Test ID:	1.3.6.1.4.1.25623.1.0.59234
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1407-1)
Summary:	The remote host is missing an update for the Debian 'cupsys' package(s) announced via the DSA-1407-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'cupsys' package(s) announced via the DSA-1407-1 advisory. Vulnerability Insight: Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code. The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution. For the stable distribution (etch), this problem has been fixed in version 1.2.7-4etch1. Updated packages for the arm architecture will be provided later. We recommend that you upgrade your cupsys packages. Affected Software/OS: 'cupsys' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4351 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html BugTraq ID: 26268 http://www.securityfocus.com/bid/26268 Cert/CC Advisory: TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html CERT/CC vulnerability note: VU#446897 http://www.kb.cert.org/vuls/id/446897 Cisco Security Advisory: 20080625 Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability http://www.cisco.com/en/US/products/products_security_response09186a00809a1f11.html Debian Security Information: DSA-1407 (Google Search) http://www.debian.org/security/2007/dsa-1407 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00012.html http://security.gentoo.org/glsa/glsa-200711-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:204 http://secunia.com/secunia_research/2007-76/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10604 http://www.redhat.com/support/errata/RHSA-2007-1020.html http://www.redhat.com/support/errata/RHSA-2007-1022.html http://www.redhat.com/support/errata/RHSA-2007-1023.html http://www.securitytracker.com/id?1018879 http://secunia.com/advisories/27233 http://secunia.com/advisories/27410 http://secunia.com/advisories/27445 http://secunia.com/advisories/27447 http://secunia.com/advisories/27474 http://secunia.com/advisories/27494 http://secunia.com/advisories/27499 http://secunia.com/advisories/27540 http://secunia.com/advisories/27577 http://secunia.com/advisories/27604 http://secunia.com/advisories/27712 http://secunia.com/advisories/28136 http://secunia.com/advisories/30847 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.501902 SuSE Security Announcement: SUSE-SA:2007:058 (Google Search) http://www.novell.com/linux/security/advisories/2007_58_cups.html https://usn.ubuntu.com/539-1/ http://www.vupen.com/english/advisories/2007/3681 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2008/1934/references XForce ISS Database: cups-ippreadio-bo(38190) https://exchange.xforce.ibmcloud.com/vulnerabilities/38190
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.