Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2007-0123.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 3 / 4 / 5 : cups (ELSA-2007-0123)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

From Red Hat Security Advisory 2007:0123 :

Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX® operating systems.

A bug was found in the way CUPS handled SSL negotiation. A remote user capable of connecting to the CUPS daemon could cause a denial of service to other CUPS users. (CVE-2007-0720)

All users of CUPS should upgrade to these updated packages, which contain a backported patch introducing a timeout, which prevents connections being kept open for an arbitrarily long time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:0123 and 
# Oracle Linux Security Advisory ELSA-2007-0123 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67462);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-0720");
  script_bugtraq_id(23127);
  script_xref(name:"RHSA", value:"2007:0123");

  script_name(english:"Oracle Linux 3 / 4 / 5 : cups (ELSA-2007-0123)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2007:0123 :

Updated CUPS packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing
layer for UNIX(R) operating systems.

A bug was found in the way CUPS handled SSL negotiation. A remote user
capable of connecting to the CUPS daemon could cause a denial of
service to other CUPS users. (CVE-2007-0720)

All users of CUPS should upgrade to these updated packages, which
contain a backported patch introducing a timeout, which prevents
connections being kept open for an arbitrarily long time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2007-April/000119.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2007-April/000123.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000235.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-lpd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4 / 5", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-1.1.17-13.3.42")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-1.1.17-13.3.42")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-devel-1.1.17-13.3.42")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-devel-1.1.17-13.3.42")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-libs-1.1.17-13.3.42")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-libs-1.1.17-13.3.42")) flag++;

if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-1.1.22-0.rc1.9.18")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-1.1.22-0.rc1.9.18")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-devel-1.1.22-0.rc1.9.18")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-devel-1.1.22-0.rc1.9.18")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-libs-1.1.22-0.rc1.9.18")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-libs-1.1.22-0.rc1.9.18")) flag++;

if (rpm_check(release:"EL5", reference:"cups-1.2.4-11.5.1.el5")) flag++;
if (rpm_check(release:"EL5", reference:"cups-devel-1.2.4-11.5.1.el5")) flag++;
if (rpm_check(release:"EL5", reference:"cups-libs-1.2.4-11.5.1.el5")) flag++;
if (rpm_check(release:"EL5", reference:"cups-lpd-1.2.4-11.5.1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd");
}
VendorProductVersionCPE
oraclelinuxcupsp-cpe:/a:oracle:linux:cups
oraclelinuxcups-develp-cpe:/a:oracle:linux:cups-devel
oraclelinuxcups-libsp-cpe:/a:oracle:linux:cups-libs
oraclelinuxcups-lpdp-cpe:/a:oracle:linux:cups-lpd
oraclelinux3cpe:/o:oracle:linux:3
oraclelinux4cpe:/o:oracle:linux:4
oraclelinux5cpe:/o:oracle:linux:5

Related

openvas 18
veracode 1
prion 2
oraclelinux 1
nessus 16
gentoo 2
cvelist 2
cve 2
freebsd 1
centos 1
debiancve 2
ubuntucve 2
redhat 1
fedora 2
securityvulns 1
openvas
openvas
Mandriva Update for cups MDKSA-2007:086 (cups)
2009-04-09 00:00:00
Oracle: Security Advisory (ELSA-2007-0123)
2015-10-08 00:00:00
SLES9: Security update for CUPS
2009-10-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:15:21
prion
prion
Code injection
2007-03-13 21:19:00
Design/Logic Flaw
2007-07-27 22:30:00
oraclelinux
oraclelinux
Moderate: cups security update
2007-04-16 00:00:00
nessus
nessus
openSUSE 10 Security Update : cups (cups-3136)
2007-10-17 00:00:00
openSUSE 10 Security Update : cups (cups-3715)
2007-10-17 00:00:00
Mandrake Linux Security Advisory : cups (MDKSA-2007:086)
2007-04-19 00:00:00
gentoo
gentoo
CUPS: Denial of service
2007-03-31 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
cvelist
cvelist
CVE-2007-0720
2007-03-13 21:00:00
CVE-2007-4045
2007-07-27 22:00:00
cve
cve
CVE-2007-0720
2007-03-13 21:19:00
CVE-2007-4045
2007-07-27 22:30:00
freebsd
freebsd
cups -- Incomplete SSL Negotiation Denial of Service
2007-05-05 00:00:00
centos
centos
cups security update
2007-04-16 12:43:40
debiancve
debiancve
CVE-2007-0720
2007-03-13 21:19:00
CVE-2007-4045
2007-07-27 22:30:00
ubuntucve
ubuntucve
CVE-2007-0720
2007-03-13 00:00:00
CVE-2007-4045
2007-07-27 00:00:00
redhat
redhat
(RHSA-2007:0123) Moderate: cups security update
2007-04-16 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: cups-1.3.4-2.fc8
2007-11-08 06:03:28
[SECURITY] Fedora 7 Update: cups-1.2.12-7.fc7
2007-11-09 23:51:50
securityvulns
securityvulns
Apple MacOS X multiple security vulnerabilities
2007-03-18 00:00:00
JSON
Related for ORACLELINUX_ELSA-2007-0123.NASL
openvas18veracode1prion2oraclelinux1nessus16gentoo2cvelist2cve2freebsd1centos1debiancve2ubuntucve2redhat1fedora2securityvulns1