Lucene search
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.FEDORA_2009-10891.NASLHistoryDec 01, 2009 - 12:00 a.m.
Fedora 11 : cups-1.4.2-7.fc11 (2009-10891)
2009-12-0100:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
14
Updated to 1.4.2 including XSS security fix (CVE-2009-2820). Fixed improper reference counting in abstract file descriptors handling interface (CVE-2009-3553). Fixed admin.cgi crash when modifying a class. Fix cups-lpd to create unique temporary data files. Pass through serial parameters correctly in web interface. Set the PRINTER_IS_SHARED variable for admin.cgi Fix removing files with lprm.
Fixed German translation. Fixed PostScript errors with number-up handling. Fixed lspp-patch to avoid memory leak. Upstream fix for GNU TLS error handling bug. Reset SIGPIPE handler for child processes.
Fixed typo in admin web template. Fixed incorrect handling of out-of-memory when loading jobs. Fixed wrong driver reported in web interface.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2009-10891.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(42935);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2009-2820", "CVE-2009-3553");
script_bugtraq_id(36958, 37048);
script_xref(name:"FEDORA", value:"2009-10891");
script_name(english:"Fedora 11 : cups-1.4.2-7.fc11 (2009-10891)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Updated to 1.4.2 including XSS security fix (CVE-2009-2820). Fixed
improper reference counting in abstract file descriptors handling
interface (CVE-2009-3553). Fixed admin.cgi crash when modifying a
class. Fix cups-lpd to create unique temporary data files. Pass
through serial parameters correctly in web interface. Set the
PRINTER_IS_SHARED variable for admin.cgi Fix removing files with lprm.
Fixed German translation. Fixed PostScript errors with number-up
handling. Fixed lspp-patch to avoid memory leak. Upstream fix for GNU
TLS error handling bug. Reset SIGPIPE handler for child processes.
Fixed typo in admin web template. Fixed incorrect handling of
out-of-memory when loading jobs. Fixed wrong driver reported in web
interface.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=529833"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=530111"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2009-December/031831.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?82dcce0a"
);
script_set_attribute(attribute:"solution", value:"Update the affected cups package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(79, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
script_set_attribute(attribute:"patch_publication_date", value:"2009/10/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC11", reference:"cups-1.4.2-7.fc11")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | cups | p-cpe:/a:fedoraproject:fedora:cups |
| fedoraproject | fedora | 11 | cpe:/o:fedoraproject:fedora:11 |
Related
openvas
openvas
RedHat Security Advisory RHSA-2009:1595
2009-11-23 00:00:00
Fedora Core 12 FEDORA-2009-11314 (cups)
2009-12-10 00:00:00
RedHat Security Advisory RHSA-2009:1595
2009-11-23 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: cups-1.4.2-7.fc12
2009-12-01 04:34:10
[SECURITY] Fedora 11 Update: cups-1.4.2-7.fc11
2009-12-01 04:19:25
[SECURITY] Fedora 10 Update: cups-1.3.11-4.fc10
2009-12-04 23:49:33
nessus
nessus
Fedora 12 : cups-1.4.2-7.fc12 (2009-11314)
2009-12-01 00:00:00
openSUSE Security Update : cups (cups-1650)
2009-12-11 00:00:00
RHEL 5 : cups (RHSA-2009:1595)
2009-11-19 00:00:00
oraclelinux
oraclelinux
cups security update
2009-11-18 00:00:00
cups security update
2010-03-03 00:00:00
centos
centos
cups security update
2009-11-24 16:44:53
redhat
redhat
(RHSA-2009:1595) Moderate: cups security update
2009-11-18 00:00:00
prion
prion
Cross site scripting
2009-11-10 19:30:00
Design/Logic Flaw
2009-11-20 02:30:00
Design/Logic Flaw
2010-03-05 19:30:00
seebug
seebug
CUPS vulnerability
2009-11-11 00:00:00
New cups packages fix cross-site scripting
2009-11-11 00:00:00
CUPS kerberos参数跨站脚本漏洞
2009-11-18 00:00:00
cve
cve
ubuntu
ubuntu
CUPS vulnerability
2009-11-10 00:00:00
CUPS vulnerabilities
2010-03-03 00:00:00
debiancve
debiancve
exploitdb
exploitdb
CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability
2009-11-09 00:00:00
debian
debian
[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting
2009-11-10 02:41:44
[SECURITY] [DSA 2176-1] cups security update
2011-03-01 23:30:56
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:39:44
Denial Of Service (DoS)
2020-04-10 00:39:44
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
Apple CUPS cupsdDoSelect Remote Code Execution attack - Ver2 (CVE-2009-3553)
2014-12-28 00:00:00
threatpost
threatpost
Apple Patches 12 Serious Mac OS X Flaws
2010-01-19 21:27:36
osv
osv
cups - several
2011-03-02 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2012-07-09 00:00:00
Related for FEDORA_2009-10891.NASL