Lucene search
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2010-232.NASLHistoryNov 16, 2010 - 12:00 a.m.
Mandriva Linux Security Advisory : cups (MDVSA-2010:232)
2010-11-1600:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
12
Multiple vulnerabilities were discovered and corrected in cups :
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540).
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file (CVE-2010-0542).
The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors (CVE-2010-1748).
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file (CVE-2010-2431).
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90
The updated packages have been patched to correct these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2010:232.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(50606);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2010-0540", "CVE-2010-0542", "CVE-2010-1748", "CVE-2010-2431", "CVE-2010-2941");
script_bugtraq_id(40889, 40897, 40943, 41131, 44530);
script_xref(name:"MDVSA", value:"2010:232");
script_name(english:"Mandriva Linux Security Advisory : cups (MDVSA-2010:232)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities were discovered and corrected in cups :
Cross-site request forgery (CSRF) vulnerability in the web interface
in CUPS, allows remote attackers to hijack the authentication of
administrators for requests that change settings (CVE-2010-0540).
The _WriteProlog function in texttops.c in texttops in the Text Filter
subsystem in CUPS before 1.4.4 does not check the return values of
certain calloc calls, which allows remote attackers to cause a denial
of service (NULL pointer dereference or heap memory corruption) or
possibly execute arbitrary code via a crafted file (CVE-2010-0542).
The web interface in CUPS, reads uninitialized memory during handling
of form variables, which allows context-dependent attackers to obtain
sensitive information from cupsd process memory via unspecified
vectors (CVE-2010-1748).
The cupsFileOpen function in CUPS before 1.4.4 allows local users,
with lp group membership, to overwrite arbitrary files via a symlink
attack on the (1) /var/cache/cups/remote.cache or (2)
/var/cache/cups/job.cache file (CVE-2010-2431).
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate
memory for attribute values with invalid string data types, which
allows remote attackers to cause a denial of service (use-after-free
and application crash) or possibly execute arbitrary code via a
crafted IPP request (CVE-2010-2941).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90
The updated packages have been patched to correct these issues."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-serial");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcups2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcups2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cups");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/16");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2009.0", reference:"cups-1.3.10-0.4mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"cups-common-1.3.10-0.4mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"cups-serial-1.3.10-0.4mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64cups2-1.3.10-0.4mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64cups2-devel-1.3.10-0.4mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libcups2-1.3.10-0.4mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libcups2-devel-1.3.10-0.4mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"php-cups-1.3.10-0.4mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"cups-1.4.1-12.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"cups-common-1.4.1-12.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"cups-serial-1.4.1-12.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64cups2-1.4.1-12.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64cups2-devel-1.4.1-12.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libcups2-1.4.1-12.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libcups2-devel-1.4.1-12.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"php-cups-1.4.1-12.2mdv2010.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | cups | p-cpe:/a:mandriva:linux:cups |
| mandriva | linux | cups-common | p-cpe:/a:mandriva:linux:cups-common |
| mandriva | linux | cups-serial | p-cpe:/a:mandriva:linux:cups-serial |
| mandriva | linux | lib64cups2 | p-cpe:/a:mandriva:linux:lib64cups2 |
| mandriva | linux | lib64cups2-devel | p-cpe:/a:mandriva:linux:lib64cups2-devel |
| mandriva | linux | libcups2 | p-cpe:/a:mandriva:linux:libcups2 |
| mandriva | linux | libcups2-devel | p-cpe:/a:mandriva:linux:libcups2-devel |
| mandriva | linux | php-cups | p-cpe:/a:mandriva:linux:php-cups |
| mandriva | linux | 2009.0 | cpe:/o:mandriva:linux:2009.0 |
| mandriva | linux | 2010.0 | cpe:/o:mandriva:linux:2010.0 |
Related
openvas
openvas
Mandriva Update for cups MDVSA-2010:232 (cups)
2010-11-23 00:00:00
Mandriva Update for cups MDVSA-2010:232 (cups)
2010-11-23 00:00:00
Fedora Update for cups FEDORA-2010-17615
2010-11-23 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: cups-1.4.4-11.fc13
2010-11-22 22:19:35
[SECURITY] Fedora 12 Update: cups-1.4.4-11.fc12
2010-11-22 22:15:07
[SECURITY] Fedora 13 Update: cups-1.4.4-5.fc13
2010-07-01 18:44:56
nessus
nessus
openSUSE Security Update : cups (openSUSE-SU-2010:1018-1)
2011-05-05 00:00:00
openSUSE Security Update : cups (openSUSE-SU-2010:1018-1)
2011-05-05 00:00:00
Fedora 12 : cups-1.4.4-5.fc12 (2010-10101)
2010-07-27 00:00:00
oraclelinux
oraclelinux
cups security update
2010-06-17 00:00:00
cups security update
2010-10-29 00:00:00
cups security update
2011-02-10 00:00:00
redhat
redhat
(RHSA-2010:0490) Important: cups security update
2010-06-17 00:00:00
(RHSA-2010:0811) Important: cups security update
2010-10-28 00:00:00
(RHSA-2010:0866) Important: cups security update
2010-11-10 00:00:00
slackware
slackware
[slackware-security] cups
2010-06-25 18:33:46
[slackware-security] cups
2010-11-30 02:40:23
ubuntu
ubuntu
CUPS vulnerabilities
2010-06-21 00:00:00
CUPS vulnerability
2010-11-04 00:00:00
centos
centos
cups security update
2010-06-19 23:35:01
cups security update
2010-11-01 21:28:39
osv
osv
cups - several
2011-03-02 00:00:00
debian
debian
[SECURITY] [DSA 2176-1] cups security update
2011-03-01 23:31:10
gentoo
gentoo
CUPS: Multiple vulnerabilities
2012-07-09 00:00:00
ubuntucve
ubuntucve
seebug
seebug
CUPS texttopsθΏζ»€ε¨η©ΊζιεΌη¨ζΌζ΄
2010-06-21 00:00:00
Mac OS X CUPS Webηι’δΏ‘ζ―ζ³ι²ζΌζ΄
2010-06-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple CUPS IPP Use-after-free Memory Corruption (CVE-2010-2941)
2011-03-27 00:00:00
prion
prion
Cross site request forgery (csrf)
2010-11-05 17:00:00
Cross site request forgery (csrf)
2010-06-17 16:30:00
Design/Logic Flaw
2010-06-17 16:30:00
cve
cve
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:44:30
Arbitrary Code Execution
2020-04-10 00:53:12
Information Disclosure
2020-04-10 00:44:31
debiancve
debiancve
securityvulns
securityvulns
Apple Mac OS X and QuickTime multiple security vulnerabilities
2013-11-18 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
Related for MANDRIVA_MDVSA-2010-232.NASL