Test ID:	1.3.6.1.4.1.25623.1.0.50598
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:116 (cups)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cups announced via advisory MDKSA-2004:116. Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CVE-2004-0888) Also, when CUPS debugging is enabled, device URIs containing username and password end up in error_log. This information is also visible via ps. (CVE-2004-0923) The updated packages are patched to protect against these vulnerabilities. Affected versions: 10.0, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0923 http://www.cups.org/str.php?L920 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0888 BugTraq ID: 11501 http://www.securityfocus.com/bid/11501 Conectiva Linux advisory: CLA-2004:886 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 Debian Security Information: DSA-573 (Google Search) http://www.debian.org/security/2004/dsa-573 Debian Security Information: DSA-581 (Google Search) http://www.debian.org/security/2004/dsa-581 Debian Security Information: DSA-599 (Google Search) http://www.debian.org/security/2004/dsa-599 http://marc.info/?l=bugtraq&m=110815379627883&w=2 https://bugzilla.fedora.us/show_bug.cgi?id=2353 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 http://www.redhat.com/support/errata/RHSA-2004-543.html http://www.redhat.com/support/errata/RHSA-2004-592.html http://www.redhat.com/support/errata/RHSA-2005-066.html http://www.redhat.com/support/errata/RHSA-2005-354.html SuSE Security Announcement: SUSE-SA:2004:039 (Google Search) http://marc.info/?l=bugtraq&m=109880927526773&w=2 https://www.ubuntu.com/usn/usn-9-1/ XForce ISS Database: xpdf-pdf-bo(17818) https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 Common Vulnerability Exposure (CVE) ID: CVE-2004-0923 http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html BugTraq ID: 11324 http://www.securityfocus.com/bid/11324 CERT/CC vulnerability note: VU#557062 http://www.kb.cert.org/vuls/id/557062 Computer Incident Advisory Center Bulletin: P-002 http://www.ciac.org/ciac/bulletins/p-002.shtml Debian Security Information: DSA-566 (Google Search) http://www.debian.org/security/2004/dsa-566 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10710 XForce ISS Database: cups-password-disclosure(17593) https://exchange.xforce.ibmcloud.com/vulnerabilities/17593
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.