Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2009-0308.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 3 : cups (ELSA-2009-0308)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.85 High

EPSS

Percentile

98.5%

JSON

From Red Hat Security Advisory 2009:0308 :

Updated cups packages that fix a security issue are now available for Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems.

The CUPS security advisory, RHSA-2008:0937, stated that it fixed CVE-2008-3640 for Red Hat Enterprise Linux 3, 4, and 5. It was discovered this flaw was not properly fixed on Red Hat Enterprise Linux 3, however. (CVE-2009-0577)

These new packages contain a proper fix for CVE-2008-3640 on Red Hat Enterprise Linux 3. Red Hat Enterprise Linux 4 and 5 already contain the appropriate fix for this flaw and do not need to be updated.

Users of cups should upgrade to these updated packages, which contain a backported patch to correct this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2009:0308 and 
# Oracle Linux Security Advisory ELSA-2009-0308 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67808);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-3640", "CVE-2009-0577");
  script_bugtraq_id(31690);
  script_xref(name:"RHSA", value:"2009:0308");

  script_name(english:"Oracle Linux 3 : cups (ELSA-2009-0308)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2009:0308 :

Updated cups packages that fix a security issue are now available for
Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The Common UNIX(r) Printing System (CUPS) provides a portable printing
layer for UNIX operating systems.

The CUPS security advisory, RHSA-2008:0937, stated that it fixed
CVE-2008-3640 for Red Hat Enterprise Linux 3, 4, and 5. It was
discovered this flaw was not properly fixed on Red Hat Enterprise
Linux 3, however. (CVE-2009-0577)

These new packages contain a proper fix for CVE-2008-3640 on Red Hat
Enterprise Linux 3. Red Hat Enterprise Linux 4 and 5 already contain
the appropriate fix for this flaw and do not need to be updated.

Users of cups should upgrade to these updated packages, which contain
a backported patch to correct this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2009-February/000896.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-1.1.17-13.3.56")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-1.1.17-13.3.56")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-devel-1.1.17-13.3.56")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-devel-1.1.17-13.3.56")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-libs-1.1.17-13.3.56")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-libs-1.1.17-13.3.56")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
}
VendorProductVersionCPE
oraclelinuxcupsp-cpe:/a:oracle:linux:cups
oraclelinuxcups-develp-cpe:/a:oracle:linux:cups-devel
oraclelinuxcups-libsp-cpe:/a:oracle:linux:cups-libs
oraclelinux3cpe:/o:oracle:linux:3

Related

redhat 2
openvas 44
nessus 20
prion 2
cvelist 2
cve 2
centos 2
nvd 2
debiancve 1
ubuntucve 1
oraclelinux 2
veracode 1
checkpoint_advisories 1
freebsd 1
slackware 1
debian 1
osv 1
gentoo 1
ubuntu 1
fedora 5
redhat
redhat
(RHSA-2009:0308) Important: cups security update
2009-02-19 00:00:00
(RHSA-2008:0937) Important: cups security update
2008-10-10 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:0308
2009-02-23 00:00:00
CentOS Update for cups CESA-2009:0308 centos3 i386
2011-08-09 00:00:00
CentOS Update for cups CESA-2009:0308 centos3 i386
2011-08-09 00:00:00
nessus
nessus
Scientific Linux Security Update : cups on SL3.x i386/x86_64
2012-08-01 00:00:00
CentOS 3 / 4 : cups (CESA-2009:0308)
2009-02-20 00:00:00
RHEL 3 : cups (RHSA-2009:0308)
2009-02-20 00:00:00
prion
prion
Integer overflow
2009-02-20 19:30:00
Integer overflow
2008-10-14 21:10:00
cvelist
cvelist
CVE-2009-0577
2009-02-20 19:00:00
CVE-2008-3640
2008-10-14 20:00:00
cve
cve
CVE-2009-0577
2009-02-20 19:30:00
CVE-2008-3640
2008-10-14 21:10:35
centos
centos
cups security update
2009-02-19 18:19:28
cups security update
2008-10-10 08:49:24
nvd
nvd
CVE-2009-0577
2009-02-20 19:30:00
CVE-2008-3640
2008-10-14 21:10:35
debiancve
debiancve
CVE-2008-3640
2008-10-14 21:10:35
ubuntucve
ubuntucve
CVE-2008-3640
2008-10-14 00:00:00
oraclelinux
oraclelinux
cups security update
2009-02-19 00:00:00
cups security update
2008-10-10 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:35:04
checkpoint_advisories
checkpoint_advisories
Apple CUPS Text-to-PostScript texttops Filter Integer Overflow (CVE-2008-3640)
2010-01-10 00:00:00
freebsd
freebsd
cups -- multiple vulnerabilities
2008-10-09 00:00:00
slackware
slackware
[slackware-security] cups
2008-11-08 23:38:23
debian
debian
[SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities
2008-10-20 17:21:43
osv
osv
cupsys - several vulnerabilities
2008-10-20 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2008-12-10 00:00:00
ubuntu
ubuntu
CUPS vulnerabilities
2008-10-15 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: cups-1.3.9-1.fc9
2008-10-16 02:08:34
[SECURITY] Fedora 9 Update: cups-1.3.9-2.fc9
2008-12-09 11:35:52
[SECURITY] Fedora 8 Update: cups-1.3.9-1.fc8
2008-10-16 02:03:57

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.85 High

EPSS

Percentile

98.5%

JSON
Related for ORACLELINUX_ELSA-2009-0308.NASL
redhat2openvas44nessus20prion2cvelist2cve2centos2nvd2debiancve1ubuntucve1oraclelinux2veracode1checkpoint_advisories1freebsd1slackware1debian1osv1gentoo1ubuntu1fedora5