Test ID:	1.3.6.1.4.1.25623.1.0.69111
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2176-1)
Summary:	The remote host is missing an update for the Debian 'cups' package(s) announced via the DSA-2176-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'cups' package(s) announced via the DSA-2176-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. Affected Software/OS: 'cups' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5183 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 32419 http://www.securityfocus.com/bid/32419 Debian Security Information: DSA-2176 (Google Search) http://www.debian.org/security/2011/dsa-2176 https://www.exploit-db.com/exploits/7150 http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 http://lab.gnucitizen.org/projects/cups-0day http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ http://www.openwall.com/lists/oss-security/2008/11/19/3 http://www.openwall.com/lists/oss-security/2008/11/19/4 http://www.openwall.com/lists/oss-security/2008/11/20/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 http://www.redhat.com/support/errata/RHSA-2008-1029.html http://www.securitytracker.com/id?1021396 http://secunia.com/advisories/33937 http://secunia.com/advisories/43521 SuSE Security Announcement: SUSE-SR:2008:026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://www.vupen.com/english/advisories/2009/0422 http://www.vupen.com/english/advisories/2011/0535 XForce ISS Database: cups-rss-dos(46684) https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 Common Vulnerability Exposure (CVE) ID: CVE-2009-3553 275230 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1 37048 http://www.securityfocus.com/bid/37048 37360 http://secunia.com/advisories/37360 37364 http://secunia.com/advisories/37364 38241 http://secunia.com/advisories/38241 43521 ADV-2010-0173 http://www.vupen.com/english/advisories/2010/0173 ADV-2011-0535 APPLE-SA-2010-01-19-1 http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html DSA-2176 FEDORA-2009-12652 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00332.html GLSA-201207-10 http://security.gentoo.org/glsa/glsa-201207-10.xml MDVSA-2010:073 http://www.mandriva.com/security/advisories?name=MDVSA-2010:073 RHSA-2009:1595 http://www.redhat.com/support/errata/RHSA-2009-1595.html USN-906-1 http://www.ubuntu.com/usn/USN-906-1 http://support.apple.com/kb/HT4004 http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs http://www.cups.org/str.php?L3200 https://bugzilla.redhat.com/show_bug.cgi?id=530111 oval:org.mitre.oval:def:11183 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11183 Common Vulnerability Exposure (CVE) ID: CVE-2010-0540 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 http://www.mandriva.com/security/advisories?name=MDVSA-2010:232 http://www.mandriva.com/security/advisories?name=MDVSA-2010:233 http://www.mandriva.com/security/advisories?name=MDVSA-2010:234 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382 http://www.securitytracker.com/id?1024122 http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2010-0542 BugTraq ID: 40943 http://www.securityfocus.com/bid/40943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10365 http://securitytracker.com/id?1024121 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2010-1748 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9723 Common Vulnerability Exposure (CVE) ID: CVE-2010-2431 RedHat Security Advisories: RHSA-2010:0811 http://rhn.redhat.com/errata/RHSA-2010-0811.html http://www.vupen.com/english/advisories/2010/2856 Common Vulnerability Exposure (CVE) ID: CVE-2010-2432 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 Common Vulnerability Exposure (CVE) ID: CVE-2010-2941 1024662 http://securitytracker.com/id?1024662 42287 http://secunia.com/advisories/42287 42867 http://secunia.com/advisories/42867 44530 http://www.securityfocus.com/bid/44530 68951 http://www.osvdb.org/68951 ADV-2010-2856 ADV-2010-3042 http://www.vupen.com/english/advisories/2010/3042 ADV-2010-3088 http://www.vupen.com/english/advisories/2010/3088 ADV-2011-0061 http://www.vupen.com/english/advisories/2011/0061 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html FEDORA-2010-17615 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html FEDORA-2010-17627 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html FEDORA-2010-17641 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html MDVSA-2010:232 MDVSA-2010:233 MDVSA-2010:234 RHSA-2010:0811 RHSA-2010:0866 http://www.redhat.com/support/errata/RHSA-2010-0866.html SSA:2010-333-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323 SUSE-SR:2010:023 USN-1012-1 http://www.ubuntu.com/usn/USN-1012-1 cups-cupsd-code-execution(62882) https://exchange.xforce.ibmcloud.com/vulnerabilities/62882 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=624438
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.