 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50410 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 2 FEDORA-2004-303 (foomatic) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to foomatic announced via advisory FEDORA-2004-303. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. It contains utilities to generate driver description files and printer queues for CUPS, LPD, LPRng, and PDQ using the database. There is also the possibility to read the PJL options out of PJL-capable laser printers and take them into account at the driver description file generation. There are spooler-independent command line interfaces to manipulate queues (foomatic-configure) and to print files/manipulate jobs (foomatic printjob). The site http://www.linuxprinting.org/ is based on this database. Update Information: Sebastian Krahmer reported a bug in the cupsomatic and foomatic-rip print filters, used by the CUPS print spooler. An attacker who has printing access could send a carefully named file to the print server causing arbitrary commands to be executed as root. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0801 to this issue. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ cab9692a6b2b0161f73b1b9039c6f491 SRPMS/foomatic-3.0.1-3.1.src.rpm 46227411cf108d7436169f198514aca0 x86_64/foomatic-3.0.1-3.1.x86_64.rpm ea451e8bd0b25fbcd5d22faad369a4fb x86_64/debug/foomatic-debuginfo-3.0.1-3.1.x86_64.rpm 571e627239ed4bb5c53d7298f54a56de i386/foomatic-3.0.1-3.1.i386.rpm 7eac2a20ce6fd91a7be07c9b797d3fc6 i386/debug/foomatic-debuginfo-3.0.1-3.1.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-303.shtml Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0801 BugTraq ID: 11184 http://www.securityfocus.com/bid/11184 Conectiva Linux advisory: CLA-2004:880 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000880 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:094 SCO Security Bulletin: SCOSA-2005.12 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt http://secunia.com/advisories/12557/ http://secunia.com/advisories/20312 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1 SuSE Security Announcement: SUSE-SA:2004:031 (Google Search) http://www.novell.com/linux/security/advisories/2004_31_cups.html SuSE Security Announcement: SUSE-SA:2006:026 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-May/0007.html http://www.trustix.net/errata/2004/0047/ XForce ISS Database: foomatic-command-execution(17388) https://exchange.xforce.ibmcloud.com/vulnerabilities/17388 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |