Test ID:	1.3.6.1.4.1.25623.1.0.60405
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:050 (cups)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cups announced via advisory MDVSA-2008:050. Dave Camp at Critical Path Software discovered a buffer overflow in CUPS 1.1.23 and earlier could allow local admin users to execute arbitrary code via a crafted URI to the CUPS service (CVE-2007-5848). The Red Hat Security Team also found two flaws in CUPS 1.1.x where a malicious user on the local subnet could send a set of carefully crafted IPP packets to the UDP port in such a way as to cause CUPS to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash (CVE-2008-0596). Finally, another flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash (CVE-2008-0882). The updated packages have been patched to correct these issues. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:050 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5848 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html BugTraq ID: 26910 http://www.securityfocus.com/bid/26910 Bugtraq: 20080105 rPSA-2008-0008-1 cups (Google Search) http://www.securityfocus.com/archive/1/485829/100/0/threaded Cert/CC Advisory: TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:050 http://secunia.com/advisories/28136 http://secunia.com/advisories/28344 http://secunia.com/advisories/28441 http://secunia.com/advisories/28636 SuSE Security Announcement: SUSE-SA:2008:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html SuSE Security Announcement: SUSE-SR:2008:002 (Google Search) http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.vupen.com/english/advisories/2007/4238 XForce ISS Database: macos-cups-bo(39096) https://exchange.xforce.ibmcloud.com/vulnerabilities/39096 Common Vulnerability Exposure (CVE) ID: CVE-2008-0597 1019497 http://www.securitytracker.com/id?1019497 20080229 rPSA-2008-0091-1 cups http://www.securityfocus.com/archive/1/488966/100/0/threaded 27988 http://www.securityfocus.com/bid/27988 29087 http://secunia.com/advisories/29087 29189 http://secunia.com/advisories/29189 29251 http://secunia.com/advisories/29251 MDVSA-2008:050 RHSA-2008:0153 http://www.redhat.com/support/errata/RHSA-2008-0153.html RHSA-2008:0161 http://www.redhat.com/support/errata/RHSA-2008-0161.html SUSE-SA:2008:012 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html cups-ippbrowse-useafterfree-dos(40845) https://exchange.xforce.ibmcloud.com/vulnerabilities/40845 http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm http://wiki.rpath.com/Advisories:rPSA-2008-0091 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091 https://issues.rpath.com/browse/RPL-2283 oval:org.mitre.oval:def:9492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492 Common Vulnerability Exposure (CVE) ID: CVE-2008-0596 29420 http://secunia.com/advisories/29420 ADV-2008-0924 http://www.vupen.com/english/advisories/2008/0924/references APPLE-SA-2008-03-18 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html cups-ippbrowse-memoryleak-dos(40842) https://exchange.xforce.ibmcloud.com/vulnerabilities/40842 http://docs.info.apple.com/article.html?artnum=307562 oval:org.mitre.oval:def:10857 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10857 Common Vulnerability Exposure (CVE) ID: CVE-2008-0882 BugTraq ID: 27906 http://www.securityfocus.com/bid/27906 Debian Security Information: DSA-1530 (Google Search) http://www.debian.org/security/2008/dsa-1530 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00792.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00832.html http://security.gentoo.org/glsa/glsa-200804-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9625 http://www.redhat.com/support/errata/RHSA-2008-0157.html http://www.securitytracker.com/id?1019473 http://secunia.com/advisories/28994 http://secunia.com/advisories/29067 http://secunia.com/advisories/29120 http://secunia.com/advisories/29132 http://secunia.com/advisories/29485 http://secunia.com/advisories/29603 http://secunia.com/advisories/29634 SuSE Security Announcement: SUSE-SA:2008:012 (Google Search) http://www.ubuntu.com/usn/usn-598-1 http://www.vupen.com/english/advisories/2008/0623 Common Vulnerability Exposure (CVE) ID: CVE-2008-0886
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.