{"id": "MANDRIVA_MDVSA-2008-081.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : cups (MDVSA-2008:081)", "description": "A heap-based buffer overflow in CUPS 1.2.x and later was discovered by\nregenrecht of VeriSign iDenfense that could allow a remote attacker to\nexecute arbitrary code via a crafted CGI search expression\n(CVE-2008-0047).\n\nA validation error in the Hp-GL/2 filter was also discovered\n(CVE-2008-0053).\n\nFinally, a vulnerability in how CUPS handled GIF files was found by\nTomas Hoger of Red Hat, similar to previous issues corrected in PHP,\ngd, tk, netpbm, and SDL_image (CVE-2008-1373).\n\nThe updated packages have been patched to correct these issues.", "published": "2009-04-23T00:00:00", "modified": "2009-04-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/37420", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "type": "nessus", "lastseen": "2021-01-07T11:51:51", "edition": 24, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1373", "CVE-2008-0053", "CVE-2008-0047"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870174", "OPENVAS:840310", "OPENVAS:60668", "OPENVAS:830484", "OPENVAS:1361412562310830484", "OPENVAS:870174", "OPENVAS:136141256231065986", "OPENVAS:60665", "OPENVAS:1361412562310122600", "OPENVAS:136141256231060668"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2008-0192.NASL", "GENTOO_GLSA-200804-01.NASL", "SL_20080401_CUPS_ON_SL3_X.NASL", "FEDORA_2008-2897.NASL", "UBUNTU_USN-598-1.NASL", "ORACLELINUX_ELSA-2008-0192.NASL", "CUPS_1_3_7.NASL", "FEDORA_2008-2131.NASL", "SLACKWARE_SSA_2008-094-01.NASL", "CENTOS_RHSA-2008-0192.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0206", "ELSA-2008-0192"]}, {"type": "redhat", "idList": ["RHSA-2008:0206", "RHSA-2008:0192"]}, {"type": "centos", "idList": ["CESA-2008:0206", "CESA-2008:0192"]}, {"type": "ubuntu", "idList": ["USN-598-1"]}, {"type": "gentoo", "idList": ["GLSA-200804-01"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8724", "SECURITYVULNS:DOC:19448", "SECURITYVULNS:VULN:8859", "SECURITYVULNS:VULN:8803", "SECURITYVULNS:DOC:19556"]}, {"type": "slackware", "idList": ["SSA-2008-094-01"]}, {"type": "suse", "idList": ["SUSE-SA:2008:015", "SUSE-SA:2008:020"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1530-1:AF698", "DEBIAN:DSA-1625-1:FED12"]}, {"type": "fedora", "idList": ["FEDORA:M395MOPQ032179", "FEDORA:M4AEBCSZ021692", "FEDORA:M395LSQG032038", "FEDORA:5BE0C10F888", "FEDORA:E5CC020896E", "FEDORA:M4AEDGTI021901", "FEDORA:C698B2081FF", "FEDORA:1CF1C208969", "FEDORA:7F2C2208D5A"]}, {"type": "seebug", "idList": ["SSV:3058", "SSV:3063", "SSV:3117"]}], "modified": "2021-01-07T11:51:51", "rev": 2}, "score": {"value": 9.2, "vector": "NONE", "modified": "2021-01-07T11:51:51", "rev": 2}, "vulnersScore": 9.2}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:081. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37420);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_xref(name:\"MDVSA\", value:\"2008:081\");\n\n script_name(english:\"Mandriva Linux Security Advisory : cups (MDVSA-2008:081)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow in CUPS 1.2.x and later was discovered by\nregenrecht of VeriSign iDenfense that could allow a remote attacker to\nexecute arbitrary code via a crafted CGI search expression\n(CVE-2008-0047).\n\nA validation error in the Hp-GL/2 filter was also discovered\n(CVE-2008-0053).\n\nFinally, a vulnerability in how CUPS handled GIF files was found by\nTomas Hoger of Red Hat, similar to previous issues corrected in PHP,\ngd, tk, netpbm, and SDL_image (CVE-2008-1373).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-serial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"cups-1.2.4-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"cups-common-1.2.4-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"cups-serial-1.2.4-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64cups2-1.2.4-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.2.4-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libcups2-1.2.4-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libcups2-devel-1.2.4-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-cups-1.2.4-1.8mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"cups-1.2.10-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"cups-common-1.2.10-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"cups-serial-1.2.10-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64cups2-1.2.10-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.2.10-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libcups2-1.2.10-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libcups2-devel-1.2.10-2.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-cups-1.2.10-2.6mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"cups-1.3.6-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"cups-common-1.3.6-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"cups-serial-1.3.6-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64cups2-1.3.6-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.3.6-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libcups2-1.3.6-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libcups2-devel-1.3.6-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cups-1.3.6-1.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "37420", "cpe": ["p-cpe:/a:mandriva:linux:lib64cups2", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:php-cups", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:cups-serial", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libcups2", "p-cpe:/a:mandriva:linux:lib64cups2-devel", "p-cpe:/a:mandriva:linux:cups", "p-cpe:/a:mandriva:linux:libcups2-devel", "p-cpe:/a:mandriva:linux:cups-common"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:50:56", "description": "Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.", "edition": 3, "cvss3": {}, "published": "2008-03-18T23:44:00", "title": "CVE-2008-0047", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0047"], "modified": "2017-09-29T01:30:00", "cpe": ["cpe:/a:cups:cups:1.3.5"], "id": "CVE-2008-0047", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0047", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:cups:cups:1.3.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:50:58", "description": "Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.", "edition": 3, "cvss3": {}, "published": "2008-04-04T00:44:00", "title": "CVE-2008-1373", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1373"], "modified": "2018-10-11T20:32:00", "cpe": ["cpe:/a:easy_software_products:cups:1.3.6"], "id": "CVE-2008-1373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1373", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:easy_software_products:cups:1.3.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:20", "description": "Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.", "edition": 5, "cvss3": {}, "published": "2008-03-18T23:44:00", "title": "CVE-2008-0053", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0053"], "modified": "2017-09-29T01:30:00", "cpe": ["cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.8", "cpe:/a:apple:cups:1.3.5", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:apple:cups:1.1.16", "cpe:/a:apple:cups:1.1.12", "cpe:/a:apple:cups:1.2", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:apple:cups:1.1.11", "cpe:/a:apple:cups:1.1.21", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:apple:cups:1.3.1", "cpe:/a:apple:cups:1.1.3", "cpe:/a:apple:cups:1.1.2", "cpe:/a:apple:cups:1.1.1", "cpe:/a:apple:cups:1.3", "cpe:/a:apple:cups:1.1.5", "cpe:/a:apple:cups:1.1", "cpe:/a:apple:cups:1.2.2", "cpe:/a:apple:cups:1.2.1", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:apple:cups:1.2.9", "cpe:/a:apple:cups:1.1.17", "cpe:/a:apple:cups:1.1.9", "cpe:/a:apple:cups:1.2.6", "cpe:/a:apple:cups:1.1.6", "cpe:/a:apple:cups:1.1.19", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:apple:cups:1.1.20", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.23", "cpe:/a:apple:cups:1.2.10", "cpe:/a:apple:cups:1.3.2", "cpe:/a:apple:cups:1.3.4", "cpe:/a:apple:cups:1.1.8", "cpe:/a:apple:cups:1.1.18", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:apple:cups:1.2.3", "cpe:/a:apple:cups:1.3.0", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.13", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.22", "cpe:/a:apple:cups:1.2.4", "cpe:/a:apple:cups:1.1.10", "cpe:/a:apple:cups:1.2.11", "cpe:/a:apple:cups:1.2.0", "cpe:/a:apple:cups:1.4.1", "cpe:/a:apple:cups:1.3.9", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.1.4", "cpe:/a:apple:cups:1.1.14"], "id": "CVE-2008-0053", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0053", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "description": "Oracle Linux Local Security Checks ELSA-2008-0192", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122600", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0192.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122600\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:48:59 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0192\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0192 - cups security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0192\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0192.html\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~11.14.el5_1.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.4~11.14.el5_1.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.4~11.14.el5_1.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.2.4~11.14.el5_1.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-09T11:40:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "description": "Check for the Version of cups", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870174", "type": "openvas", "title": "RedHat Update for cups RHSA-2008:0192-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for cups RHSA-2008:0192-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX(R) operating systems.\n\n A heap buffer overflow flaw was found in a CUPS administration interface\n CGI script. A local attacker able to connect to the IPP port (TCP port 631)\n could send a malicious request causing the script to crash or, potentially,\n execute arbitrary code as the &quot;lp&quot; user. Please note: the default CUPS\n configuration in Red Hat Enterprise Linux 5 does not allow remote\n connections to the IPP TCP port. (CVE-2008-0047)\n \n Red Hat would like to thank &quot;regenrecht&quot; for reporting this issue.\n \n This issue did not affect the versions of CUPS as shipped with Red Hat\n Enterprise Linux 3 or 4.\n \n Two overflows were discovered in the HP-GL/2-to-PostScript filter. An\n attacker could create a malicious HP-GL/2 file that could possibly execute\n arbitrary code as the &quot;lp&quot; user if the file is printed. (CVE-2008-0053)\n \n A buffer overflow flaw was discovered in the GIF decoding routines used by\n CUPS image converting filters &quot;imagetops&quot; and &quot;imagetoraster&quot;. An attacker\n could create a malicious GIF file that could possibly execute arbitrary\n code as the &quot;lp&quot; user if the file was printed. (CVE-2008-1373)\n \n All cups users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"cups on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870174\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0192-01\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_name( \"RedHat Update for cups RHSA-2008:0192-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "description": "Check for the Version of cups", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830484", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2008:081 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2008:081 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow in CUPS 1.2.x and later was discovered by\n regenrecht of VeriSign iDenfense that could allow a remote attacker\n to execute arbitrary code via a crafted CGI search expression\n (CVE-2008-0047).\n\n A validation error in the Hp-GL/2 filter was also discovered\n (CVE-2008-0053).\n \n Finally, a vulnerability in how CUPS handled GIF files was found by\n Tomas Hoger of Red Hat, similar to previous issues corrected in PHP,\n gd, tk, netpbm, and SDL_image (CVE-2008-1373).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"cups on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-04/msg00000.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830484\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:081\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_name( \"Mandriva Update for cups MDVSA-2008:081 (cups)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "description": "Check for the Version of cups", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830484", "href": "http://plugins.openvas.org/nasl.php?oid=830484", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2008:081 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2008:081 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow in CUPS 1.2.x and later was discovered by\n regenrecht of VeriSign iDenfense that could allow a remote attacker\n to execute arbitrary code via a crafted CGI search expression\n (CVE-2008-0047).\n\n A validation error in the Hp-GL/2 filter was also discovered\n (CVE-2008-0053).\n \n Finally, a vulnerability in how CUPS handled GIF files was found by\n Tomas Hoger of Red Hat, similar to previous issues corrected in PHP,\n gd, tk, netpbm, and SDL_image (CVE-2008-1373).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"cups on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-04/msg00000.php\");\n script_id(830484);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:081\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_name( \"Mandriva Update for cups MDVSA-2008:081 (cups)\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.10~2.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.4~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.6~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "description": "Check for the Version of cups", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870174", "href": "http://plugins.openvas.org/nasl.php?oid=870174", "type": "openvas", "title": "RedHat Update for cups RHSA-2008:0192-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for cups RHSA-2008:0192-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX(R) operating systems.\n\n A heap buffer overflow flaw was found in a CUPS administration interface\n CGI script. A local attacker able to connect to the IPP port (TCP port 631)\n could send a malicious request causing the script to crash or, potentially,\n execute arbitrary code as the &quot;lp&quot; user. Please note: the default CUPS\n configuration in Red Hat Enterprise Linux 5 does not allow remote\n connections to the IPP TCP port. (CVE-2008-0047)\n \n Red Hat would like to thank &quot;regenrecht&quot; for reporting this issue.\n \n This issue did not affect the versions of CUPS as shipped with Red Hat\n Enterprise Linux 3 or 4.\n \n Two overflows were discovered in the HP-GL/2-to-PostScript filter. An\n attacker could create a malicious HP-GL/2 file that could possibly execute\n arbitrary code as the &quot;lp&quot; user if the file is printed. (CVE-2008-0053)\n \n A buffer overflow flaw was discovered in the GIF decoding routines used by\n CUPS image converting filters &quot;imagetops&quot; and &quot;imagetoraster&quot;. An attacker\n could create a malicious GIF file that could possibly execute arbitrary\n code as the &quot;lp&quot; user if the file was printed. (CVE-2008-1373)\n \n All cups users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"cups on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00000.html\");\n script_id(870174);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0192-01\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_name( \"RedHat Update for cups RHSA-2008:0192-01\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.2.4~11.14.el5_1.6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373", "CVE-2008-0047"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-598-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840310", "href": "http://plugins.openvas.org/nasl.php?oid=840310", "type": "openvas", "title": "Ubuntu Update for cupsys vulnerabilities USN-598-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_598_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for cupsys vulnerabilities USN-598-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the CUPS administration interface contained a heap-\n based overflow flaw. A local attacker, and a remote attacker if printer\n sharing is enabled, could send a malicious request and possibly execute\n arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04.\n In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.\n (CVE-2008-0047)\n\n It was discovered that the hpgl filter in CUPS did not properly validate\n its input when parsing parameters. If a crafted HP-GL/2 file were printed,\n an attacker could possibly execute arbitrary code as the non-root user\n in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be\n isolated by the AppArmor CUPS profile. (CVE-2008-0053)\n \n It was discovered that CUPS had a flaw in its managing of remote shared\n printers via IPP. A remote attacker could send a crafted UDP packet and\n cause a denial of service or possibly execute arbitrary code as the\n non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10,\n attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0882)\n \n It was discovered that CUPS did not properly perform bounds checking in\n its GIF decoding routines. If a crafted GIF file were printed, an attacker\n could possibly execute arbitrary code as the non-root user in Ubuntu 6.06\n LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the\n AppArmor CUPS profile. (CVE-2008-1373)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-598-1\";\ntag_affected = \"cupsys vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-598-1/\");\n script_id(840310);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"598-1\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-0882\", \"CVE-2008-1373\");\n script_name( \"Ubuntu Update for cupsys vulnerabilities USN-598-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.8-0ubuntu8.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.8-0ubuntu8.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.8-0ubuntu8.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.8-0ubuntu8.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.8-0ubuntu8.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.8-0ubuntu8.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.8-0ubuntu8.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.2.8-0ubuntu8.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.4-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.4-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.4-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.4-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.4-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.4-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.4-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.2.4-2ubuntu3.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.2-1ubuntu7.6\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.2-1ubuntu7.6\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.2-1ubuntu7.6\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.2-1ubuntu7.6\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.2-1ubuntu7.6\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.2-1ubuntu7.6\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.2-1ubuntu7.6\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.2-1ubuntu7.6\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373", "CVE-2008-0047"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-01.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:60665", "href": "http://plugins.openvas.org/nasl.php?oid=60665", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200804-01 (cups)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in CUPS, allowing for the\nremote execution of arbitrary code and a Denial of Service.\";\ntag_solution = \"All CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.2.12-r7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=211449\nhttp://bugs.gentoo.org/show_bug.cgi?id=212364\nhttp://bugs.gentoo.org/show_bug.cgi?id=214068\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-01.\";\n\n \n\nif(description)\n{\n script_id(60665);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-0882\", \"CVE-2008-1373\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200804-01 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-print/cups\", unaffected: make_list(\"ge 1.2.12-r7\"), vulnerable: make_list(\"lt 1.2.12-r7\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:51:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1373", "CVE-2008-0047"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-094-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:60668", "href": "http://plugins.openvas.org/nasl.php?oid=60668", "type": "openvas", "title": "Slackware Advisory SSA:2008-094-01 cups", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_094_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New cups packages are available for Slackware 12.0, and -current to fix\nsecurity issues. The change from CUPS 1.2.x to CUPS 1.3.x was tested here,\nbut if you're on a completely secured internal network these issues may be\nless of a risk than upgrading. If your IPP port is open to the internet,\nyou'd be advised to upgrade as soon as possible (or firewall the port at\nthe gateway if you're not in need of printer jobs coming in from the\ninternet).\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-094-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-094-01\";\n \nif(description)\n{\n script_id(60668);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-1373\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-094-01 cups \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.7-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1373", "CVE-2008-0047"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-094-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231060668", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231060668", "type": "openvas", "title": "Slackware Advisory SSA:2008-094-01 cups", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_094_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.60668\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-1373\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2008-094-01 cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK12\\.0\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-094-01\");\n\n script_tag(name:\"insight\", value:\"New cups packages are available for Slackware 12.0, and -current to fix\nsecurity issues. The change from CUPS 1.2.x to CUPS 1.3.x was tested here,\nbut if you're on a completely secured internal network these issues may be\nless of a risk than upgrading. If your IPP port is open to the internet,\nyou'd be advised to upgrade as soon as possible (or firewall the port at\nthe gateway if you're not in need of printer jobs coming in from the\ninternet).\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2008-094-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"cups\", ver:\"1.3.7-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023036 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065018", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065018", "type": "openvas", "title": "SLES9: Security update for CUPS", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023036.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023036 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65018\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1373\", \"CVE-2008-0053\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.50\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T09:25:18", "description": "Updated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA heap buffer overflow flaw was found in a CUPS administration\ninterface CGI script. A local attacker able to connect to the IPP port\n(TCP port 631) could send a malicious request causing the script to\ncrash or, potentially, execute arbitrary code as the 'lp' user. Please\nnote: the default CUPS configuration in Red Hat Enterprise Linux 5\ndoes not allow remote connections to the IPP TCP port. (CVE-2008-0047)\n\nRed Hat would like to thank 'regenrecht' for reporting this issue.\n\nThis issue did not affect the versions of CUPS as shipped with Red Hat\nEnterprise Linux 3 or 4.\n\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\nattacker could create a malicious HP-GL/2 file that could possibly\nexecute arbitrary code as the 'lp' user if the file is printed.\n(CVE-2008-0053)\n\nA buffer overflow flaw was discovered in the GIF decoding routines\nused by CUPS image converting filters 'imagetops' and 'imagetoraster'.\nAn attacker could create a malicious GIF file that could possibly\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-1373)\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : cups (CESA-2008:0192)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:cups-libs", "p-cpe:/a:centos:centos:cups", "p-cpe:/a:centos:centos:cups-lpd", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:cups-devel"], "id": "CENTOS_RHSA-2008-0192.NASL", "href": "https://www.tenable.com/plugins/nessus/43677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0192 and \n# CentOS Errata and Security Advisory 2008:0192 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43677);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_bugtraq_id(28307, 28544);\n script_xref(name:\"RHSA\", value:\"2008:0192\");\n\n script_name(english:\"CentOS 5 : cups (CESA-2008:0192)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA heap buffer overflow flaw was found in a CUPS administration\ninterface CGI script. A local attacker able to connect to the IPP port\n(TCP port 631) could send a malicious request causing the script to\ncrash or, potentially, execute arbitrary code as the 'lp' user. Please\nnote: the default CUPS configuration in Red Hat Enterprise Linux 5\ndoes not allow remote connections to the IPP TCP port. (CVE-2008-0047)\n\nRed Hat would like to thank 'regenrecht' for reporting this issue.\n\nThis issue did not affect the versions of CUPS as shipped with Red Hat\nEnterprise Linux 3 or 4.\n\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\nattacker could create a malicious HP-GL/2 file that could possibly\nexecute arbitrary code as the 'lp' user if the file is printed.\n(CVE-2008-0053)\n\nA buffer overflow flaw was discovered in the GIF decoding routines\nused by CUPS image converting filters 'imagetops' and 'imagetoraster'.\nAn attacker could create a malicious GIF file that could possibly\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-1373)\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014797.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?405e2804\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014798.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7cbe7efe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"cups-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"cups-devel-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"cups-libs-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"cups-lpd-1.2.4-11.14.el5_1.6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs / cups-lpd\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:29", "description": "Three security issues have been fixed in this update: * A buffer\noverflow when processing GIF files * A heap-based overflow in a CUPS\nhelper program, used for searching documentation * A buffer overflow\nwhen processing HP-GL/2 files\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-04-11T00:00:00", "title": "Fedora 7 : cups-1.2.12-10.fc7 (2008-2897)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "modified": "2008-04-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:cups"], "id": "FEDORA_2008-2897.NASL", "href": "https://www.tenable.com/plugins/nessus/31816", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2897.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31816);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_bugtraq_id(28307, 28334, 28544);\n script_xref(name:\"FEDORA\", value:\"2008-2897\");\n\n script_name(english:\"Fedora 7 : cups-1.2.12-10.fc7 (2008-2897)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Three security issues have been fixed in this update: * A buffer\noverflow when processing GIF files * A heap-based overflow in a CUPS\nhelper program, used for searching documentation * A buffer overflow\nwhen processing HP-GL/2 files\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=436153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438303\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009130.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7c838ac\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"cups-1.2.12-10.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:08", "description": "From Red Hat Security Advisory 2008:0192 :\n\nUpdated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA heap buffer overflow flaw was found in a CUPS administration\ninterface CGI script. A local attacker able to connect to the IPP port\n(TCP port 631) could send a malicious request causing the script to\ncrash or, potentially, execute arbitrary code as the 'lp' user. Please\nnote: the default CUPS configuration in Red Hat Enterprise Linux 5\ndoes not allow remote connections to the IPP TCP port. (CVE-2008-0047)\n\nRed Hat would like to thank 'regenrecht' for reporting this issue.\n\nThis issue did not affect the versions of CUPS as shipped with Red Hat\nEnterprise Linux 3 or 4.\n\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\nattacker could create a malicious HP-GL/2 file that could possibly\nexecute arbitrary code as the 'lp' user if the file is printed.\n(CVE-2008-0053)\n\nA buffer overflow flaw was discovered in the GIF decoding routines\nused by CUPS image converting filters 'imagetops' and 'imagetoraster'.\nAn attacker could create a malicious GIF file that could possibly\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-1373)\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : cups (ELSA-2008-0192)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:cups", "p-cpe:/a:oracle:linux:cups-libs", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:cups-devel", "p-cpe:/a:oracle:linux:cups-lpd"], "id": "ORACLELINUX_ELSA-2008-0192.NASL", "href": "https://www.tenable.com/plugins/nessus/67670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0192 and \n# Oracle Linux Security Advisory ELSA-2008-0192 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67670);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_bugtraq_id(28307, 28544);\n script_xref(name:\"RHSA\", value:\"2008:0192\");\n\n script_name(english:\"Oracle Linux 5 : cups (ELSA-2008-0192)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0192 :\n\nUpdated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA heap buffer overflow flaw was found in a CUPS administration\ninterface CGI script. A local attacker able to connect to the IPP port\n(TCP port 631) could send a malicious request causing the script to\ncrash or, potentially, execute arbitrary code as the 'lp' user. Please\nnote: the default CUPS configuration in Red Hat Enterprise Linux 5\ndoes not allow remote connections to the IPP TCP port. (CVE-2008-0047)\n\nRed Hat would like to thank 'regenrecht' for reporting this issue.\n\nThis issue did not affect the versions of CUPS as shipped with Red Hat\nEnterprise Linux 3 or 4.\n\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\nattacker could create a malicious HP-GL/2 file that could possibly\nexecute arbitrary code as the 'lp' user if the file is printed.\n(CVE-2008-0053)\n\nA buffer overflow flaw was discovered in the GIF decoding routines\nused by CUPS image converting filters 'imagetops' and 'imagetoraster'.\nAn attacker could create a malicious GIF file that could possibly\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-1373)\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-April/000556.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"cups-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"cups-devel-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"cups-libs-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"cups-lpd-1.2.4-11.14.el5_1.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs / cups-lpd\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:04", "description": "Updated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA heap buffer overflow flaw was found in a CUPS administration\ninterface CGI script. A local attacker able to connect to the IPP port\n(TCP port 631) could send a malicious request causing the script to\ncrash or, potentially, execute arbitrary code as the 'lp' user. Please\nnote: the default CUPS configuration in Red Hat Enterprise Linux 5\ndoes not allow remote connections to the IPP TCP port. (CVE-2008-0047)\n\nRed Hat would like to thank 'regenrecht' for reporting this issue.\n\nThis issue did not affect the versions of CUPS as shipped with Red Hat\nEnterprise Linux 3 or 4.\n\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\nattacker could create a malicious HP-GL/2 file that could possibly\nexecute arbitrary code as the 'lp' user if the file is printed.\n(CVE-2008-0053)\n\nA buffer overflow flaw was discovered in the GIF decoding routines\nused by CUPS image converting filters 'imagetops' and 'imagetoraster'.\nAn attacker could create a malicious GIF file that could possibly\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-1373)\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 28, "published": "2008-04-04T00:00:00", "title": "RHEL 5 : cups (RHSA-2008:0192)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "modified": "2008-04-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cups-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:cups", "p-cpe:/a:redhat:enterprise_linux:cups-libs", "cpe:/o:redhat:enterprise_linux:5.1", "p-cpe:/a:redhat:enterprise_linux:cups-lpd"], "id": "REDHAT-RHSA-2008-0192.NASL", "href": "https://www.tenable.com/plugins/nessus/31754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0192. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31754);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\");\n script_bugtraq_id(28307, 28544);\n script_xref(name:\"RHSA\", value:\"2008:0192\");\n\n script_name(english:\"RHEL 5 : cups (RHSA-2008:0192)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA heap buffer overflow flaw was found in a CUPS administration\ninterface CGI script. A local attacker able to connect to the IPP port\n(TCP port 631) could send a malicious request causing the script to\ncrash or, potentially, execute arbitrary code as the 'lp' user. Please\nnote: the default CUPS configuration in Red Hat Enterprise Linux 5\ndoes not allow remote connections to the IPP TCP port. (CVE-2008-0047)\n\nRed Hat would like to thank 'regenrecht' for reporting this issue.\n\nThis issue did not affect the versions of CUPS as shipped with Red Hat\nEnterprise Linux 3 or 4.\n\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\nattacker could create a malicious HP-GL/2 file that could possibly\nexecute arbitrary code as the 'lp' user if the file is printed.\n(CVE-2008-0053)\n\nA buffer overflow flaw was discovered in the GIF decoding routines\nused by CUPS image converting filters 'imagetops' and 'imagetoraster'.\nAn attacker could create a malicious GIF file that could possibly\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-1373)\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0192\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0192\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"cups-1.2.4-11.14.el5_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"cups-1.2.4-11.14.el5_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"cups-1.2.4-11.14.el5_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"cups-devel-1.2.4-11.14.el5_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"cups-libs-1.2.4-11.14.el5_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"cups-lpd-1.2.4-11.14.el5_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"cups-lpd-1.2.4-11.14.el5_1.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"cups-lpd-1.2.4-11.14.el5_1.6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs / cups-lpd\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:10", "description": "It was discovered that the CUPS administration interface contained a\nheap- based overflow flaw. A local attacker, and a remote attacker if\nprinter sharing is enabled, could send a malicious request and\npossibly execute arbitrary code as the non-root user in Ubuntu 6.06\nLTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by\nthe AppArmor CUPS profile. (CVE-2008-0047)\n\nIt was discovered that the hpgl filter in CUPS did not properly\nvalidate its input when parsing parameters. If a crafted HP-GL/2 file\nwere printed, an attacker could possibly execute arbitrary code as the\nnon-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10,\nattackers would be isolated by the AppArmor CUPS profile.\n(CVE-2008-0053)\n\nIt was discovered that CUPS had a flaw in its managing of remote\nshared printers via IPP. A remote attacker could send a crafted UDP\npacket and cause a denial of service or possibly execute arbitrary\ncode as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In\nUbuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.\n(CVE-2008-0882)\n\nIt was discovered that CUPS did not properly perform bounds checking\nin its GIF decoding routines. If a crafted GIF file were printed, an\nattacker could possibly execute arbitrary code as the non-root user in\nUbuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be\nisolated by the AppArmor CUPS profile. (CVE-2008-1373).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-04-04T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerabilities (USN-598-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373", "CVE-2008-0047"], "modified": "2008-04-04T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:cupsys-common", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:cupsys-client", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev", "p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd", "p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev", "p-cpe:/a:canonical:ubuntu_linux:cupsys", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:libcupsimage2", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-598-1.NASL", "href": "https://www.tenable.com/plugins/nessus/31785", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-598-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31785);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-0882\", \"CVE-2008-1373\");\n script_bugtraq_id(27906, 28307, 28334, 28544);\n script_xref(name:\"USN\", value:\"598-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerabilities (USN-598-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the CUPS administration interface contained a\nheap- based overflow flaw. A local attacker, and a remote attacker if\nprinter sharing is enabled, could send a malicious request and\npossibly execute arbitrary code as the non-root user in Ubuntu 6.06\nLTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by\nthe AppArmor CUPS profile. (CVE-2008-0047)\n\nIt was discovered that the hpgl filter in CUPS did not properly\nvalidate its input when parsing parameters. If a crafted HP-GL/2 file\nwere printed, an attacker could possibly execute arbitrary code as the\nnon-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10,\nattackers would be isolated by the AppArmor CUPS profile.\n(CVE-2008-0053)\n\nIt was discovered that CUPS had a flaw in its managing of remote\nshared printers via IPP. A remote attacker could send a crafted UDP\npacket and cause a denial of service or possibly execute arbitrary\ncode as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In\nUbuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.\n(CVE-2008-0882)\n\nIt was discovered that CUPS did not properly perform bounds checking\nin its GIF decoding routines. If a crafted GIF file were printed, an\nattacker could possibly execute arbitrary code as the non-root user in\nUbuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be\nisolated by the AppArmor CUPS profile. (CVE-2008-1373).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/598-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys\", pkgver:\"1.2.2-0ubuntu0.6.06.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys-bsd\", pkgver:\"1.2.2-0ubuntu0.6.06.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys-client\", pkgver:\"1.2.2-0ubuntu0.6.06.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsimage2\", pkgver:\"1.2.2-0ubuntu0.6.06.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.2.2-0ubuntu0.6.06.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2\", pkgver:\"1.2.2-0ubuntu0.6.06.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2-dev\", pkgver:\"1.2.2-0ubuntu0.6.06.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2-gnutls10\", pkgver:\"1.2.2-0ubuntu0.6.06.8\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"cupsys\", pkgver:\"1.2.4-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"cupsys-bsd\", pkgver:\"1.2.4-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"cupsys-client\", pkgver:\"1.2.4-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"cupsys-common\", pkgver:\"1.2.4-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcupsimage2\", pkgver:\"1.2.4-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.2.4-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcupsys2\", pkgver:\"1.2.4-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcupsys2-dev\", pkgver:\"1.2.4-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"cupsys\", pkgver:\"1.2.8-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"cupsys-bsd\", pkgver:\"1.2.8-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"cupsys-client\", pkgver:\"1.2.8-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"cupsys-common\", pkgver:\"1.2.8-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcupsimage2\", pkgver:\"1.2.8-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.2.8-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcupsys2\", pkgver:\"1.2.8-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcupsys2-dev\", pkgver:\"1.2.8-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"cupsys\", pkgver:\"1.3.2-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"cupsys-bsd\", pkgver:\"1.3.2-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"cupsys-client\", pkgver:\"1.3.2-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"cupsys-common\", pkgver:\"1.3.2-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libcupsimage2\", pkgver:\"1.3.2-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.3.2-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libcupsys2\", pkgver:\"1.3.2-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libcupsys2-dev\", pkgver:\"1.3.2-1ubuntu7.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cupsys / cupsys-bsd / cupsys-client / cupsys-common / libcupsimage2 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:20", "description": "The remote host is affected by the vulnerability described in GLSA-200804-01\n(CUPS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in CUPS:\n regenrecht (VeriSign iDefense) discovered that the\n cgiCompileSearch() function used in several CGI scripts in CUPS'\n administration interface does not correctly calculate boundaries when\n processing a user-provided regular expression, leading to a heap-based\n buffer overflow (CVE-2008-0047).\n Helge Blischke reported a\n double free() vulnerability in the process_browse_data() function when\n adding or removing remote shared printers (CVE-2008-0882).\n Tomas Hoger (Red Hat) reported that the gif_read_lzw() function\n uses the code_size value from GIF images without properly checking it,\n leading to a buffer overflow (CVE-2008-1373).\n An unspecified\n input validation error was discovered in the HP-GL/2 filter\n (CVE-2008-0053).\n \nImpact :\n\n A local attacker could send specially crafted network packets or print\n jobs and possibly execute arbitrary code with the privileges of the\n user running CUPS (usually lp), or cause a Denial of Service. The\n vulnerabilities are exploitable via the network when CUPS is sharing\n printers remotely.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2008-04-04T00:00:00", "title": "GLSA-200804-01 : CUPS: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373", "CVE-2008-0047"], "modified": "2008-04-04T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:cups"], "id": "GENTOO_GLSA-200804-01.NASL", "href": "https://www.tenable.com/plugins/nessus/31752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31752);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-0882\", \"CVE-2008-1373\");\n script_bugtraq_id(27906, 28307, 28334, 28544);\n script_xref(name:\"GLSA\", value:\"200804-01\");\n\n script_name(english:\"GLSA-200804-01 : CUPS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-01\n(CUPS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in CUPS:\n regenrecht (VeriSign iDefense) discovered that the\n cgiCompileSearch() function used in several CGI scripts in CUPS'\n administration interface does not correctly calculate boundaries when\n processing a user-provided regular expression, leading to a heap-based\n buffer overflow (CVE-2008-0047).\n Helge Blischke reported a\n double free() vulnerability in the process_browse_data() function when\n adding or removing remote shared printers (CVE-2008-0882).\n Tomas Hoger (Red Hat) reported that the gif_read_lzw() function\n uses the code_size value from GIF images without properly checking it,\n leading to a buffer overflow (CVE-2008-1373).\n An unspecified\n input validation error was discovered in the HP-GL/2 filter\n (CVE-2008-0053).\n \nImpact :\n\n A local attacker could send specially crafted network packets or print\n jobs and possibly execute arbitrary code with the privileges of the\n user running CUPS (usually lp), or cause a Denial of Service. The\n vulnerabilities are exploitable via the network when CUPS is sharing\n printers remotely.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CUPS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.2.12-r7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-print/cups\", unaffected:make_list(\"ge 1.2.12-r7\"), vulnerable:make_list(\"lt 1.2.12-r7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CUPS\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:33:58", "description": "According to its banner, the version of CUPS installed on the remote\nhost is affected by several issues :\n\n - A buffer overflow exists in 'cgiCompileSearch' that\n could lead to arbitrary code execution (STR #2729).\n\n - A GIF image filter overflow exists involving 'code_size'\n value from a user-supplied GIF image used in\n 'gif_read_lzw' (STR #2765).\n\n - A temporary file with Samba credentials may be left\n behind by cupsaddsmb if no Windows drivers were\n installed (STR #2779).", "edition": 24, "published": "2008-04-03T00:00:00", "title": "CUPS < 1.3.7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1373", "CVE-2008-0047"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:cups:cups"], "id": "CUPS_1_3_7.NASL", "href": "https://www.tenable.com/plugins/nessus/31730", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31730);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/07/06 11:26:07\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-1373\");\n script_bugtraq_id(28307, 28544);\n\n script_name(english:\"CUPS < 1.3.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks CUPS server version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote printer service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of CUPS installed on the remote\nhost is affected by several issues :\n\n - A buffer overflow exists in 'cgiCompileSearch' that\n could lead to arbitrary code execution (STR #2729).\n\n - A GIF image filter overflow exists involving 'code_size'\n value from a user-supplied GIF image used in\n 'gif_read_lzw' (STR #2765).\n\n - A temporary file with Samba credentials may be left\n behind by cupsaddsmb if no Windows drivers were\n installed (STR #2779).\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L2729\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L2765\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/articles.php?L537\" );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to CUPS version 1.3.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cups:cups\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"cups_1_3_5.nasl\");\n script_require_keys(\"www/cups\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 631);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:631, embedded:TRUE);\nget_kb_item_or_exit(\"www/\"+port+\"/cups/running\");\n\nversion = get_kb_item_or_exit(\"cups/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"cups/\"+port+\"/source\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n version =~ \"^1\\.([0-2]|3\\.[0-6])($|[^0-9])\" ||\n version =~ \"^1\\.3(rc|b)\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.3.7\\n';\n\n security_note(port:port, extra:report);\n }\n else security_note(port);\n exit(0);\n}\nelse if (version =~ \"^(1|1\\.3)($|[^0-9.])\") audit(AUDIT_VER_NOT_GRANULAR, \"CUPS\", port, version);\nelse audit(AUDIT_LISTEN_NOT_VULN, \"CUPS\", port, version);\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:27", "description": "Two security issues have been fixed in this update: * A buffer\noverflow when processing GIF files * A heap-based overflow in a CUPS\nhelper program, used for searching documentation This update also\nfixes a problem with processing some JPEG files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-04-11T00:00:00", "title": "Fedora 8 : cups-1.3.6-4.fc8 (2008-2131)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1373", "CVE-2008-0047"], "modified": "2008-04-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:cups"], "id": "FEDORA_2008-2131.NASL", "href": "https://www.tenable.com/plugins/nessus/31814", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2131.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31814);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-1373\");\n script_bugtraq_id(28307, 28334, 28544);\n script_xref(name:\"FEDORA\", value:\"2008-2131\");\n\n script_name(english:\"Fedora 8 : cups-1.3.6-4.fc8 (2008-2131)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security issues have been fixed in this update: * A buffer\noverflow when processing GIF files * A heap-based overflow in a CUPS\nhelper program, used for searching documentation This update also\nfixes a problem with processing some JPEG files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=436153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=438303\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57e48f17\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"cups-1.3.6-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:21", "description": "New cups packages are available for Slackware 12.0, and -current to\nfix security issues. The change from CUPS 1.2.x to CUPS 1.3.x was\ntested here, but if you're on a completely secured internal network\nthese issues may be less of a risk than upgrading. If your IPP port is\nopen to the internet, you'd be advised to upgrade as soon as possible\n(or firewall the port at the gateway if you're not in need of printer\njobs coming in from the internet).", "edition": 24, "published": "2008-04-04T00:00:00", "title": "Slackware 12.0 / current : cups (SSA:2008-094-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1373", "CVE-2008-0047"], "modified": "2008-04-04T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:cups", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2008-094-01.NASL", "href": "https://www.tenable.com/plugins/nessus/31740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-094-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31740);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0047\", \"CVE-2008-1373\");\n script_bugtraq_id(28307, 28544);\n script_xref(name:\"SSA\", value:\"2008-094-01\");\n\n script_name(english:\"Slackware 12.0 / current : cups (SSA:2008-094-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New cups packages are available for Slackware 12.0, and -current to\nfix security issues. The change from CUPS 1.2.x to CUPS 1.3.x was\ntested here, but if you're on a completely secured internal network\nthese issues may be less of a risk than upgrading. If your IPP port is\nopen to the internet, you'd be advised to upgrade as soon as possible\n(or firewall the port at the gateway if you're not in need of printer\njobs coming in from the internet).\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384842\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93a345b8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"cups\", pkgver:\"1.3.7\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"cups\", pkgver:\"1.3.7\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:43:54", "description": "SL5 Only: A heap buffer overflow flaw was found in a CUPS\nadministration interface CGI script. A local attacker able to connect\nto the IPP port (TCP port 631) could send a malicious request causing\nthe script to crash or, potentially, execute arbitrary code as the\n'lp' user. Please note: the default CUPS configuration in Red Hat\nEnterprise Linux 5 does not allow remote connections to the IPP TCP\nport. (CVE-2008-0047)\n\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\nattacker could create a malicious HP-GL/2 file that could possibly\nexecute arbitrary code as the 'lp' user if the file is printed.\n(CVE-2008-0053)\n\nA buffer overflow flaw was discovered in the GIF decoding routines\nused by CUPS image converting filters 'imagetops' and 'imagetoraster'.\nAn attacker could create a malicious GIF file that could possibly\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-1373)\n\nSL 3 &amp; 4 Only: It was discovered that the patch used to address\nCVE-2004-0888 in CUPS packages in Scientific Linux 3 and 4 did not\ncompletely resolve the integer overflow in the 'pdftops' filter on\n64-bit platforms. An attacker could create a malicious PDF file that\ncould possibly execute arbitrary code as the 'lp' user if the file was\nprinted. (CVE-2008-1374)", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1374", "CVE-2008-0053", "CVE-2004-0888", "CVE-2008-1373", "CVE-2008-0047"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080401_CUPS_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60378);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0888\", \"CVE-2008-0047\", \"CVE-2008-0053\", \"CVE-2008-1373\", \"CVE-2008-1374\");\n\n script_name(english:\"Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SL5 Only: A heap buffer overflow flaw was found in a CUPS\nadministration interface CGI script. A local attacker able to connect\nto the IPP port (TCP port 631) could send a malicious request causing\nthe script to crash or, potentially, execute arbitrary code as the\n'lp' user. Please note: the default CUPS configuration in Red Hat\nEnterprise Linux 5 does not allow remote connections to the IPP TCP\nport. (CVE-2008-0047)\n\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\nattacker could create a malicious HP-GL/2 file that could possibly\nexecute arbitrary code as the 'lp' user if the file is printed.\n(CVE-2008-0053)\n\nA buffer overflow flaw was discovered in the GIF decoding routines\nused by CUPS image converting filters 'imagetops' and 'imagetoraster'.\nAn attacker could create a malicious GIF file that could possibly\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-1373)\n\nSL 3 &amp; 4 Only: It was discovered that the patch used to address\nCVE-2004-0888 in CUPS packages in Scientific Linux 3 and 4 did not\ncompletely resolve the integer overflow in the 'pdftops' filter on\n64-bit platforms. An attacker could create a malicious PDF file that\ncould possibly execute arbitrary code as the 'lp' user if the file was\nprinted. (CVE-2008-1374)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0804&L=scientific-linux-errata&T=0&P=76\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c90d8c09\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"cups-1.1.17-13.3.52\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"cups-devel-1.1.17-13.3.52\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"cups-libs-1.1.17-13.3.52\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"cups-1.1.22-0.rc1.9.20.2.el4_6.6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"cups-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-devel-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-libs-1.2.4-11.14.el5_1.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-lpd-1.2.4-11.14.el5_1.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:31:58", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0192\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nA heap buffer overflow flaw was found in a CUPS administration interface\r\nCGI script. A local attacker able to connect to the IPP port (TCP port 631)\r\ncould send a malicious request causing the script to crash or, potentially,\r\nexecute arbitrary code as the \"lp\" user. Please note: the default CUPS\r\nconfiguration in Red Hat Enterprise Linux 5 does not allow remote\r\nconnections to the IPP TCP port. (CVE-2008-0047)\r\n\r\nRed Hat would like to thank \"regenrecht\" for reporting this issue.\r\n\r\nThis issue did not affect the versions of CUPS as shipped with Red Hat\r\nEnterprise Linux 3 or 4.\r\n\r\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\r\nattacker could create a malicious HP-GL/2 file that could possibly execute\r\narbitrary code as the \"lp\" user if the file is printed. (CVE-2008-0053)\r\n\r\nA buffer overflow flaw was discovered in the GIF decoding routines used by\r\nCUPS image converting filters \"imagetops\" and \"imagetoraster\". An attacker\r\ncould create a malicious GIF file that could possibly execute arbitrary\r\ncode as the \"lp\" user if the file was printed. (CVE-2008-1373)\r\n\r\nAll cups users are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026835.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026836.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\ncups-lpd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0192.html", "edition": 5, "modified": "2008-04-02T10:39:09", "published": "2008-04-02T10:39:09", "href": "http://lists.centos.org/pipermail/centos-announce/2008-April/026835.html", "id": "CESA-2008:0192", "title": "cups security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T03:27:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1374", "CVE-2008-0053", "CVE-2004-0888", "CVE-2008-1373"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0206\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\r\nattacker could create a malicious HP-GL/2 file that could possibly execute\r\narbitrary code as the \"lp\" user if the file is printed. (CVE-2008-0053)\r\n\r\nA buffer overflow flaw was discovered in the GIF decoding routines used by\r\nCUPS image converting filters \"imagetops\" and \"imagetoraster\". An attacker\r\ncould create a malicious GIF file that could possibly execute arbitrary\r\ncode as the \"lp\" user if the file was printed. (CVE-2008-1373)\r\n\r\nIt was discovered that the patch used to address CVE-2004-0888 in CUPS\r\npackages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the\r\ninteger overflow in the \"pdftops\" filter on 64-bit platforms. An attacker\r\ncould create a malicious PDF file that could possibly execute arbitrary\r\ncode as the \"lp\" user if the file was printed. (CVE-2008-1374)\r\n\r\nAll cups users are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026833.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026834.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026837.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026838.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026841.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026842.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026843.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026844.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0206.html", "edition": 6, "modified": "2008-04-05T08:25:17", "published": "2008-04-01T17:06:38", "href": "http://lists.centos.org/pipermail/centos-announce/2008-April/026833.html", "id": "CESA-2008:0206", "title": "cups security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:43", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0053", "CVE-2008-1373", "CVE-2008-0047"], "description": "cups\n[1.2.4-11.14:.6]\n- Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117).\n- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).\n[1.2.4-11.14:.5]\n- Applied patch to prevent heap-based buffer overflow in CUPS helper\n program (bug #436153, CVE-2008-0047, STR #2729).", "edition": 4, "modified": "2008-04-01T00:00:00", "published": "2008-04-01T00:00:00", "id": "ELSA-2008-0192", "href": "http://linux.oracle.com/errata/ELSA-2008-0192.html", "title": "cups security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1374", "CVE-2008-0053", "CVE-2008-1373"], "description": "cups\n[1.1.22-0.rc1.9.20.2:.6]\n- Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117).\n- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).\n- Applied patch to fix CVE-2008-1374 (64-bit PDF crash, bug #438336).", "edition": 4, "modified": "2008-04-01T00:00:00", "published": "2008-04-01T00:00:00", "id": "ELSA-2008-0206", "href": "http://linux.oracle.com/errata/ELSA-2008-0206.html", "title": "cups security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:08", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0047", "CVE-2008-0053", "CVE-2008-1373"], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nA heap buffer overflow flaw was found in a CUPS administration interface\r\nCGI script. A local attacker able to connect to the IPP port (TCP port 631)\r\ncould send a malicious request causing the script to crash or, potentially,\r\nexecute arbitrary code as the \"lp\" user. Please note: the default CUPS\r\nconfiguration in Red Hat Enterprise Linux 5 does not allow remote\r\nconnections to the IPP TCP port. (CVE-2008-0047)\r\n\r\nRed Hat would like to thank \"regenrecht\" for reporting this issue.\r\n\r\nThis issue did not affect the versions of CUPS as shipped with Red Hat\r\nEnterprise Linux 3 or 4.\r\n\r\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\r\nattacker could create a malicious HP-GL/2 file that could possibly execute\r\narbitrary code as the \"lp\" user if the file is printed. (CVE-2008-0053)\r\n\r\nA buffer overflow flaw was discovered in the GIF decoding routines used by\r\nCUPS image converting filters \"imagetops\" and \"imagetoraster\". An attacker\r\ncould create a malicious GIF file that could possibly execute arbitrary\r\ncode as the \"lp\" user if the file was printed. (CVE-2008-1373)\r\n\r\nAll cups users are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T11:54:46", "published": "2008-04-01T04:00:00", "id": "RHSA-2008:0192", "href": "https://access.redhat.com/errata/RHSA-2008:0192", "type": "redhat", "title": "(RHSA-2008:0192) Moderate: cups security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0888", "CVE-2008-0053", "CVE-2008-1373", "CVE-2008-1374"], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nTwo overflows were discovered in the HP-GL/2-to-PostScript filter. An\r\nattacker could create a malicious HP-GL/2 file that could possibly execute\r\narbitrary code as the \"lp\" user if the file is printed. (CVE-2008-0053)\r\n\r\nA buffer overflow flaw was discovered in the GIF decoding routines used by\r\nCUPS image converting filters \"imagetops\" and \"imagetoraster\". An attacker\r\ncould create a malicious GIF file that could possibly execute arbitrary\r\ncode as the \"lp\" user if the file was printed. (CVE-2008-1373)\r\n\r\nIt was discovered that the patch used to address CVE-2004-0888 in CUPS\r\npackages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the\r\ninteger overflow in the \"pdftops\" filter on 64-bit platforms. An attacker\r\ncould create a malicious PDF file that could possibly execute arbitrary\r\ncode as the \"lp\" user if the file was printed. (CVE-2008-1374)\r\n\r\nAll cups users are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T11:49:12", "published": "2008-04-01T04:00:00", "id": "RHSA-2008:0206", "href": "https://access.redhat.com/errata/RHSA-2008:0206", "type": "redhat", "title": "(RHSA-2008:0206) Moderate: cups security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:28:39", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373", "CVE-2008-0047"], "description": "It was discovered that the CUPS administration interface contained a heap- \nbased overflow flaw. A local attacker, and a remote attacker if printer \nsharing is enabled, could send a malicious request and possibly execute \narbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. \nIn Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. \n(CVE-2008-0047)\n\nIt was discovered that the hpgl filter in CUPS did not properly validate \nits input when parsing parameters. If a crafted HP-GL/2 file were printed, \nan attacker could possibly execute arbitrary code as the non-root user \nin Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be \nisolated by the AppArmor CUPS profile. (CVE-2008-0053)\n\nIt was discovered that CUPS had a flaw in its managing of remote shared \nprinters via IPP. A remote attacker could send a crafted UDP packet and \ncause a denial of service or possibly execute arbitrary code as the \nnon-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, \nattackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0882)\n\nIt was discovered that CUPS did not properly perform bounds checking in \nits GIF decoding routines. If a crafted GIF file were printed, an attacker \ncould possibly execute arbitrary code as the non-root user in Ubuntu 6.06 \nLTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the \nAppArmor CUPS profile. (CVE-2008-1373)", "edition": 5, "modified": "2008-04-02T00:00:00", "published": "2008-04-02T00:00:00", "id": "USN-598-1", "href": "https://ubuntu.com/security/notices/USN-598-1", "title": "CUPS vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373", "CVE-2008-0047"], "description": "### Background\n\nCUPS provides a portable printing layer for UNIX-based operating systems. \n\n### Description\n\nMultiple vulnerabilities have been reported in CUPS: \n\n * regenrecht (VeriSign iDefense) discovered that the cgiCompileSearch() function used in several CGI scripts in CUPS' administration interface does not correctly calculate boundaries when processing a user-provided regular expression, leading to a heap-based buffer overflow (CVE-2008-0047).\n * Helge Blischke reported a double free() vulnerability in the process_browse_data() function when adding or removing remote shared printers (CVE-2008-0882).\n * Tomas Hoger (Red Hat) reported that the gif_read_lzw() function uses the code_size value from GIF images without properly checking it, leading to a buffer overflow (CVE-2008-1373).\n * An unspecified input validation error was discovered in the HP-GL/2 filter (CVE-2008-0053).\n\n### Impact\n\nA local attacker could send specially crafted network packets or print jobs and possibly execute arbitrary code with the privileges of the user running CUPS (usually lp), or cause a Denial of Service. The vulnerabilities are exploitable via the network when CUPS is sharing printers remotely. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll CUPS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.2.12-r7\"", "edition": 1, "modified": "2008-04-01T00:00:00", "published": "2008-04-01T00:00:00", "id": "GLSA-200804-01", "href": "https://security.gentoo.org/glsa/200804-01", "type": "gentoo", "title": "CUPS: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "cvelist": ["CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373", "CVE-2008-0047"], "description": "=========================================================== \r\nUbuntu Security Notice USN-598-1 April 02, 2008\r\ncupsys vulnerabilities\r\nCVE-2008-0047, CVE-2008-0053, CVE-2008-0882, CVE-2008-1373\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 6.10\r\nUbuntu 7.04\r\nUbuntu 7.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n cupsys 1.2.2-0ubuntu0.6.06.8\r\n\r\nUbuntu 6.10:\r\n cupsys 1.2.4-2ubuntu3.3\r\n\r\nUbuntu 7.04:\r\n cupsys 1.2.8-0ubuntu8.3\r\n\r\nUbuntu 7.10:\r\n cupsys 1.3.2-1ubuntu7.6\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that the CUPS administration interface contained a heap-\r\nbased overflow flaw. A local attacker, and a remote attacker if printer\r\nsharing is enabled, could send a malicious request and possibly execute\r\narbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04.\r\nIn Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.\r\n&#40;CVE-2008-0047&#41;\r\n\r\nIt was discovered that the hpgl filter in CUPS did not properly validate\r\nits input when parsing parameters. If a crafted HP-GL/2 file were printed,\r\nan attacker could possibly execute arbitrary code as the non-root user\r\nin Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be\r\nisolated by the AppArmor CUPS profile. &#40;CVE-2008-0053&#41;\r\n\r\nIt was discovered that CUPS had a flaw in its managing of remote shared\r\nprinters via IPP. A remote attacker could send a crafted UDP packet and\r\ncause a denial of service or possibly execute arbitrary code as the\r\nnon-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10,\r\nattackers would be isolated by the AppArmor CUPS profile. &#40;CVE-2008-0882&#41;\r\n\r\nIt was discovered that CUPS did not properly perform bounds checking in\r\nits GIF decoding routines. If a crafted GIF file were printed, an attacker\r\ncould possibly execute arbitrary code as the non-root user in Ubuntu 6.06\r\nLTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the\r\nAppArmor CUPS profile. &#40;CVE-2008-1373&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8.diff.gz\r\n Size/MD5: 97650 b7ac4b760066920314d4596541cf716e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8.dsc\r\n Size/MD5: 1049 26e617c4b5c0848d56f872895e279a86\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz\r\n Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.8_all.deb\r\n Size/MD5: 998 c7d4013c3b9e3655e2fd2e9719d4d2af\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_amd64.deb\r\n Size/MD5: 36218 9eff8fd692afe5ae17ca80f269a0ca6b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_amd64.deb\r\n Size/MD5: 81906 ac05150f42e5671c5cdc73ba8f85cb5b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_amd64.deb\r\n Size/MD5: 2286026 acd4a48c676556fc7260bbd86db0416b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_amd64.deb\r\n Size/MD5: 6096 3df7829bfb8766de94a4ef2ff0be824f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_amd64.deb\r\n Size/MD5: 76654 0d67c8599d4e2accf4f7ee31b498fdc7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_amd64.deb\r\n Size/MD5: 25758 14617ef9d38146ceaf89b4e9775e2fb4\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_amd64.deb\r\n Size/MD5: 129498 5cd8c821b31dddde0c200a61570d48b6\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_i386.deb\r\n Size/MD5: 34766 88ac5bced1d508f9695b4b4f4ae0f82a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_i386.deb\r\n Size/MD5: 77988 84db3f3ad17936d5015a26353c55bc6a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_i386.deb\r\n Size/MD5: 2253492 2cc1ec94caf6344a555ece9f69b51fe2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_i386.deb\r\n Size/MD5: 6088 00226da0a854f64bd5b18ace219de031\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_i386.deb\r\n Size/MD5: 75744 73038a225d7301b4b5f8085219c97c81\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_i386.deb\r\n Size/MD5: 25740 52699a4b9dea621f4332db5856f8b574\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_i386.deb\r\n Size/MD5: 121718 2e904399c40c9f83e451bb2e964820c1\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_powerpc.deb\r\n Size/MD5: 40464 7e6bd3ec6312eef104737ffed5e19c3c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_powerpc.deb\r\n Size/MD5: 89542 8b9353d17d9402495f2404a9ab837b92\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_powerpc.deb\r\n Size/MD5: 2300680 65597d07917b8753a0af6f6aae1276db\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_powerpc.deb\r\n Size/MD5: 6096 d6cb4780e6f4545bc8566cce92fb8346\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_powerpc.deb\r\n Size/MD5: 78442 c75b4f47491227c2504649902a040855\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_powerpc.deb\r\n Size/MD5: 25742 372a1c972e97e1722a844430780ae6c5\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_powerpc.deb\r\n Size/MD5: 127478 afad79a272bbe434675f24d7a3ca91ef\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_sparc.deb\r\n Size/MD5: 35396 b44ad7e913ff064d2a3fb73121771686\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_sparc.deb\r\n Size/MD5: 78724 a8bff0942be4b14ece6dde8fd38b6f5a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_sparc.deb\r\n Size/MD5: 2287122 2415f6a5410a63b98ba32ecdf8fbcfb7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_sparc.deb\r\n Size/MD5: 6094 384dc8a7b9c8dfbefa42d7b5fbb836c7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_sparc.deb\r\n Size/MD5: 75678 6258f4d4c1b55d90b34cee1caa12dc35\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_sparc.deb\r\n Size/MD5: 25740 ca7f1a4412f42d739d51c1ddbc09045a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_sparc.deb\r\n Size/MD5: 123214 801292f8a2652b579a82b7a7c52e9ffd\r\n\r\nUpdated packages for Ubuntu 6.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3.diff.gz\r\n Size/MD5: 111410 fb84af4bcf007f2f7299394e0be32412\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3.dsc\r\n Size/MD5: 1059 430be555857b7aa5cc01431466487aaf\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4.orig.tar.gz\r\n Size/MD5: 4091480 46722ad2dc78b12b5c05db2d080fe784\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.4-2ubuntu3.3_all.deb\r\n Size/MD5: 870052 97e82b21269a8bb5e7ac995cc4cb665d\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_amd64.deb\r\n Size/MD5: 36706 eb308fea40f4b7d159304b4b875b2329\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_amd64.deb\r\n Size/MD5: 82506 3b04032674acc75d3184f537af144d3a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_amd64.deb\r\n Size/MD5: 1480680 18b1537c8238b225e6ba2bb51570b942\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_amd64.deb\r\n Size/MD5: 6122 b324305be458b5207d242efc230d06c1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_amd64.deb\r\n Size/MD5: 95522 fce843ba1e5c51ec7a8161f0a0828acc\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_amd64.deb\r\n Size/MD5: 26138 041e52bad239d993b22d65873705a751\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_amd64.deb\r\n Size/MD5: 172282 cf3fd3c84c83b36aa453ca2e071ab74c\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_i386.deb\r\n Size/MD5: 36260 c2daeb19fee1ebfe794be09ebefef1c7\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_i386.deb\r\n Size/MD5: 80108 c599f739a103867967a78f91569db74e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_i386.deb\r\n Size/MD5: 1463912 d22879a24e9f1ff1d12e7845ad596cc2\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_i386.deb\r\n Size/MD5: 6124 01628551a9fc66423789f02853d0d9ba\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_i386.deb\r\n Size/MD5: 95352 b6084c36087da3aa1a3c8d44f9a9d0a7\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_i386.deb\r\n Size/MD5: 26142 838499ddbf886c5514ef11c6e4bdeda9\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_i386.deb\r\n Size/MD5: 169404 8262471b1cdb9991fbde554a31c74508\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_powerpc.deb\r\n Size/MD5: 41802 b703ca8629e5df46fc1f1d45acd20581\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_powerpc.deb\r\n Size/MD5: 91148 caca2486db7794b133539af9b939a607\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_powerpc.deb\r\n Size/MD5: 1498496 0662d077dfae2d1b6b00db7a0966366b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_powerpc.deb\r\n Size/MD5: 6128 792c5ee645b0f7a7e1d63d9206348c52\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_powerpc.deb\r\n Size/MD5: 97682 b37660eb88a487e5f7c49b9ed6f1c937\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_powerpc.deb\r\n Size/MD5: 26144 b834556e6374093f5652754dd8c0ff6a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_powerpc.deb\r\n Size/MD5: 172694 3174ff36eaa0bc4ac7f4df02299413ca\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_sparc.deb\r\n Size/MD5: 36292 2cd1ea5a42eff193ca8a4c2ec53aefa1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_sparc.deb\r\n Size/MD5: 80238 10b95fff38cb0436cf30a30e683cc27d\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_sparc.deb\r\n Size/MD5: 1489214 119f077088e3b2009c896fd395448717\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_sparc.deb\r\n Size/MD5: 6128 204a14898a9508a980e71d33792cfb59\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_sparc.deb\r\n Size/MD5: 94574 a87580c3fd22da592dd5496190afb871\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_sparc.deb\r\n Size/MD5: 26142 e7b959209cad884220bb1cacb2cd0555\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_sparc.deb\r\n Size/MD5: 168700 1f717ec06409999b5a40bb89dcedb5b0\r\n\r\nUpdated packages for Ubuntu 7.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3.diff.gz\r\n Size/MD5: 156263 0147ec4c77b27e20df2a3ad514c2dd8e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3.dsc\r\n Size/MD5: 1143 7fb2ad1b1c8e57b09805fc9d6c1e027d\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz\r\n Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.3_all.deb\r\n Size/MD5: 926414 97df229c931f7eb05af5a5cb623635ae\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_amd64.deb\r\n Size/MD5: 37412 20fb406aae21e63dc8c9723e178505af\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_amd64.deb\r\n Size/MD5: 83238 9aa9eb876585e32757c83783d79b0a02\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_amd64.deb\r\n Size/MD5: 1638304 7673386b3a9d63c09bd3647cf5dad877\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_amd64.deb\r\n Size/MD5: 56378 32e2acb4fe5ef7aab8b8896a8d40166c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_amd64.deb\r\n Size/MD5: 104324 649109ddb522145730c67b93a870eefe\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_amd64.deb\r\n Size/MD5: 144860 c0fb60ebae640e565607f0cdfd7094b7\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_amd64.deb\r\n Size/MD5: 182344 204887dda2791a61417415c4466a51d7\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_i386.deb\r\n Size/MD5: 36722 22030307f71a44ca7b30921aef0bf46a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_i386.deb\r\n Size/MD5: 80738 c92706978d65b9a409d93e704c5662b4\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_i386.deb\r\n Size/MD5: 1620944 bc9a1e338567e27aee10cded16abbcc2\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_i386.deb\r\n Size/MD5: 55472 15cd34697cca79ee83498691da531d37\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_i386.deb\r\n Size/MD5: 104028 3d13c92bf5f0c9a26f3a8ba534dc6dec\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_i386.deb\r\n Size/MD5: 139332 c33597e3bbce0d41df0efe84c2b59377\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_i386.deb\r\n Size/MD5: 178604 a93713bb9b422a0460d42dc35eb7f8b3\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_powerpc.deb\r\n Size/MD5: 46768 682b1e104c73d8820a5b39ba79de7883\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_powerpc.deb\r\n Size/MD5: 101104 78dcf70528f5682b2499efa0b03f6a42\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_powerpc.deb\r\n Size/MD5: 1695542 06c8b6b43afa525b07718d410eed6438\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_powerpc.deb\r\n Size/MD5: 56226 27ce8328e4cfc184ef64fdfe5bcf1b45\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_powerpc.deb\r\n Size/MD5: 109886 607c9d1bdc4eaf3627031f98f59948be\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_powerpc.deb\r\n Size/MD5: 141172 501aee8031dd71ce2166e79bfca04129\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_powerpc.deb\r\n Size/MD5: 188236 ccbcdb277477728c10dac36435924085\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_sparc.deb\r\n Size/MD5: 37788 7da1fb58e7d4b6bfd71ed47b1ba5d201\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_sparc.deb\r\n Size/MD5: 83750 69a59033ea6458f3f82046aee46ba4bb\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_sparc.deb\r\n Size/MD5: 1658908 b35167112445c8bc3c1281604412f534\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_sparc.deb\r\n Size/MD5: 54756 b877de97919e00870c84850b1e074555\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_sparc.deb\r\n Size/MD5: 103574 204efb55b2d46f00cd4f8ddc429d805f\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_sparc.deb\r\n Size/MD5: 141742 5e411c3199e1a1296dbd7cd7c6958e1a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_sparc.deb\r\n Size/MD5: 177884 4e1b218fd113193e4cf149aea90ec6c7\r\n\r\nUpdated packages for Ubuntu 7.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6.diff.gz\r\n Size/MD5: 125298 81ae6b42c7dd12a1797a63d19c644a8c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6.dsc\r\n Size/MD5: 1218 c56faedc440fc2b16f9a1f396a607d1e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz\r\n Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.6_all.deb\r\n Size/MD5: 1080444 5d01f105292a526744e5622a14a9aed4\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_amd64.deb\r\n Size/MD5: 37204 c3425972caa02e7a25321f49d47c6f9b\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_amd64.deb\r\n Size/MD5: 89504 5411f2454e0d2a0323e9951cb15a534d\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_amd64.deb\r\n Size/MD5: 2034570 c8d6548bd1ba7cb841b196e762da492c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_amd64.deb\r\n Size/MD5: 59890 150d59889adc8fd0cb185989876a355d\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_amd64.deb\r\n Size/MD5: 46780 e15952781e93e862194d453320605bbc\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_amd64.deb\r\n Size/MD5: 152020 32c671873dfad4e39104da5c3a6e935e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_amd64.deb\r\n Size/MD5: 186028 1a1404a7d67078e31c8819bf3d8d4dae\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_i386.deb\r\n Size/MD5: 36476 a982fce3918a91c74e92fb515f1c6d65\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_i386.deb\r\n Size/MD5: 86484 0e4d80917e070f7b2f109de81f96bc4d\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_i386.deb\r\n Size/MD5: 2018116 cff3abb1b69d797d616e73c93885de3a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_i386.deb\r\n Size/MD5: 58634 6d2590c49af04215519a87e857463652\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_i386.deb\r\n Size/MD5: 46140 0ebe76bdf799336e0b2d01d0a0eca72c\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_i386.deb\r\n Size/MD5: 145694 6766e6515de26b782e211840f330b93e\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_i386.deb\r\n Size/MD5: 182802 c62bc1107e748c200e6969a239ae8b9b\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_powerpc.deb\r\n Size/MD5: 46498 044a54c557dd4006bb40a13dd2c2b156\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_powerpc.deb\r\n Size/MD5: 107752 76e4020feb1778e713389fc6bdb86ea9\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_powerpc.deb\r\n Size/MD5: 2099222 73d517a40d877a238856a232e6be64c9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_powerpc.deb\r\n Size/MD5: 59342 8530840cf85bf44c8803fd064b61e1f7\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_powerpc.deb\r\n Size/MD5: 51716 9d30c790a4b94ac07670d7e15c2e41ab\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_powerpc.deb\r\n Size/MD5: 146948 f73327e30e2778bdcf4543c04855e6a1\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_powerpc.deb\r\n Size/MD5: 191752 46d534c4c477657ab03419d18f91728f\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_sparc.deb\r\n Size/MD5: 37564 1771f3f6f2ceb1864696801f7f420e93\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_sparc.deb\r\n Size/MD5: 89606 69149447dbd4e3b36185bd977202f837\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_sparc.deb\r\n Size/MD5: 2060610 ed932d7ee05e745bc0af647d361e7d99\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_sparc.deb\r\n Size/MD5: 57900 7369866ac9adb6abd966e2d1e2f95b42\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_sparc.deb\r\n Size/MD5: 45440 60eda5d4cc12eb2c35817d6c0d4ef43a\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_sparc.deb\r\n Size/MD5: 148476 8e1d119a91b8c6d8d15032b27a498235\r\n http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_sparc.deb\r\n Size/MD5: 181842 8283739361474f00d65f9bf52d7c0e3d\r\n\r\n", "edition": 1, "modified": "2008-04-03T00:00:00", "published": "2008-04-03T00:00:00", "id": "SECURITYVULNS:DOC:19556", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19556", "title": "[USN-598-1] CUPS vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "cvelist": ["CVE-2008-0047"], "description": "iDefense Security Advisory 03.18.08\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMar 18, 2008\r\n\r\nI. BACKGROUND\r\n\r\nThe Common UNIX Printing System, more commonly referred to as CUPS,\r\nprovides a standard printer interface for various Unix based operating\r\nsystems. For more information, visit the vendor&#39;s website at the\r\nfollowing URL.\r\n\r\nhttp://www.cups.org/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap based buffer overflow vulnerability in\r\nCUPS, as included in various vendors&#39; operating system distributions,\r\ncould allow an attacker to execute arbitrary code with the privileges\r\nof the affected service.\r\n\r\nCUPS listens on TCP port 631 for requests. This interface provides\r\naccess to several CGI applications used to administer CUPS and provide\r\ninformation about print jobs. By passing a specially crafted request,\r\nan attacker can trigger a heap based buffer overflow.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the affected service. Depending on the\r\nunderlying operating system and distribution, CUPS may run as the lp,\r\ndaemon, or a different user.\r\n\r\nIn order to exploit this vulnerability remotely, the targeted host must\r\nbe sharing a printer&#40;s&#41; on the network. If a printer is not being\r\nshared, where CUPS only listens on the local interface, this\r\nvulnerability could only be used to elevate privileges locally.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in CUPS\r\nversion 1.3.5. Previous versions may also be affected.\r\n\r\nV. WORKAROUND\r\n\r\nDisabling printer sharing will prevent this vulnerability from being\r\nexploited remotely. However, local users will still be able to obtain\r\nthe privileges of the CUPS service user.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nApple Inc. has addressed this vulnerability within Security Update\r\n2008-002. For more information, visit the following URL.\r\n\r\nhttp://docs.info.apple.com/article.html?artnum=307562\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CVE-2008-0047 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org/&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n02/26/2008 Initial vendor notification\r\n02/26/2008 Initial vendor response\r\n03/18/2008 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by regenrecht.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2008 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "modified": "2008-03-19T00:00:00", "published": "2008-03-19T00:00:00", "id": "SECURITYVULNS:DOC:19448", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19448", "title": "iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-0047"], "description": "Heap buffer overflow on TCP/631 request parsing.", "edition": 1, "modified": "2008-03-19T00:00:00", "published": "2008-03-19T00:00:00", "id": "SECURITYVULNS:VULN:8803", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8803", "title": "CUPS print system buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-1373"], "description": "Buffer overflow on GIF files parsing.", "edition": 1, "modified": "2008-04-03T00:00:00", "published": "2008-04-03T00:00:00", "id": "SECURITYVULNS:VULN:8859", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8859", "title": "CUPS code execution with GIF files", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-0597", "CVE-2007-5848", "CVE-2008-0596", "CVE-2008-0886", "CVE-2008-0882", "CVE-2008-0047"], "description": "Code execution on URI handling, multiple DoS conditions.", "edition": 1, "modified": "2008-02-27T00:00:00", "published": "2008-02-27T00:00:00", "id": "SECURITYVULNS:VULN:8724", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8724", "title": "Cups multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:13", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0047", "CVE-2008-1373"], "description": "New cups packages are available for Slackware 12.0, and -current to fix\nsecurity issues. The change from CUPS 1.2.x to CUPS 1.3.x was tested here,\nbut if you're on a completely secured internal network these issues may be\nless of a risk than upgrading. If your IPP port is open to the internet,\nyou'd be advised to upgrade as soon as possible (or firewall the port at\nthe gateway if you're not in need of printer jobs coming in from the\ninternet).\n\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373\n\n\nHere are the details from the Slackware 12.0 ChangeLog:\n\na/cups-1.3.7-i486-1_slack12.0.tgz: Upgraded to cups-1.3.7.\n This version of CUPS fixes some buffer overflows in the GIF image filter\n and in cgiCompileSearch. Those running CUPS servers should upgrade.\n For more information on these security issues, please see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/cups-1.3.7-i486-1_slack12.0.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/cups-1.3.7-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\ncdc732009d2a9a24cd1d06a8be7a7c12 cups-1.3.7-i486-1_slack12.0.tgz\n\nSlackware -current package:\n54e150789acbeccc11903d14579f9590 cups-1.3.7-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg cups-1.3.7-i486-1_slack12.0.tgz", "modified": "2008-04-03T07:53:48", "published": "2008-04-03T07:53:48", "id": "SSA-2008-094-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384842", "type": "slackware", "title": "[slackware-security] cups", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:22:38", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0053", "CVE-2008-1373"], "description": "Two security issues were fixed in the CUPS printing system, which could be used by an attacker to crash CUPS or to potentially execute malicious code.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2008-04-04T16:22:43", "published": "2008-04-04T16:22:43", "id": "SUSE-SA:2008:020", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html", "type": "suse", "title": "remote code execution in cups", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:15:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0047"], "description": "A heap-overflow in the cgiCompileSearch() function of cups could be exploited by remote attackers to execute arbitrary code. The vulnerable function is used by the web-interface which is only available remotely if the print server shares printers over the network.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2008-03-19T10:07:43", "published": "2008-03-19T10:07:43", "id": "SUSE-SA:2008:015", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html", "title": "remote code execution in cups", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:22:00", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0053", "CVE-2008-1722", "CVE-2008-1373"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1625-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nAugust 01, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : cupsys\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-0053 CVE-2008-1373 CVE-2008-1722\nDebian Bug : 476305\n\nSeveral remote vulnerabilities have been discovered in the Common Unix\nPrinting System (CUPS). The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2008-0053\n\n Buffer overflows in the HP-GL input filter allowed to possibly run\n arbitrary code through crafted HP-GL files.\n\nCVE-2008-1373\n\n Buffer overflow in the GIF filter allowed to possibly run arbitrary\n code through crafted GIF files.\n\nCVE-2008-1722\n\n Integer overflows in the PNG filter allowed to possibly run arbitrary\n code through crafted PNG files.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch4 of package cupsys.\n\nFor the testing (lenny) and unstable distribution (sid), these problems\nhave been fixed in version 1.3.7-2 of package cups.\n\nWe recommend that you upgrade your cupsys package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz\n Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.diff.gz\n Size/MD5 checksum: 107641 b1ae0953050580975ef0c6ff495e912d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.dsc\n Size/MD5 checksum: 1376 4f8938f4dac4a9732efd621f4aabb63a\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch4_all.deb\n Size/MD5 checksum: 45758 fbb5c3eaf74a1207d887e12bb75f6182\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch4_all.deb\n Size/MD5 checksum: 924012 43e775475535e31f2f6963947c03525d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_amd64.deb\n Size/MD5 checksum: 1087542 cb6a29323e4cd1069b669c89963a1fac\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_amd64.deb\n Size/MD5 checksum: 53024 090d638da135798424a129257b51b157\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_amd64.deb\n Size/MD5 checksum: 142544 0d446b8acb588ec2b1c8c22067aa2364\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_amd64.deb\n Size/MD5 checksum: 1574904 cdd7afb0953a56cf8d213778cbe1773e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_amd64.deb\n Size/MD5 checksum: 80706 687de2f8bf779ca898863fb94a07a12b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_amd64.deb\n Size/MD5 checksum: 85968 8d69f2ac63f2d4fbd923c2caa33c604d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_amd64.deb\n Size/MD5 checksum: 36352 02c24a715c2f06dd8bc62a851591948e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_amd64.deb\n Size/MD5 checksum: 162230 0e2325c67bf23841038be68557ba8758\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_arm.deb\n Size/MD5 checksum: 48718 28a8ac4acad82bd582358e38c0c23013\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_arm.deb\n Size/MD5 checksum: 78910 6566d320a557b02cf94f379b84f0dba9\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_arm.deb\n Size/MD5 checksum: 35936 6ae06d35d6c40084adfd8bfd65866174\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_arm.deb\n Size/MD5 checksum: 1025732 5c3e851e94f3a41216d7a7149839c8d4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_arm.deb\n Size/MD5 checksum: 132040 3eb0b900c59ea118d768b1459898ea90\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_arm.deb\n Size/MD5 checksum: 154878 02d749b77969111a813a4cba408bd74d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_arm.deb\n Size/MD5 checksum: 1568968 5c60803b01b551503017f750bea5526e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_arm.deb\n Size/MD5 checksum: 85168 5b2a0162f00efdcc8cd1d93e0bc7486b\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_hppa.deb\n Size/MD5 checksum: 172120 3b9de8875c9be02866143463b0c919f0\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_hppa.deb\n Size/MD5 checksum: 91152 ab272c582600f995706b46709c510f32\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_hppa.deb\n Size/MD5 checksum: 1022644 b587ee12458f80bd76a1d7b84869b741\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_hppa.deb\n Size/MD5 checksum: 57192 4e117dab53e958404f958b99b08da4c1\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_hppa.deb\n Size/MD5 checksum: 154086 2a27882b763ce10df0fd172cfa8d22bb\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_hppa.deb\n Size/MD5 checksum: 86898 aebbadb4ddb70dde9a524fd56b7bfb46\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_hppa.deb\n Size/MD5 checksum: 1624440 67216c81ae5f4d2f1d8b571f7099492e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_hppa.deb\n Size/MD5 checksum: 39270 1bbd6351cb6cd5f686faaddbeb731c4f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_i386.deb\n Size/MD5 checksum: 86844 5dd05c3c3f08b1e2a60405bcaef83146\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_i386.deb\n Size/MD5 checksum: 79334 2002dc686f12bb5250d9fafb9b63a268\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_i386.deb\n Size/MD5 checksum: 53272 1723eb6d5f00ce02702b52b60610c586\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_i386.deb\n Size/MD5 checksum: 36230 cda0348c0c9b6dbd145e3c02e0c44fd2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_i386.deb\n Size/MD5 checksum: 1004104 10a43e1b53f782d065362e92ff0998f9\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_i386.deb\n Size/MD5 checksum: 137972 203602cf657f98ee38a372c3922b7ae1\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_i386.deb\n Size/MD5 checksum: 160382 2fa7444168c9f43a22eb776bd9638827\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_i386.deb\n Size/MD5 checksum: 1559230 dfca65e3edd6f0fb4bdc18973efef89a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_ia64.deb\n Size/MD5 checksum: 203930 b457e7ae7fb11f876225150e559a4272\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_ia64.deb\n Size/MD5 checksum: 46330 922f2bd1d98fcbb40badcebd7c0cc07c\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_ia64.deb\n Size/MD5 checksum: 106642 b61d48e93e413245d3fd5ebe47c31243\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_ia64.deb\n Size/MD5 checksum: 1107892 65945b9397a13a31fb8646cb71ef7794\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_ia64.deb\n Size/MD5 checksum: 192372 eea62b30397305acdf6f98a6df50cf8e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_ia64.deb\n Size/MD5 checksum: 1770682 398872427b493f8206c38a3504fc1904\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_ia64.deb\n Size/MD5 checksum: 74158 e1f00e7e8be7549ac2b58adaeba0f5b2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_ia64.deb\n Size/MD5 checksum: 106226 fb838547edf473df7efaa8fe41cf42f1\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_mips.deb\n Size/MD5 checksum: 86546 02bd3a3bb274f21179f65edfb28c1f7e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_mips.deb\n Size/MD5 checksum: 76158 53a90a54e6cf7418b81e0b40db39566b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_mips.deb\n Size/MD5 checksum: 36116 8d78c13d605160ee0caa835961667913\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_mips.deb\n Size/MD5 checksum: 150982 b48a8bcf9dbff3e842f83f4ca05e0421\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_mips.deb\n Size/MD5 checksum: 1097820 db2ff50e5555b022b54252f07b442992\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_mips.deb\n Size/MD5 checksum: 157742 94a7c2d49b7234c0a54291446c5ba06d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_mips.deb\n Size/MD5 checksum: 1567460 dffd05c006a78e53bc8c03dc8beaa4ea\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_mips.deb\n Size/MD5 checksum: 57688 cbce6e984252bef94c0bd7ace9afdcdf\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_mipsel.deb\n Size/MD5 checksum: 86688 7c91af84b2fab2419fa4939bb8080097\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_mipsel.deb\n Size/MD5 checksum: 1552918 7d7af09023892fdd9e862ddcbb590fb3\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_mipsel.deb\n Size/MD5 checksum: 150896 ba6b2f7c16957759b63e20d66d5964f2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_mipsel.deb\n Size/MD5 checksum: 36064 702ec7fbc7b2716e10a97f7b7c11e75a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_mipsel.deb\n Size/MD5 checksum: 158270 0354f63d7126c3775cc74a95426052d4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_mipsel.deb\n Size/MD5 checksum: 57846 2ee768d4dc5f9c8cbd046a801f154ef8\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_mipsel.deb\n Size/MD5 checksum: 1084676 bb31572c9939fe22762ceef59550b25e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_mipsel.deb\n Size/MD5 checksum: 77456 5884939dabb325cda97351bafdb62cfe\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_powerpc.deb\n Size/MD5 checksum: 162918 05df3db670b3f2a4dbb9d8a2d666eaca\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_powerpc.deb\n Size/MD5 checksum: 88204 4546a01b202669d3ffa97dca5b93bf03\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_powerpc.deb\n Size/MD5 checksum: 1576028 67c38bd81585274c0844efeedca40153\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_powerpc.deb\n Size/MD5 checksum: 51894 321b1c0c9d59643294a87b00f81f7895\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_powerpc.deb\n Size/MD5 checksum: 41310 45f55f0797900433a145028d63f6a6ef\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_powerpc.deb\n Size/MD5 checksum: 90004 61698739b3b436e6d1651dc388a89575\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_powerpc.deb\n Size/MD5 checksum: 1142660 10680b3b7efdeb10e9d834e869944206\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_powerpc.deb\n Size/MD5 checksum: 136880 e5c2d81190a9233eb291b519c3b83de6\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_s390.deb\n Size/MD5 checksum: 166424 a2a07e7c586a10000b519c6f6c2ec4e2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_s390.deb\n Size/MD5 checksum: 1586828 1e581be3892b978e7284de896c3121de\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_s390.deb\n Size/MD5 checksum: 87588 b3d0d3e7dbb84414f606b4670c6e2692\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_s390.deb\n Size/MD5 checksum: 1036620 bd1b35bd24260dfb340e0a3173a811a2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_s390.deb\n Size/MD5 checksum: 37430 622787f6d8b910f3657f98e0f5bf97bc\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_s390.deb\n Size/MD5 checksum: 82342 40a55f0afa5b2fa03285fd4d4cd8666c\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_s390.deb\n Size/MD5 checksum: 52468 470a81c78c7ececae0569e75bfab9ca7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_s390.deb\n Size/MD5 checksum: 144932 9ab43b87566469af9e4a79c9c1fae493\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_sparc.deb\n Size/MD5 checksum: 139570 5f5faa6504275ed43f4a55787519fdfe\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_sparc.deb\n Size/MD5 checksum: 78516 7066d103f739cd570fd141aa4fa780f6\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_sparc.deb\n Size/MD5 checksum: 36032 c4e4289091dc19e5fbf7a6937ffb36f7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_sparc.deb\n Size/MD5 checksum: 158816 f33bda24ec7774227b3bdb3dddcf1c46\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_sparc.deb\n Size/MD5 checksum: 51754 47ce5271662e6b980e34badfc9689009\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_sparc.deb\n Size/MD5 checksum: 84956 96aa28ac50548723754274f30db15379\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_sparc.deb\n Size/MD5 checksum: 991408 13a41c49f94085ca6a7f74a030506d3c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_sparc.deb\n Size/MD5 checksum: 1562092 2bfd90bca7dbac40df73303f8e1e4b6f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 9, "modified": "2008-08-01T07:52:16", "published": "2008-08-01T07:52:16", "id": "DEBIAN:DSA-1625-1:FED12", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00210.html", "title": "[SECURITY] [DSA 1625-1] New cupsys packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:15:53", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0882", "CVE-2008-0047"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1530-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nMarch 25, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : cupsys\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-0047 CVE-2008-0882\nDebian Bug : 472105 467653\n\nSeveral local/remote vulnerabilities have been discovered in cupsys, the\nCommon Unix Printing System. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2008-0047\nHeap-based buffer overflow in CUPS, when printer sharing is enabled,\nallows remote attackers to execute arbitrary code via crafted search\nexpressions.\n\nCVE-2008-0882\nDouble free vulnerability in the process_browse_data function in CUPS\n1.3.5 allows remote attackers to cause a denial of service (daemon\ncrash) and possibly execute arbitrary code via crafted packets to the\ncupsd port (631/udp), related to an unspecified manipulation of a\nremote printer.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch3\n\nWe recommend that you upgrade your cupsys packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch \n- - ------------------------------- \n\nStable updates are available for alpha, amd64, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.diff.gz\n Size/MD5 checksum: 104776 b684811e24921a7574798108ac6988d7\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.dsc\n Size/MD5 checksum: 1084 0276f8e59e00181d39d204a28494d18c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz\n Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch3_all.deb\n Size/MD5 checksum: 927322 65b1ff3cb7b8bbbe3b334ee43875aac4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch3_all.deb\n Size/MD5 checksum: 45654 0b4ce3e9c2af460c5b694b906f450b12\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_alpha.deb\n Size/MD5 checksum: 1097006 45800a6b2c1dd7068843ade84480259d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_alpha.deb\n Size/MD5 checksum: 39262 4f645e439999611b07348ad50e4da57d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_alpha.deb\n Size/MD5 checksum: 174890 9affa7a1f2dc6548fcffb9a456181a3a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_alpha.deb\n Size/MD5 checksum: 86292 23431d4bfae9599caba759d4b0a3a8c0\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_alpha.deb\n Size/MD5 checksum: 94814 6be946280a3c9fadfd070f7284255df0\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_alpha.deb\n Size/MD5 checksum: 1609104 ecdd9f65f8799605a1efeac0d4eae774\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_alpha.deb\n Size/MD5 checksum: 184372 7720c886672d63cdeb501314beacc4b5\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_alpha.deb\n Size/MD5 checksum: 72428 2b4ed65a0a33b7cf32756c2b0cd925de\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_amd64.deb\n Size/MD5 checksum: 52858 badd0d21043714aa2c612b45323890a1\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_amd64.deb\n Size/MD5 checksum: 1574654 cf1c04e898f7380fdd338ecafb69185e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_amd64.deb\n Size/MD5 checksum: 85652 24c3d3e054306785ccc958f1894a2b18\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_amd64.deb\n Size/MD5 checksum: 142534 7ad95206e0e450f8df27c9d858809ddb\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_amd64.deb\n Size/MD5 checksum: 162008 44f8d076b07194023c8ef4348a56e97a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_amd64.deb\n Size/MD5 checksum: 36352 5a4f9dc02fa0f8fb6936859c0fb1bd61\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_amd64.deb\n Size/MD5 checksum: 1086740 d466f2f5d8cb17ae0013dd99db5bcbb0\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_amd64.deb\n Size/MD5 checksum: 80704 d45a4a7461defd4c6b96bbfc292e3183\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_i386.deb\n Size/MD5 checksum: 1565044 7c19a56cb4a782487e104a01f31e0b47\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_i386.deb\n Size/MD5 checksum: 37600 fa90419b34b6733ef32f13797e4606f3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_i386.deb\n Size/MD5 checksum: 79892 7460f7b76d597bcb02bdc0fe5897a32a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_i386.deb\n Size/MD5 checksum: 86674 aebef9f4a309afdff01a7cce17b6f57b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_i386.deb\n Size/MD5 checksum: 997608 e754dc8df237302fac7019754e42352b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_i386.deb\n Size/MD5 checksum: 53418 b45cf2a324d52524244351d213c8be41\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_i386.deb\n Size/MD5 checksum: 137686 b726701fdb3e8948e5111e2e831bf853\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_i386.deb\n Size/MD5 checksum: 160080 c029e686ec624c2fdf156f885d1daf5c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_ia64.deb\n Size/MD5 checksum: 1770478 73e7565983c31c3e651dd55acb38c0c7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_ia64.deb\n Size/MD5 checksum: 203722 9d2b9b9d1c3999a3f4ccf7e5e446bd1a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_ia64.deb\n Size/MD5 checksum: 1107480 d0898394febd60b7bf80e1e4ff335a39\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_ia64.deb\n Size/MD5 checksum: 73934 5156c8db255299aa66053bb4415cde19\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_ia64.deb\n Size/MD5 checksum: 106208 db2ad0519d15ee795758f72b3c093068\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_ia64.deb\n Size/MD5 checksum: 106220 8228fb0ccf8cc888973731f2aa72c8c4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_ia64.deb\n Size/MD5 checksum: 192358 c1ee340a3e893b3f22adb138923167c2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_ia64.deb\n Size/MD5 checksum: 46324 771aaa1b244d01eacdd62e8e963d434f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mips.deb\n Size/MD5 checksum: 86208 03d9d365f1c41e2efc36fc1a19dcb813\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mips.deb\n Size/MD5 checksum: 1096636 65217c4fc57a23e065c9da14dfad6c9d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mips.deb\n Size/MD5 checksum: 1567240 46f2194418cb1d5800c44ae13bcd51ee\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mips.deb\n Size/MD5 checksum: 57520 02e313bad869d4c50a6dde506765633b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mips.deb\n Size/MD5 checksum: 157528 f42c10ade950e4faa4403da4e8d740c4\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mips.deb\n Size/MD5 checksum: 76156 d4778055a8900dcb6eaf2100a8172b63\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mips.deb\n Size/MD5 checksum: 150976 5c00fd263eb81453450af5d5e79fe5b4\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mips.deb\n Size/MD5 checksum: 36114 4ba209d715050a942d0c9025869378fe\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mipsel.deb\n Size/MD5 checksum: 86404 41a26e5e4196385e67dddee0337c0ade\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mipsel.deb\n Size/MD5 checksum: 158050 1b5af4a50dcfe41ec2b35af9a47d40b3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mipsel.deb\n Size/MD5 checksum: 36060 09d1cfdfb2e925b3f846d22cf760ba11\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mipsel.deb\n Size/MD5 checksum: 1552652 67cf88cac0c510bec526c49025d7cbe0\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mipsel.deb\n Size/MD5 checksum: 1084290 082931629866ea5a6aba940997698af7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mipsel.deb\n Size/MD5 checksum: 57694 6e120d7fc4a6643eb208333b30e7c5c9\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mipsel.deb\n Size/MD5 checksum: 77448 f411d88639ee78a68d46ece45e91368f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mipsel.deb\n Size/MD5 checksum: 150900 09be1543e6cd767098a3af2a70791036\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_powerpc.deb\n Size/MD5 checksum: 136866 623ea75ab7f6603f9ddc9276389c90ea\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_powerpc.deb\n Size/MD5 checksum: 162686 5766c22ea9cad4f8e5acbf8dd6ad48f6\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_powerpc.deb\n Size/MD5 checksum: 87910 767921a7b2ed329a3107da1f0dbb7dda\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_powerpc.deb\n Size/MD5 checksum: 41298 875908633ca26db04739a334b03c42c2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_powerpc.deb\n Size/MD5 checksum: 89998 0c81d4c99f07d7b0cdcd91a2a9a6ad28\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_powerpc.deb\n Size/MD5 checksum: 51788 87423f593d57c4c9d0cc80cfafa28f87\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_powerpc.deb\n Size/MD5 checksum: 1142146 6c4479057269b64596d123d5cf859747\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_powerpc.deb\n Size/MD5 checksum: 1575696 eb08aafdd1c60d707b874a31dcab67b4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_s390.deb\n Size/MD5 checksum: 166184 d748308d0a477ad16a42e25671f49dd9\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_s390.deb\n Size/MD5 checksum: 37422 6a3f5390f4ff82bd1c8ef4d64f0fcc46\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_s390.deb\n Size/MD5 checksum: 1036106 08ad799adaeb1ccd9538048e685d69d6\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_s390.deb\n Size/MD5 checksum: 87194 e881e70f5b31b800989f14fd4e97368f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_s390.deb\n Size/MD5 checksum: 52256 ec508d448806c889b0c79aed8d95cc3e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_s390.deb\n Size/MD5 checksum: 82340 c9ab3bc26da68abdde50d365b4224434\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_s390.deb\n Size/MD5 checksum: 144934 61cf1f32851be64340ffb36b266ee0a7\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_s390.deb\n Size/MD5 checksum: 1586624 1921d0bc3b7b03d4ed952ecb4b0b561b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_sparc.deb\n Size/MD5 checksum: 78500 74d7872d04914d26d5a4baa768437603\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_sparc.deb\n Size/MD5 checksum: 51572 93fd782dbbc7148c9f96b18ad7ebe111\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_sparc.deb\n Size/MD5 checksum: 84622 6eb7012156c87266af9802d38f1dd366\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_sparc.deb\n Size/MD5 checksum: 158596 68ca94de2c329c162ae40ac5b79af29b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_sparc.deb\n Size/MD5 checksum: 36018 61ffbfc960bea5c6fda52ffefa8886b7\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_sparc.deb\n Size/MD5 checksum: 991000 3135666aadf8d4f4cd273fbd7d50cfca\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_sparc.deb\n Size/MD5 checksum: 139570 e281ec84c08bcac3f54d5017b6917e0b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_sparc.deb\n Size/MD5 checksum: 1561792 21cd9a3e1e89ba96aa11890858194b82\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-03-25T15:11:39", "published": "2008-03-25T15:11:39", "id": "DEBIAN:DSA-1530-1:AF698", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00097.html", "title": "[SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3387", "CVE-2007-4045", "CVE-2007-4351", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393", "CVE-2008-0047", "CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-04-09T05:14:39", "published": "2008-04-09T05:14:39", "id": "FEDORA:M395MOPQ032179", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: cups-1.2.12-10.fc7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393", "CVE-2008-0047", "CVE-2008-1373"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-04-09T05:13:24", "published": "2008-04-09T05:13:24", "id": "FEDORA:M395LSQG032038", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: cups-1.3.6-4.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3387", "CVE-2007-4045", "CVE-2007-4351", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393", "CVE-2008-0047", "CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373", "CVE-2008-1722"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-05-10T13:55:52", "published": "2008-05-10T13:55:52", "id": "FEDORA:M4AEDGTI021901", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: cups-1.2.12-11.fc7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393", "CVE-2008-0047", "CVE-2008-1373", "CVE-2008-1722"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-05-10T13:54:12", "published": "2008-05-10T13:54:12", "id": "FEDORA:M4AEBCSZ021692", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: cups-1.3.7-2.fc8", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393", "CVE-2008-0047", "CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-10-16T02:03:57", "published": "2008-10-16T02:03:57", "id": "FEDORA:1CF1C208969", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: cups-1.3.9-1.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393", "CVE-2008-0047", "CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641", "CVE-2008-5183", "CVE-2008-5286"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-12-09T11:38:29", "published": "2008-12-09T11:38:29", "id": "FEDORA:C698B2081FF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: cups-1.3.9-2.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-10-16T02:08:34", "published": "2008-10-16T02:08:34", "id": "FEDORA:E5CC020896E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: cups-1.3.9-1.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641", "CVE-2008-5183", "CVE-2008-5286"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-12-09T11:35:52", "published": "2008-12-09T11:35:52", "id": "FEDORA:7F2C2208D5A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: cups-1.3.9-2.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641", "CVE-2008-5183", "CVE-2008-5286", "CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0163", "CVE-2009-0164", "CVE-2009-0166"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2009-04-22T00:47:43", "published": "2009-04-22T00:47:43", "id": "FEDORA:5BE0C10F888", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: cups-1.3.10-1.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:45:08", "description": "BUGTRAQ ID: 28307\r\nCVE(CAN) ID: CVE-2008-0047\r\n\r\nCommon Unix Printing System (CUPS)\u662f\u4e00\u6b3e\u901a\u7528Unix\u6253\u5370\u7cfb\u7edf\uff0c\u662fUnix\u73af\u5883\u4e0b\u7684\u8de8\u5e73\u53f0\u6253\u5370\u89e3\u51b3\u65b9\u6848\uff0c\u57fa\u4e8eInternet\u6253\u5370\u534f\u8bae\uff0c\u63d0\u4f9b\u5927\u591a\u6570PostScript\u548craster\u6253\u5370\u673a\u670d\u52a1\u3002\r\n\r\nCUPS\u7684CGI\u63a5\u53e3\u5904\u7406\u7578\u5f62\u7684\u7528\u6237\u8bf7\u6c42\u65f6\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u670d\u52a1\u5668\u3002\r\n\r\nCUPS\u5728TCP 631\u7aef\u53e3\u4e0a\u76d1\u542c\u8bf7\u6c42\uff0c\u8fd9\u4e2a\u63a5\u53e3\u5141\u8bb8\u8bbf\u95ee\u4e00\u4e9b\u7528\u4e8e\u7ba1\u7406CUPS\u548c\u63d0\u4f9b\u6253\u5370\u4efb\u52a1\u4fe1\u606f\u7684CGI\u5e94\u7528\u3002\u5982\u679c\u8fdc\u7a0b\u653b\u51fb\u8005\u5411\u8fd9\u4e2a\u7aef\u53e3\u63d0\u4ea4\u4e86\u6076\u610f\u8bf7\u6c42\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u5806\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\u5982\u679c\u8981\u8fdc\u7a0b\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u76ee\u6807\u4e3b\u673a\u5fc5\u987b\u5728\u7f51\u7edc\u4e2d\u5171\u4eab\u6253\u5370\u673a\uff0c\u5426\u5219CUPS\u4ec5\u76d1\u542c\u4e8e\u672c\u5730\u63a5\u53e3\uff0c\u800c\u672c\u5730\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u53ea\u80fd\u5bfc\u81f4\u6743\u9650\u63d0\u5347\u3002\r\n\n\nApple Mac OS X 10.5.2 \r\nApple MacOS X Server 10.5.2\r\nEasy Software Products CUPS 1.3.5\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u7981\u6b62\u8fdc\u7a0b\u5171\u4eab\u6253\u5370\u673a\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&amp;cat=57&amp;platform=osx&amp;method=sa/SecUpd2008-002.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&amp;cat=57&amp;platform=osx&amp;method=sa/SecUpd2008-002.dmg</a>", "published": "2008-03-20T00:00:00", "title": "CUPS CGI\u63a5\u53e3\u8fdc\u7a0b\u5806\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0047"], "modified": "2008-03-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3058", "id": "SSV:3058", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T21:44:31", "description": "BUGTRAQ ID: 28544\r\nCVE(CAN) ID: CVE-2008-1373\r\n\r\nCommon Unix Printing System (CUPS)\u662f\u4e00\u6b3e\u901a\u7528Unix\u6253\u5370\u7cfb\u7edf\uff0c\u662fUnix\u73af\u5883\u4e0b\u7684\u8de8\u5e73\u53f0\u6253\u5370\u89e3\u51b3\u65b9\u6848\uff0c\u57fa\u4e8eInternet\u6253\u5370\u534f\u8bae\uff0c\u63d0\u4f9b\u5927\u591a\u6570PostScript\u548craster\u6253\u5370\u673a\u670d\u52a1\u3002\r\n\r\nCUPS\u5904\u7406\u7578\u5f62\u683c\u5f0f\u7684GIF\u6587\u4ef6\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u670d\u52a1\u5668\u3002\r\n\r\nCUPS\u6253\u5370\u7cfb\u7edf\u6240\u4f7f\u7528\u7684GIF\u89e3\u6790\u4ee3\u7801\u76f4\u63a5\u4eceGIF\u56fe\u5f62\u4e2d\u8bfb\u53d6\u4e86code_size\u503c\uff0c\u4e14\u6ca1\u6709\u7ecf\u8fc7\u9a8c\u8bc1\u4fbf\u7528\u4e8e\u521d\u59cb\u5316gif_read_lzw()\u4e2d\u7684\u8868\u683c\u6570\u7ec4\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u9759\u6001\u6ea2\u51fa\u3002 \u7531\u4e8e\u5728for\u5faa\u73af\u4e2d\u7528\u4f5c\u4e0a\u8fb9\u754c\u7684clear_code\u4e3ashort\u578b\uff0c\u56e0\u6b64\u6ea2\u51fa\u4ec5\u9650\u4e8e\u5927\u7ea64k\u523016k\u7684short int\u503c\u3002\u6b64\u5916\uff0c\u653b\u51fb\u8005\u4ec5\u80fd\u90e8\u5206\u63a7\u5236\u5199\u8fc7\u7f13\u51b2\u533a\u7684\u503c\u3002\r\n\r\n\n\nEasy Software Products CUPS 1.3.6\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nEasy Software Products\r\n----------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.cups.org/str.php?L2765 target=_blank>http://www.cups.org/str.php?L2765</a>\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0206-01/RHSA-2008:0192-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0206-01\uff1aModerate: cups security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0206.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0206.html</a>\r\n\r\nRHSA-2008:0192-01\uff1aModerate: cups security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0192.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0192.html</a>\r\n\r\nGentoo\r\n------\r\nGentoo\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08GLSA-200804-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nGLSA-200804-01\uff1aCUPS: Multiple vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://security.gentoo.org/glsa/glsa-200804-01.xml target=_blank>http://security.gentoo.org/glsa/glsa-200804-01.xml</a>\r\n\r\n\u6240\u6709CUPS\u7528\u6237\u90fd\u5e94\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose &quot;&gt;=net-print/cups-1.2.12-r7&quot;", "published": "2008-04-03T00:00:00", "title": "CUPS gif_read_lzw()\u51fd\u6570GIF\u6587\u4ef6\u5904\u7406\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1373"], "modified": "2008-04-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3117", "id": "SSV:3117", "sourceData": "\n http://vexillium.org/dl.php?sdlgifdos\n ", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-3117"}, {"lastseen": "2017-11-19T21:45:09", "description": "BUGTRAQ ID: 28304\r\nCVE(CAN) ID: CVE-2008-0044,CVE-2008-0045,CVE-2008-0048,CVE-2008-0049,CVE-2008-0057,CVE-2008-0997,CVE-2008-0046,CVE-2008-0051,CVE-2008-0052,CVE-2008-0053,CVE-2008-0054,CVE-2008-0055,CVE-2008-0056,CVE-2008-0058,CVE-2008-0059,CVE-2008-0060,CVE-2008-0987,CVE-2008-0988,CVE-2008-0989,CVE-2008-0990,CVE-2008-0992,CVE-2008-0993,CVE-2008-0994,CVE-2008-0995,CVE-2008-0996,CVE-2008-0998,CVE-2008-0999\r\n\r\nMac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u673a\u5668\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple 2008-002\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u4e86Mac OS X\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u6216\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u9020\u6210\u591a\u79cd\u5a01\u80c1\u3002\r\n\r\nCVE-2008-0044\r\n\r\nAFP\u5ba2\u6237\u7aef\u5904\u7406afp:// URL\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u8fde\u63a5\u5230\u4e86\u6076\u610f\u7684AFP\u670d\u52a1\u5668\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0045\r\n\r\nAFP\u670d\u52a1\u5668\u68c0\u67e5Kerberos\u4e3b\u57df\u540d\u7684\u65b9\u5f0f\u5b58\u5728\u9519\u8bef\uff0c\u5982\u679c\u5bf9AFP\u670d\u52a1\u5668\u4f7f\u7528\u4e86\u8de8\u57df\u8ba4\u8bc1\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5141\u8bb8\u975e\u6388\u6743\u8fde\u63a5\u5230\u670d\u52a1\u5668\u3002 \r\n\r\nCVE-2008-0048\r\n\r\nNSDocument API\u5904\u7406\u6587\u4ef6\u540d\u7684\u65b9\u5f0f\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u4f46\u5728\u5927\u591a\u6570\u6587\u4ef6\u7cfb\u7edf\u4e0a\u8fd9\u4e2a\u6f0f\u6d1e\u4e0d\u53ef\u7528\u3002 \r\n\r\nCVE-2008-0049\r\n\r\nNSApplication\u4e2d\u7528\u4e8e\u7ebf\u7a0b\u95f4\u540c\u6b65\u7684mach\u7aef\u53e3\u65e0\u610f\u4e2d\u63d0\u4f9b\u7ed9\u4e86\u8fdb\u7a0b\u95f4\u901a\u8baf\uff0c\u5982\u679c\u5411\u540c\u4e00bootstrap\u540d\u79f0\u7a7a\u95f4\u7684\u7279\u6743\u5e94\u7528\u53d1\u9001\u4e86\u7279\u5236\u6d88\u606f\u7684\u8bdd\uff0c\u672c\u5730\u7528\u6237\u5c31\u53ef\u4ee5\u5bfc\u81f4\u4ee5\u76ee\u6807\u5e94\u7528\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0057\r\n\r\n\u8001\u5f0f\u5e8f\u5217\u53f7\u683c\u5f0f\u7684\u89e3\u6790\u5668\u4e2d\u5b58\u5728\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u89e3\u6790\u4e86\u7279\u5236\u7684\u5e8f\u5217\u5316\u5c5e\u6027\u5217\u8868\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u5806\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0997\r\n\r\nAppKit\u5904\u7406PPD\u6587\u4ef6\u7684\u65b9\u5f0f\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u67e5\u8be2\u4e86\u7f51\u7edc\u6253\u5370\u673a\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0046\r\n\r\n\u5728\u5fb7\u8bed\u7248\u7684\u5e94\u7528\u9632\u706b\u5899\u504f\u597d\u680f\u4e2d\u7684\u201c\u4e3a\u7279\u5b9a\u670d\u52a1\u548c\u5e94\u7528\u8bbe\u7f6e\u8bbf\u95ee\u201d\u952e\u88ab\u7ffb\u8bd1\u6210\u4e86Zugriff auf bestimmte Dienste und Programme festlegen\uff0c\u610f\u601d\u662f\u201c\u8bbe\u7f6e\u5230\u7279\u5b9a\u670d\u52a1\u548c\u5e94\u7528\u7684\u8bbf\u95ee\u201d\uff0c\u8fd9\u53ef\u80fd\u8bef\u5bfc\u7528\u6237\u8ba4\u4e3a\u4ec5\u6709\u5217\u51fa\u7684\u670d\u52a1\u624d\u5141\u8bb8\u63a5\u53d7\u5165\u7ad9\u8fde\u63a5\u3002 \r\n\r\nCVE-2008-0051\r\n\r\nCoreFoundation\u5904\u7406\u65f6\u533a\u6570\u636e\u7684\u65b9\u5f0f\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0052\r\n\r\n\u5982\u679cSafari\u542f\u7528\u4e86\u201c\u6253\u5f00\u5b89\u5168\u6587\u4ef6\u201d\u9009\u9879\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5728AppleWorks\u4e2d\u81ea\u52a8\u6253\u5f00\u540d\u79f0\u4ee5.ief\u7ed3\u5c3e\u7684\u6587\u4ef6\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u7834\u574f\u5b89\u5168\u7b56\u7565\u3002\r\n\r\nCVE-2008-0053\r\n\r\nCUPS\u4e2d\u7684\u591a\u4e2a\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0054\r\n\r\nNSSelectorFromString API\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\uff0c\u5982\u679c\u5bf9\u5176\u4f20\u9001\u4e86\u7578\u5f62\u7684selector\u540d\u79f0\u5c31\u53ef\u80fd\u8fd4\u56de\u975e\u9884\u671f\u7684selector\uff0c\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0055\r\n\r\n\u5728\u6267\u884c\u9012\u5f52\u6587\u4ef6\u62f7\u8d1d\u64cd\u4f5c\u65f6\uff0cNSFileManager\u521b\u5efa\u4e86\u5b8c\u5168\u53ef\u5199\u7684\u76ee\u5f55\uff0c\u4e4b\u540e\u624d\u9650\u5236\u4e86\u6743\u9650\uff0c\u8fd9\u5c31\u9020\u6210\u4e86\u672c\u5730\u7528\u6237\u53ef\u4ee5\u63a7\u5236\u76ee\u5f55\u5e76\u5e72\u9884\u4e4b\u540e\u64cd\u4f5c\u7684\u7ade\u4e89\u6761\u4ef6\uff0c\u5bfc\u81f4\u5c06\u6743\u9650\u63d0\u5347\u5230\u4f7f\u7528API\u5e94\u7528\u7a0b\u5e8f\u7684\u6743\u9650\u3002\r\n\r\nCVE-2008-0056\r\n\r\n\u975e\u9884\u671f\u7ed3\u6784\u7684\u8d85\u957f\u8def\u5f84\u540d\u4f1a\u5728NSFileManager\u4e2d\u89e6\u53d1\u6808\u6ea2\u51fa\uff0c\u5982\u679c\u4f7f\u7528NSFileManager\u63d0\u4f9b\u4e86\u7279\u5236\u7684\u7a0b\u5e8f\u8def\u5f84\u5c31\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0058\r\n\r\nNSURLConnection\u7684\u7f13\u5b58\u7ba1\u7406\u4e2d\u5b58\u5728\u7ebf\u7a0b\u7ade\u4e89\u6761\u4ef6\uff0c\u5bfc\u81f4\u5df2\u6e05\u9664\u7684\u5bf9\u8c61\u63a5\u6536\u6d88\u606f\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u4ee5Safari\u6216\u5176\u4ed6\u4f7f\u7528NSURLConnection\u7a0b\u5e8f\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0059\r\n\r\nNSXML\u4e2d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u5982\u679c\u8bf1\u9a97\u7528\u6237\u5728\u4f7f\u7528NSXML\u7684\u5e94\u7528\u7a0b\u5e8f\u4e2d\u5904\u7406\u4e86XML\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0060\r\n\r\n\u6076\u610f\u7684help:topic_list URL\u53ef\u80fd\u5411\u751f\u6210\u7684\u4e3b\u9898\u5217\u8868\u9875\u9762\u4e2d\u6ce8\u5165\u4efb\u610fHTML\u6216JavaScript\uff0c\u91cd\u65b0\u5b9a\u5411\u5230\u8fd0\u884cApplescript\u7684Help Viewer help:runscript\u94fe\u63a5\u3002\r\n\r\nCVE-2008-0987\r\n\r\nAdobe Digital Negative\uff08DNG\uff09\u56fe\u5f62\u6587\u4ef6\u5904\u7406\u4e2d\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684\u56fe\u5f62\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0988\r\n\r\nLibsystem\u7684strnstr(3)\u5b9e\u73b0\u4e2d\u5b58\u5728\u5355\u5b57\u8282\u9519\u8bef\uff0c\u4f7f\u7528strnstr API\u7684\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u4ece\u7528\u6237\u6307\u5b9a\u7684\u9650\u5236\u8303\u56f4\u5916\u8bfb\u53d6\u4e00\u4e2a\u5b57\u8282\uff0c\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u3002\r\n\r\nCVE-2008-0989\r\n\r\nmDNSResponderHelper\u4e2d\u5b58\u5728\u683c\u5f0f\u4e32\u6f0f\u6d1e\uff0c\u5982\u679c\u5c06\u672c\u5730\u4e3b\u673a\u540d\u8bbe\u7f6e\u4e3a\u6076\u610f\u5b57\u7b26\u4e32\u7684\u8bdd\uff0c\u672c\u5730\u7528\u6237\u5c31\u53ef\u4ee5\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u4ee5DNSResponderHelper\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0990\r\n\r\nnotifyd\u6ca1\u6709\u786e\u8ba4\u901a\u77e5\u6765\u81ea\u5185\u6838\u4fbf\u63a5\u53d7\u4e86Mach\u7aef\u53e3\u6b7b\u4ea1\u901a\u77e5\uff0c\u5982\u679c\u672c\u5730\u7528\u6237\u5411notifyd\u53d1\u9001\u4e86\u4f2a\u9020\u7684\u901a\u77e5\u7684\u8bdd\uff0c\u4f7f\u7528notify(3) API\u6ce8\u518c\u901a\u77e5\u7684\u5e94\u7528\u7a0b\u5e8f\u53ef\u80fd\u4e0d\u518d\u63a5\u53d7\u901a\u77e5\u3002 \r\n\r\nCVE-2008-0992\r\n\r\npax\u547d\u4ee4\u884c\u5de5\u5177\u6ca1\u6709\u68c0\u67e5\u8f93\u5165\u4e2d\u7684\u957f\u5ea6\u4fbf\u7528\u4f5c\u4e86\u6570\u7ec4\u7d22\u5f15\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0993\r\n\r\nPodcast Capture\u5e94\u7528\u901a\u8fc7\u53c2\u6570\u5411\u5b50\u4efb\u52a1\u63d0\u4f9b\u53e3\u4ee4\uff0c\u8fd9\u53ef\u80fd\u6cc4\u9732\u7ed9\u5176\u4ed6\u672c\u5730\u7528\u6237\u3002\r\n\r\nCVE-2008-0994\r\n\r\n\u5f53Preview\u901a\u8fc7\u52a0\u5bc6\u4fdd\u5b58PDF\u6587\u4ef6\u65f6\uff0c\u4f7f\u7528\u7684\u662f40\u4f4dRC4\u3002\u8fd9\u79cd\u52a0\u5bc6\u7b97\u6cd5\u53ef\u80fd\u88ab\u7834\u89e3\uff0c\u53ef\u8bbf\u95ee\u8be5\u6587\u4ef6\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u66b4\u529b\u731c\u6d4b\u67e5\u770b\u8fd9\u4e2a\u6587\u4ef6\u3002\r\n\r\nCVE-2008-0995\r\n\r\n\u6253\u5370PDF\u6587\u4ef6\u548c\u8bbe\u7f6eopen\u53e3\u4ee4\u4f7f\u7528\u7684\u662f40\u4f4dRC4\u3002\u8fd9\u79cd\u52a0\u5bc6\u7b97\u6cd5\u53ef\u80fd\u88ab\u7834\u89e3\uff0c\u53ef\u8bbf\u95ee\u8be5\u6587\u4ef6\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u66b4\u529b\u731c\u6d4b\u67e5\u770b\u8fd9\u4e2a\u6587\u4ef6\u3002\r\n\r\nCVE-2008-0996\r\n\r\n\u5904\u7406\u901a\u8fc7\u8ba4\u8bc1\u7684\u6253\u5370\u961f\u5217\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5f53\u5bf9\u901a\u8fc7\u8ba4\u8bc1\u7684\u6253\u5370\u961f\u5217\u542f\u52a8\u4efb\u52a1\u65f6\uff0c\u5c31\u53ef\u80fd\u5c06\u7528\u4e8e\u8ba4\u8bc1\u7684\u51ed\u636e\u4fdd\u5b58\u5230\u78c1\u76d8\u3002 \r\n\r\nCVE-2008-0998\r\n\r\nNetCfgTool\u7279\u6743\u5de5\u5177\u4f7f\u7528\u5206\u5e03\u5f0f\u5bf9\u8c61\u4e0e\u672c\u5730\u673a\u5668\u4e0a\u7684\u4e0d\u53ef\u4fe1\u4efb\u5ba2\u6237\u7aef\u7a0b\u5e8f\u901a\u8baf\uff0c\u5982\u679c\u53d1\u9001\u4e86\u7279\u5236\u6d88\u606f\u7684\u8bdd\uff0c\u672c\u5730\u7528\u6237\u5c31\u53ef\u4ee5\u7ed5\u8fc7\u6388\u6743\u8fc7\u7a0b\u5bfc\u81f4\u4ee5\u7279\u6743\u7a0b\u5e8f\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0999\r\n\r\n\u5728\u5904\u7406\u901a\u7528\u78c1\u76d8\u683c\u5f0f\uff08UDF\uff09\u6587\u4ef6\u7cfb\u7edf\u65f6\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684\u78c1\u76d8\u955c\u50cf\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u95ed\u3002\r\n\n\nApple Mac OS X 10.4.11\r\nApple MacOS X Server 10.5.2\r\nApple MacOS X Server 10.4.11\n Apple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&amp;cat=57&amp;platform=osx&amp;method=sa/SecUpdSrvr2008-002PPC.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&amp;cat=57&amp;platform=osx&amp;method=sa/SecUpdSrvr2008-002PPC.dmg</a>\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&amp;cat=57&amp;platform=osx&amp;method=sa/SecUpdSrvr2008-002Univ.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&amp;cat=57&amp;platform=osx&amp;method=sa/SecUpdSrvr2008-002Univ.dmg</a>\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&amp;cat=57&amp;platform=osx&amp;method=sa/SecUpd2008-002.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&amp;cat=57&amp;platform=osx&amp;method=sa/SecUpd2008-002.dmg</a>", "published": "2008-03-20T00:00:00", "title": "Apple Mac OS X 2008-002\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0044", "CVE-2008-0045", "CVE-2008-0046", "CVE-2008-0048", "CVE-2008-0049", "CVE-2008-0051", "CVE-2008-0052", "CVE-2008-0053", "CVE-2008-0054", "CVE-2008-0055", "CVE-2008-0056", "CVE-2008-0057", "CVE-2008-0058", "CVE-2008-0059", "CVE-2008-0060", "CVE-2008-0987", "CVE-2008-0988", "CVE-2008-0989", "CVE-2008-0990", "CVE-2008-0992", "CVE-2008-0993", "CVE-2008-0994", "CVE-2008-0995", "CVE-2008-0996", "CVE-2008-0997", "CVE-2008-0998", "CVE-2008-0999"], "modified": "2008-03-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3063", "id": "SSV:3063", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}]}