Test ID:	1.3.6.1.4.1.25623.1.0.51474
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:769
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:769. SANE (Scanner Access Now Easy) is an interface to both local and networked scanners and other image acquisition devices. The sane package contains several scanner drivers, utilities and saned, a application that allows the sharing of scanners across a network. This update fixes several vulnerabilities in the sane package: - Remote vulnerabilities in saned. These vulnerabilities can be exploited by remote attackers to cause a denial of service or even execute arbitrary code with the privileges of the user running saned (which is usually root). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned[1,2,3,4,5,6] the names CVE-2003-0773, CVE-2003-0774, CVE-2003-0775, CVE-2003-0776, CVE-2003-0777 and CVE-2003-0778 to these issues. - Temporary file handling vulnerabilities (does not affect Conectiva Linux 9). In several sane backends (drivers), temporary files are created in an unsafe manner. A local attacker can exploit these vulnerabilities to overwrite arbitrary system or user files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2001-0890[7] to this issue. The Conectiva Linux 9 package (sane-1.0.9) also includes fixes for a bug[8] in the plustek driver which may cause hardware damage in EPSON 1260 scanners (previous versions do not contain the driver). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0890 http://www.gjaeger.de/scanner/plustek.html#epson http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:769 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0773 BugTraq ID: 8593 http://www.securityfocus.com/bid/8593 BugTraq ID: 8595 http://www.securityfocus.com/bid/8595 Debian Security Information: DSA-379 (Google Search) http://www.debian.org/security/2003/dsa-379 http://www.mandriva.com/security/advisories?name=MDKSA-2003:099 http://www.redhat.com/support/errata/RHSA-2003-278.html http://www.redhat.com/support/errata/RHSA-2003-285.html SCO Security Bulletin: CSSA-2004-005.0 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt SuSE Security Announcement: SuSE-SA:2003:046 (Google Search) http://www.novell.com/linux/security/advisories/2003_046_sane.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0774 Common Vulnerability Exposure (CVE) ID: CVE-2003-0775 BugTraq ID: 8600 http://www.securityfocus.com/bid/8600 Common Vulnerability Exposure (CVE) ID: CVE-2003-0776 Common Vulnerability Exposure (CVE) ID: CVE-2003-0777 BugTraq ID: 8597 http://www.securityfocus.com/bid/8597 Common Vulnerability Exposure (CVE) ID: CVE-2003-0778 BugTraq ID: 8596 http://www.securityfocus.com/bid/8596 Common Vulnerability Exposure (CVE) ID: CVE-2001-0890 BugTraq ID: 3987 http://www.securityfocus.com/bid/3987 RedHat Security Advisories: RHSA-2001:171 http://rhn.redhat.com/errata/RHSA-2001-171.html http://www.iss.net/security_center/static/7714.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.