FreeBSD Local Security Checks : FreeBSD Ports: cups-base

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.61957
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: cups-base
Summary:	FreeBSD Ports: cups-base
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: cups-base CVE-2008-1722 Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. CVE-2008-5184 The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. Solution: Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/30190 http://www.cups.org/str.php?L2974 http://www.vuxml.org/freebsd/87106b67-be13-11dd-a578-0030843d3802.html
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1722 Debian Security Information: DSA-1625 (Google Search) http://www.debian.org/security/2008/dsa-1625 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00081.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00068.html http://www.gentoo.org/security/en/glsa/glsa-200804-23.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:170 RedHat Security Advisories: RHSA-2008:0498 https://rhn.redhat.com/errata/RHSA-2008-0498.html SuSE Security Announcement: SUSE-SR:2008:013 (Google Search) http://www.novell.com/linux/security/advisories/2008_13_sr.html http://www.ubuntu.com/usn/usn-606-1 http://www.ubuntulinux.org/support/documentation/usn/usn-656-1 CERT/CC vulnerability note: VU#218395 http://www.kb.cert.org/vuls/id/218395 BugTraq ID: 28781 http://www.securityfocus.com/bid/28781 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8768 http://www.vupen.com/english/advisories/2008/1226/references http://www.osvdb.org/44398 http://www.securitytracker.com/id?1019854 http://secunia.com/advisories/29809 http://secunia.com/advisories/29902 http://secunia.com/advisories/30078 http://secunia.com/advisories/30553 http://secunia.com/advisories/30717 http://secunia.com/advisories/31324 http://secunia.com/advisories/32292 http://secunia.com/advisories/30190 XForce ISS Database: cups-imagepng-imagezoom-bo(41832) http://xforce.iss.net/xforce/xfdb/41832 Common Vulnerability Exposure (CVE) ID: CVE-2008-5184 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ http://www.openwall.com/lists/oss-security/2008/11/19/3 http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 SuSE Security Announcement: SUSE-SR:2008:026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com