Test ID:	1.3.6.1.4.1.25623.1.0.50927
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:008 (cups)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cups announced via advisory MDKSA-2005:008. A buffer overflow was discovered in the ParseCommand function in the hpgltops utility. An attacker with the ability to send malicious HPGL files to a printer could possibly execute arbitrary code as the lp user (CVE-2004-1267). Vulnerabilities in the lppasswd utility were also discovered. The program ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS passwd file or prevent future use of lppasswd (CVE-2004-1268 and CVE-2004-1269). As well, lppasswd does not verify that the passwd.new file is different from STDERR, which could allow a local user to control output to passwd.new via certain user input that could trigger an error message (CVE-2004-1270). The updated packages have been patched to prevent these problems. Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Corporate Server 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1270 Risk factor : High CVSS Score: 6.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1267 http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:008 http://tigger.uic.edu/~jlongs2/holes/cups.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620 http://www.redhat.com/support/errata/RHSA-2005-013.html http://www.redhat.com/support/errata/RHSA-2005-053.html https://usn.ubuntu.com/50-1/ XForce ISS Database: cups-parsecommand-hpgl-bo(18604) https://exchange.xforce.ibmcloud.com/vulnerabilities/18604 Common Vulnerability Exposure (CVE) ID: CVE-2004-1268 http://tigger.uic.edu/~jlongs2/holes/cups2.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398 XForce ISS Database: cups-lppasswd-passwd-truncate(18606) https://exchange.xforce.ibmcloud.com/vulnerabilities/18606 Common Vulnerability Exposure (CVE) ID: CVE-2004-1269 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545 XForce ISS Database: cups-lppasswd-dos(18608) https://exchange.xforce.ibmcloud.com/vulnerabilities/18608 Common Vulnerability Exposure (CVE) ID: CVE-2004-1270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507 XForce ISS Database: cups-lppasswd-passwd-modify(18609) https://exchange.xforce.ibmcloud.com/vulnerabilities/18609
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.