Lucene search
Copyright (C) 2008 Greenbone AGOPENVAS:136141256231060069HistoryJan 17, 2008 - 12:00 a.m.
Debian: Security Advisory (DSA-1437-1)
2008-01-1700:00:00
Copyright (C) 2008 Greenbone AG
plugins.openvas.org
1
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.60069");
script_cve_id("CVE-2007-5849", "CVE-2007-6358");
script_tag(name:"creation_date", value:"2008-01-17 22:23:47 +0000 (Thu, 17 Jan 2008)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("Debian: Security Advisory (DSA-1437-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB4");
script_xref(name:"Advisory-ID", value:"DSA-1437-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2007/DSA-1437-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1437");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'cupsys' package(s) announced via the DSA-1437-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several local vulnerabilities have been discovered in the Common UNIX Printing System. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-5849
Wei Wang discovered that an buffer overflow in the SNMP backend may lead to the execution of arbitrary code.
CVE-2007-6358
Elias Pipping discovered that insecure handling of a temporary file in the pdftops.pl script may lead to local denial of service. This vulnerability is not exploitable in the default configuration.
The old stable distribution (sarge) is not affected by CVE-2007-5849. The other issue doesn't warrant an update on it's own and has been postponed.
For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch2.
For the unstable distribution (sid), these problems have been fixed in version 1.3.5-1.
We recommend that you upgrade your cupsys packages.");
script_tag(name:"affected", value:"'cupsys' package(s) on Debian 4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB4") {
if(!isnull(res = isdpkgvuln(pkg:"cupsys", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"cupsys-bsd", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"cupsys-client", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"cupsys-common", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"cupsys-dbg", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libcupsimage2", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libcupsimage2-dev", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libcupsys2", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libcupsys2-dev", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libcupsys2-gnutls10", ver:"1.2.7-4etch2", rls:"DEB4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Ubuntu Update for cupsys vulnerabilities USN-563-1
2009-03-23 00:00:00
Debian Security Advisory DSA 1437-1 (cupsys)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-563-1)
2009-03-23 00:00:00
ubuntu
ubuntu
CUPS vulnerabilities
2008-01-09 00:00:00
debian
debian
[SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities
2007-12-26 13:20:46
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerabilities (USN-563-1)
2008-01-10 00:00:00
Debian DSA-1437-1 : cupsys - several vulnerabilities
2007-12-27 00:00:00
GLSA-200712-14 : CUPS: Multiple vulnerabilities
2007-12-19 00:00:00
osv
osv
cupsys
2007-12-26 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2007-12-18 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
ubuntucve
ubuntucve
CVE-2007-6358
2007-12-15 00:00:00
CVE-2007-5849
2007-12-19 00:00:00
debiancve
debiancve
CVE-2007-6358
2007-12-15 01:46:00
CVE-2007-5849
2007-12-19 21:46:00
redhatcve
redhatcve
CVE-2007-6358
2015-10-30 10:32:43
prion
prion
Code injection
2007-12-15 01:46:00
Integer overflow
2007-12-19 21:46:00
cve
cve
CVE-2007-6358
2007-12-15 01:46:00
CVE-2007-5849
2007-12-19 21:46:00
cvelist
cvelist
CVE-2007-6358
2007-12-15 01:00:00
CVE-2007-5849
2007-12-19 21:00:00
seebug
seebug
CUPS SNMPεη«―asn1_get_string()ε½ζ°θΏη¨ζ ζΊ’εΊζΌζ΄
2008-01-04 00:00:00
Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities
2008-01-06 00:00:00
suse
suse
remote code execution in cups
2008-01-10 16:51:00
9.6 High
AI Score
Confidence
High
0.429 Medium
EPSS
Percentile
97.3%
Related for OPENVAS:136141256231060069