Test ID:	1.3.6.1.4.1.25623.1.0.62930
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:1016
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:1016. GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Two buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the special escapes option (-e or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306) All users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-1016.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3863 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 31858 http://www.securityfocus.com/bid/31858 Bugtraq: 20081022 Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/497647/100/0/threaded Bugtraq: 20081117 rPSA-2008-0321-1 enscript (Google Search) http://www.securityfocus.com/archive/1/498385/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1670 (Google Search) http://www.debian.org/security/2008/dsa-1670 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html http://security.gentoo.org/glsa/glsa-200812-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:243 http://secunia.com/secunia_research/2008-41/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9939 http://www.redhat.com/support/errata/RHSA-2008-1016.html RedHat Security Advisories: RHSA-2008:1021 http://rhn.redhat.com/errata/RHSA-2008-1021.html http://secunia.com/advisories/32137 http://secunia.com/advisories/32521 http://secunia.com/advisories/32530 http://secunia.com/advisories/32753 http://secunia.com/advisories/32854 http://secunia.com/advisories/32970 http://secunia.com/advisories/33109 http://secunia.com/advisories/35074 http://securityreason.com/securityalert/4488 SuSE Security Announcement: SUSE-SR:2008:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://www.ubuntu.com/usn/usn-660-1 http://www.vupen.com/english/advisories/2008/2891 http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: gnuenscript-readspecialescape-bo(46026) https://exchange.xforce.ibmcloud.com/vulnerabilities/46026 Common Vulnerability Exposure (CVE) ID: CVE-2008-4306 20081117 rPSA-2008-0321-1 enscript 32521 32530 32753 32854 32970 33109 49569 http://osvdb.org/49569 DSA-1670 FEDORA-2008-9351 FEDORA-2008-9372 GLSA-200812-02 MDVSA-2008:243 RHSA-2008:1016 RHSA-2008:1021 SUSE-SR:2008:024 USN-660-1 http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321 https://issues.rpath.com/browse/RPL-2887 oval:org.mitre.oval:def:10718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10718
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.