Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871259
Category:Red Hat Local Security Checks
Title:RedHat Update for cups RHSA-2014:1388-02
Summary:The remote host is missing an update for the 'cups'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'cups'
package(s) announced via the referenced advisory.

Vulnerability Insight:
CUPS provides a portable printing layer for Linux, UNIX, and similar
operating systems.

A cross-site scripting (XSS) flaw was found in the CUPS web interface.
An attacker could use this flaw to perform a cross-site scripting attack
against users of the CUPS web interface. (CVE-2014-2856)

It was discovered that CUPS allowed certain users to create symbolic links
in certain directories under /var/cache/cups/. A local user with the 'lp'
group privileges could use this flaw to read the contents of arbitrary
files on the system or, potentially, escalate their privileges on the
system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)

The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat
Product Security.

These updated cups packages also include several bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the
References section, for information on the most significant of these
changes.

All cups users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the cupsd daemon will be restarted automatically.

Affected Software/OS:
cups on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-2856
BugTraq ID: 66788
http://www.securityfocus.com/bid/66788
http://www.mandriva.com/security/advisories?name=MDVSA-2015:108
http://www.openwall.com/lists/oss-security/2014/04/14/2
http://www.openwall.com/lists/oss-security/2014/04/15/3
RedHat Security Advisories: RHSA-2014:1388
http://rhn.redhat.com/errata/RHSA-2014-1388.html
http://secunia.com/advisories/57880
http://www.ubuntu.com/usn/USN-2172-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3537
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
BugTraq ID: 68788
http://www.securityfocus.com/bid/68788
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html
http://www.securitytracker.com/id/1030611
http://secunia.com/advisories/59945
http://secunia.com/advisories/60273
http://secunia.com/advisories/60787
http://www.ubuntu.com/usn/USN-2293-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-5029
Debian Security Information: DSA-2990 (Google Search)
http://www.debian.org/security/2014/dsa-2990
http://www.openwall.com/lists/oss-security/2014/07/22/2
http://www.openwall.com/lists/oss-security/2014/07/22/13
http://secunia.com/advisories/60509
http://www.ubuntu.com/usn/USN-2341-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-5030
Common Vulnerability Exposure (CVE) ID: CVE-2014-5031
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.