposure (CVE) ID: CVE-2002-1368 BugTraq ID: 6437 http://www.securityfocus.com/bid/6437 http://www.mandriva.com/security/advisories?name=MDKSA-2003:001 XForce ISS Database: cups-neg-memcpy-bo(10909) https://exchange.xforce.ibmcloud.com/vulnerabilities/10909 Common Vulnerability Exposure (CVE) ID: CVE-2002-1369 BugTraq ID: 6438 http://www.securityfocus.com/bid/6438 XForce ISS Database: cups-strncat-options-bo(10910) https://exchange.xforce.ibmcloud.com/vulnerabilities/10910 Common Vulnerability Exposure (CVE) ID: CVE-2002-1371 BugTraq ID: 6439 http://www.securityfocus.com/bid/6439 XForce ISS Database: cups-zero-width-images(10911) https://exchange.xforce.ibmcloud.com/vulnerabilities/10911 Common Vulnerability Exposure (CVE) ID: CVE-2002-1372 BugTraq ID: 6440 http://www.securityfocus.com/bid/6440 XForce ISS Database: cups-file-descriptor-dos(10912) https://exchange.xforce.ibmcloud.com/vulnerabilities/10912
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.