ID OPENVAS:52225 Type openvas Reporter Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com Modified 2016-09-16T00:00:00
Description
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID 990cf07e-6988-11d9-a9e7-0001020eed82
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from vuxml or freebsd advisories
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following package is affected: cups-base
The cups server is vulnerable to a denial of
service error when processing a URL containing
'/..'";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
http://www.cups.org/str.php?L1042
http://www.vuxml.org/freebsd/990cf07e-6988-11d9-a9e7-0001020eed82.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_id(52225);
script_version("$Revision: 4078 $");
script_tag(name:"last_modification", value:"$Date: 2016-09-16 07:34:17 +0200 (Fri, 16 Sep 2016) $");
script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
script_cve_id("CVE-2005-2874");
script_bugtraq_id(12200);
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_name("FreeBSD Ports: cups-base");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
txt = "";
vuln = 0;
bver = portver(pkg:"cups-base");
if(!isnull(bver) && revcomp(a:bver, b:"1.1.21")>=0 && revcomp(a:bver, b:"1.1.23")<0) {
txt += 'Package cups-base version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(vuln) {
security_message(data:string(txt));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:52225", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: cups-base", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "modified": "2016-09-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52225", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-2874"], "lastseen": "2017-07-02T21:10:26", "viewCount": 0, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-07-02T21:10:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2874"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2005-772.NASL", "CUPS_MULTIPLE_VULNERABILITIES.NASL", "FREEBSD_PKG_990CF07E698811D9A9E70001020EED82.NASL", "CENTOS_RHSA-2005-772.NASL", "FEDORA_2005-908.NASL"]}, {"type": "redhat", "idList": ["RHSA-2005:772"]}, {"type": "freebsd", "idList": ["990CF07E-6988-11D9-A9E7-0001020EED82"]}, {"type": "osvdb", "idList": ["OSVDB:12834"]}, {"type": "centos", "idList": ["CESA-2005:772"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231016141"]}], "modified": "2017-07-02T21:10:26", "rev": 2}, "vulnersScore": 5.7}, "pluginID": "52225", "sourceData": "#\n#VID 990cf07e-6988-11d9-a9e7-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: cups-base\n\nThe cups server is vulnerable to a denial of\nservice error when processing a URL containing\n'/..'\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.cups.org/str.php?L1042\nhttp://www.vuxml.org/freebsd/990cf07e-6988-11d9-a9e7-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52225);\n script_version(\"$Revision: 4078 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-16 07:34:17 +0200 (Fri, 16 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-2874\");\n script_bugtraq_id(12200);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: cups-base\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"cups-base\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.21\")>=0 && revcomp(a:bver, b:\"1.1.23\")<0) {\n txt += 'Package cups-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:34:56", "description": "The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a \"..\\..\" URL in an HTTP request.", "edition": 3, "cvss3": {}, "published": "2005-09-13T22:03:00", "title": "CVE-2005-2874", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2874"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:easy_software_products:cups:1.1.11", "cpe:/a:easy_software_products:cups:1.1.6", "cpe:/a:easy_software_products:cups:1.1.6_3", "cpe:/a:easy_software_products:cups:1.1.19_rc4", "cpe:/a:easy_software_products:cups:1.1.18", "cpe:/a:easy_software_products:cups:1.1.21_rc1", "cpe:/a:easy_software_products:cups:1.1.14", "cpe:/a:easy_software_products:cups:1.1.4", "cpe:/a:easy_software_products:cups:1.1.9_1", "cpe:/a:easy_software_products:cups:1.1.6_1", "cpe:/a:easy_software_products:cups:1.1.1", "cpe:/a:easy_software_products:cups:1.1.22", "cpe:/a:easy_software_products:cups:1.1.20_rc2", "cpe:/a:easy_software_products:cups:1.1.22_rc2", "cpe:/a:easy_software_products:cups:1.1.5_2", "cpe:/a:easy_software_products:cups:1.1.2", "cpe:/a:easy_software_products:cups:1.1.10_1", "cpe:/a:easy_software_products:cups:1.1.19_rc5", "cpe:/a:easy_software_products:cups:1.1.20_rc5", "cpe:/a:easy_software_products:cups:1.1.22_rc1", "cpe:/a:easy_software_products:cups:1.1", "cpe:/a:easy_software_products:cups:1.1.7", "cpe:/a:easy_software_products:cups:1.1.16", "cpe:/a:easy_software_products:cups:1.1.12", "cpe:/a:easy_software_products:cups:1.1.8", "cpe:/a:easy_software_products:cups:1.1.19_rc3", "cpe:/a:easy_software_products:cups:1.1.20", "cpe:/a:easy_software_products:cups:1.1.17", "cpe:/a:easy_software_products:cups:1.1.20_rc3", "cpe:/a:easy_software_products:cups:1.1.3", "cpe:/a:easy_software_products:cups:1.1.19_rc1", "cpe:/a:easy_software_products:cups:1.1.20_rc4", "cpe:/a:easy_software_products:cups:1.1.21_rc2", "cpe:/a:easy_software_products:cups:1.1.20_rc1", "cpe:/a:easy_software_products:cups:1.1.5", "cpe:/a:easy_software_products:cups:1.1.10", "cpe:/a:easy_software_products:cups:1.1.19", "cpe:/a:easy_software_products:cups:1.1.21", "cpe:/a:easy_software_products:cups:1.1.19_rc2", "cpe:/a:easy_software_products:cups:1.1.9", "cpe:/a:easy_software_products:cups:1.1.20_rc6", "cpe:/a:easy_software_products:cups:1.1.15", "cpe:/a:easy_software_products:cups:1.1.6_2", "cpe:/a:easy_software_products:cups:1.1.5_1", "cpe:/a:easy_software_products:cups:1.1.13"], "id": "CVE-2005-2874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2874", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:easy_software_products:cups:1.1.22_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.9_1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.19_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.5_2:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.20_rc6:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.19_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.10_1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.21_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.20_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.20_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.20_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.19_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.20_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.6_2:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.19_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.20_rc5:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.5_1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.6_3:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.6_1:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.21_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "cvelist": ["CVE-2005-2874"], "edition": 1, "description": "## Vulnerability Description\nCUPS contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted url including /.. is sent to the CUPS server, and will result in loss of availability for the service.\n## Solution Description\nUpgrade to version 1.1.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCUPS contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted url including /.. is sent to the CUPS server, and will result in loss of availability for the service.\n## Manual Testing Notes\nGET /..a HTTP/1.1\n## References:\nVendor URL: http://www.cups.org/\nVendor Specific News/Changelog Entry: http://www.cups.org/relnotes.php#010123\nVendor Specific News/Changelog Entry: http://www.cups.org/newsgroups.php?s928+gcups.bugs+v935+T0\nVendor Specific News/Changelog Entry: http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2005-772.html)\nSecurity Tracker: 1012811\n[Secunia Advisory ID:16912](https://secuniaresearch.flexerasoftware.com/advisories/16912/)\n[Secunia Advisory ID:16950](https://secuniaresearch.flexerasoftware.com/advisories/16950/)\nKeyword: tcp port 631\nGeneric Exploit URL: http://www.securiteam.com/exploits/5WP021PGUW.html\n[CVE-2005-2874](https://vulners.com/cve/CVE-2005-2874)\n", "modified": "2004-12-30T23:13:00", "published": "2004-12-30T23:13:00", "href": "https://vulners.com/osvdb/OSVDB:12834", "id": "OSVDB:12834", "type": "osvdb", "title": "CUPS Malformed Traversal HTTP Request Remote DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:24:18", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2874"], "description": "**CentOS Errata and Security Advisory** CESA-2005:772\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nA bug was found in the way CUPS processes malformed HTTP requests. It is\r\npossible for a remote user capable of connecting to the CUPS daemon to\r\nissue a malformed HTTP GET request that causes CUPS to enter an\r\ninfinite loop. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-2874 to this issue.\r\n\r\nTwo small bugs have also been fixed in this update. A signal handling\r\nproblem has been fixed that could occasionally cause the scheduler to stop\r\nwhen told to reload. A problem with tracking open file descriptors under\r\ncertain specific circumstances has also been fixed.\r\n\r\nAll users of CUPS should upgrade to these erratum packages, which contain a\r\npatch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/024233.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/024234.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/024243.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/024244.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-772.html", "edition": 4, "modified": "2005-09-27T21:53:51", "published": "2005-09-27T12:53:05", "href": "http://lists.centos.org/pipermail/centos-announce/2005-September/024233.html", "id": "CESA-2005:772", "title": "cups security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:42", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2874"], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nA bug was found in the way CUPS processes malformed HTTP requests. It is\r\npossible for a remote user capable of connecting to the CUPS daemon to\r\nissue a malformed HTTP GET request that causes CUPS to enter an\r\ninfinite loop. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-2874 to this issue.\r\n\r\nTwo small bugs have also been fixed in this update. A signal handling\r\nproblem has been fixed that could occasionally cause the scheduler to stop\r\nwhen told to reload. A problem with tracking open file descriptors under\r\ncertain specific circumstances has also been fixed.\r\n\r\nAll users of CUPS should upgrade to these erratum packages, which contain a\r\npatch to correct this issue.", "modified": "2017-09-08T11:58:58", "published": "2005-09-27T04:00:00", "id": "RHSA-2005:772", "href": "https://access.redhat.com/errata/RHSA-2005:772", "type": "redhat", "title": "(RHSA-2005:772) cups security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:24:52", "description": "Updated CUPS packages that fix a security issue are now available for\nRed Hat Enterprise Linux.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA bug was found in the way CUPS processes malformed HTTP requests. It\nis possible for a remote user capable of connecting to the CUPS daemon\nto issue a malformed HTTP GET request that causes CUPS to enter an\ninfinite loop. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-2874 to this issue.\n\nTwo small bugs have also been fixed in this update. A signal handling\nproblem has been fixed that could occasionally cause the scheduler to\nstop when told to reload. A problem with tracking open file\ndescriptors under certain specific circumstances has also been fixed.\n\nAll users of CUPS should upgrade to these erratum packages, which\ncontain a patch to correct this issue.", "edition": 26, "published": "2007-01-08T00:00:00", "title": "CentOS 4 : cups (CESA-2005:772)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2874"], "modified": "2007-01-08T00:00:00", "cpe": ["p-cpe:/a:centos:centos:cups-libs", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:cups", "p-cpe:/a:centos:centos:cups-devel"], "id": "CENTOS_RHSA-2005-772.NASL", "href": "https://www.tenable.com/plugins/nessus/23982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:772 and \n# CentOS Errata and Security Advisory 2005:772 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23982);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2874\");\n script_xref(name:\"RHSA\", value:\"2005:772\");\n\n script_name(english:\"CentOS 4 : cups (CESA-2005:772)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated CUPS packages that fix a security issue are now available for\nRed Hat Enterprise Linux.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA bug was found in the way CUPS processes malformed HTTP requests. It\nis possible for a remote user capable of connecting to the CUPS daemon\nto issue a malformed HTTP GET request that causes CUPS to enter an\ninfinite loop. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-2874 to this issue.\n\nTwo small bugs have also been fixed in this update. A signal handling\nproblem has been fixed that could occasionally cause the scheduler to\nstop when told to reload. A problem with tracking open file\ndescriptors under certain specific circumstances has also been fixed.\n\nAll users of CUPS should upgrade to these erratum packages, which\ncontain a patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012195.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?33ec3794\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012205.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5ea71b5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012206.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be02d469\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"cups-1.1.22-0.rc1.9.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"cups-devel-1.1.22-0.rc1.9.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"cups-libs-1.1.22-0.rc1.9.8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:48:09", "description": "Kenshi Muto discovered that the CUPS server would enter an infinite\nloop when processing a URL containing /...", "edition": 25, "published": "2005-07-13T00:00:00", "title": "FreeBSD : cups-base -- CUPS server remote DoS vulnerability (990cf07e-6988-11d9-a9e7-0001020eed82)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2874"], "modified": "2005-07-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:cups-base", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_990CF07E698811D9A9E70001020EED82.NASL", "href": "https://www.tenable.com/plugins/nessus/19045", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19045);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2874\");\n script_bugtraq_id(12200);\n\n script_name(english:\"FreeBSD : cups-base -- CUPS server remote DoS vulnerability (990cf07e-6988-11d9-a9e7-0001020eed82)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kenshi Muto discovered that the CUPS server would enter an infinite\nloop when processing a URL containing /...\"\n );\n # http://www.cups.org/str.php?L1042\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/apple/cups/issues/1042\"\n );\n # https://vuxml.freebsd.org/freebsd/990cf07e-6988-11d9-a9e7-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?259a312e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cups-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"cups-base>=1.1.21<1.1.23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:05:52", "description": "A bug was found in the way CUPS processes malformed HTTP requests. It\nis possible for a remote user capable of connecting to the CUPS daemon\nto issue a malformed HTTP GET request which will cause CUPS to enter\nan infinite loop. This is CVE-2005-2874.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-10-05T00:00:00", "title": "Fedora Core 3 : cups-1.1.22-0.rc1.8.7 (2005-908)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2874"], "modified": "2005-10-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cups-debuginfo", "cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:cups", "p-cpe:/a:fedoraproject:fedora:cups-libs", "p-cpe:/a:fedoraproject:fedora:cups-devel"], "id": "FEDORA_2005-908.NASL", "href": "https://www.tenable.com/plugins/nessus/19870", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-908.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19870);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-2874\");\n script_xref(name:\"FEDORA\", value:\"2005-908\");\n\n script_name(english:\"Fedora Core 3 : cups-1.1.22-0.rc1.8.7 (2005-908)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug was found in the way CUPS processes malformed HTTP requests. It\nis possible for a remote user capable of connecting to the CUPS daemon\nto issue a malformed HTTP GET request which will cause CUPS to enter\nan infinite loop. This is CVE-2005-2874.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-September/001399.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?004b62ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"cups-1.1.22-0.rc1.8.7\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"cups-debuginfo-1.1.22-0.rc1.8.7\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"cups-devel-1.1.22-0.rc1.8.7\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"cups-libs-1.1.22-0.rc1.8.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-debuginfo / cups-devel / cups-libs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:32", "description": "Updated CUPS packages that fix a security issue are now available for\nRed Hat Enterprise Linux.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA bug was found in the way CUPS processes malformed HTTP requests. It\nis possible for a remote user capable of connecting to the CUPS daemon\nto issue a malformed HTTP GET request that causes CUPS to enter an\ninfinite loop. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-2874 to this issue.\n\nTwo small bugs have also been fixed in this update. A signal handling\nproblem has been fixed that could occasionally cause the scheduler to\nstop when told to reload. A problem with tracking open file\ndescriptors under certain specific circumstances has also been fixed.\n\nAll users of CUPS should upgrade to these erratum packages, which\ncontain a patch to correct this issue.", "edition": 27, "published": "2005-10-05T00:00:00", "title": "RHEL 4 : cups (RHSA-2005:772)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2874"], "modified": "2005-10-05T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:cups-devel", "p-cpe:/a:redhat:enterprise_linux:cups", "p-cpe:/a:redhat:enterprise_linux:cups-libs"], "id": "REDHAT-RHSA-2005-772.NASL", "href": "https://www.tenable.com/plugins/nessus/19834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:772. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19834);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2874\");\n script_xref(name:\"RHSA\", value:\"2005:772\");\n\n script_name(english:\"RHEL 4 : cups (RHSA-2005:772)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated CUPS packages that fix a security issue are now available for\nRed Hat Enterprise Linux.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX(R) operating systems.\n\nA bug was found in the way CUPS processes malformed HTTP requests. It\nis possible for a remote user capable of connecting to the CUPS daemon\nto issue a malformed HTTP GET request that causes CUPS to enter an\ninfinite loop. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-2874 to this issue.\n\nTwo small bugs have also been fixed in this update. A signal handling\nproblem has been fixed that could occasionally cause the scheduler to\nstop when told to reload. A problem with tracking open file\ndescriptors under certain specific circumstances has also been fixed.\n\nAll users of CUPS should upgrade to these erratum packages, which\ncontain a patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:772\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cups, cups-devel and / or cups-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:772\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"cups-1.1.22-0.rc1.9.8\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"cups-devel-1.1.22-0.rc1.9.8\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"cups-libs-1.1.22-0.rc1.9.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:34:00", "description": "According to its banner, the version of CUPS installed on the remote\nhost is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to\nmultiple vulnerabilities :\n\n - A remotely exploitable buffer overflow in the 'hpgltops'\n filter that enable specially crafted HPGL files can\n execute arbitrary commands as the CUPS 'lp' account.\n\n - A local user may be able to prevent anyone from changing\n their password until a temporary copy of the new\n password\n file is cleaned up (lppasswd flaw).\n\n - A local user may be able to add arbitrary content to the\n password file by closing the stderr file descriptor\n while running lppasswd (lppasswd flaw).\n\n - A local attacker may be able to truncate the CUPS\n password file, thereby denying service to valid clients\n using digest authentication. (lppasswd flaw).\n\n - The application applies ACLs to incoming print jobs in a\n case-sensitive fashion. Thus, an attacker can bypass\n restrictions by changing the case in printer names when\n submitting jobs. [Fixed in 1.1.21.]", "edition": 25, "published": "2005-01-12T00:00:00", "title": "CUPS < 1.1.23 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1269", "CVE-2005-2874", "CVE-2004-1270", "CVE-2004-1267", "CVE-2004-1268"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:cups"], "id": "CUPS_MULTIPLE_VULNERABILITIES.NASL", "href": "https://www.tenable.com/plugins/nessus/16141", "sourceData": "#\n# This script was written by George A. Theall, <theall@tifaware.com>.\n#\n# See the Nessus Scripts License for details.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16141);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/07/06 11:26:08\");\n\n script_cve_id(\n \"CVE-2004-1267\",\n \"CVE-2004-1268\",\n \"CVE-2004-1269\",\n \"CVE-2004-1270\",\n \"CVE-2005-2874\"\n );\n script_bugtraq_id(11968, 12004, 12005, 12007, 12200, 14265);\n script_xref(name:\"FLSA\", value:\"FEDORA-2004-559\");\n script_xref(name:\"FLSA\", value:\"FEDORA-2004-560\");\n script_xref(name:\"GLSA\", value:\"GLSA-200412-25\");\n\n script_name(english:\"CUPS < 1.1.23 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of CUPS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote print service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of CUPS installed on the remote\nhost is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to\nmultiple vulnerabilities :\n\n - A remotely exploitable buffer overflow in the 'hpgltops'\n filter that enable specially crafted HPGL files can\n execute arbitrary commands as the CUPS 'lp' account.\n\n - A local user may be able to prevent anyone from changing\n their password until a temporary copy of the new\n password\n file is cleaned up (lppasswd flaw).\n\n - A local user may be able to add arbitrary content to the\n password file by closing the stderr file descriptor\n while running lppasswd (lppasswd flaw).\n\n - A local attacker may be able to truncate the CUPS\n password file, thereby denying service to valid clients\n using digest authentication. (lppasswd flaw).\n\n - The application applies ACLs to incoming print jobs in a\n case-sensitive fashion. Thus, an attacker can bypass\n restrictions by changing the case in printer names when\n submitting jobs. [Fixed in 1.1.21.]\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L700\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L1024\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L1023\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to CUPS 1.1.23 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:cups\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 George A. Theall\");\n script_family(english:\"Misc.\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_keys(\"www/cups\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 631);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n# nb: banner checks of open source software are prone to false-\n# positives so only run the check if reporting is paranoid.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (!get_kb_item(\"www/cups\")) exit(1, \"The 'www/cups' KB item is missing.\");\n\nport = get_http_port(default:631, embedded: 1);\n\n\n# Check the version in the banner.\nbanner = get_http_banner(port:port);\nif (!banner) exit(1, \"Failed to retrieve the banner from the web server on port \"+ port +\".\");\n\nbanner = strstr(banner, \"Server:\");\nbanner = banner - strstr(banner, '\\r\\n');\nif (!ereg(pattern:\"^Server:.*CUPS($|/)\", string:banner))\n exit(0, \"The banner from port \"+port+\" is not from CUPS.\");\nif (!ereg(pattern:\"CUPS/[0-9]\", string:banner))\n exit(0, \"The CUPS server on port \"+port+\" does not include its version in the banner.\");\n\nversion = strstr(banner, \"CUPS/\") - \"CUPS/\";\nif (\" \" >< version) version = version - strstr(version, \" \");\nif (version =~ \"^1\\.(0|1\\.(1|2[0-2]))($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report = '\\n' +\n 'CUPS version ' + version + ' appears to be running on the remote host based\\n' +\n 'on the following Server response header :\\n' +\n '\\n'+\n ' ' + banner + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse if (version =~ \"^(1|1\\.3)($|[^0-9.])\") exit(1, \"The banner from the CUPS server listening on port \"+port+\" - \"+banner+\" - is not granular enough to make a determination.\");\nelse exit(0, \"CUPS version \"+ version + \" is listening on port \"+port+\" and thus not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2874"], "description": "\nKenshi Muto discovered that the CUPS server would enter an\n\t infinite loop when processing a URL containing\n\t /...\n", "edition": 4, "modified": "2005-09-21T00:00:00", "published": "2004-12-30T00:00:00", "id": "990CF07E-6988-11D9-A9E7-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/990cf07e-6988-11d9-a9e7-0001020eed82.html", "title": "cups-base -- CUPS server remote DoS vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1269", "CVE-2005-2874", "CVE-2004-1270", "CVE-2004-1267", "CVE-2004-1268"], "description": "The remote host is running a CUPS server whose version number is\n between 1.0.4 and 1.1.22 inclusive. Such versions are prone to\n multiple vulnerabilities :\n\n - The is_path_absolute function in scheduler/client.c for the\n daemon in CUPS allows remote attackers to cause a denial\n of service (CPU consumption by tight loop) via a ", "modified": "2019-03-04T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231016141", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231016141", "type": "openvas", "title": "CUPS < 1.1.23 Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: cups_multiple_vulnerabilities.nasl 13975 2019-03-04 09:32:08Z cfischer $\n#\n# CUPS < 1.1.23 Multiple Vulnerabilities\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>\n#\n# Copyright:\n# Copyright (C) 2005 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:cups\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.16141\");\n script_version(\"$Revision: 13975 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-04 10:32:08 +0100 (Mon, 04 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2004-1267\", \"CVE-2004-1268\", \"CVE-2004-1269\", \"CVE-2004-1270\", \"CVE-2005-2874\");\n script_bugtraq_id(11968, 12004, 12005, 12007, 12200, 14265);\n script_xref(name:\"OSVDB\", value:\"12439\");\n script_xref(name:\"OSVDB\", value:\"12453\");\n script_xref(name:\"OSVDB\", value:\"12454\");\n script_xref(name:\"FLSA\", value:\"FEDORA-2004-908\");\n script_xref(name:\"FLSA\", value:\"FEDORA-2004-559\");\n script_xref(name:\"FLSA\", value:\"FEDORA-2004-560\");\n script_xref(name:\"GLSA\", value:\"GLSA-200412-25\");\n script_name(\"CUPS < 1.1.23 Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2005 George A. Theall\");\n script_family(\"Gain a shell remotely\");\n script_dependencies(\"secpod_cups_detect.nasl\");\n script_require_ports(\"Services/www\", 631);\n script_mandatory_keys(\"CUPS/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.cups.org/str.php?L700\");\n script_xref(name:\"URL\", value:\"http://www.cups.org/str.php?L1024\");\n script_xref(name:\"URL\", value:\"http://www.cups.org/str.php?L1023\");\n script_xref(name:\"URL\", value:\"http://www.cups.org/str.php?L1042\");\n\n script_tag(name:\"solution\", value:\"Upgrade to CUPS 1.1.23 or later.\");\n script_tag(name:\"summary\", value:\"The remote host is running a CUPS server whose version number is\n between 1.0.4 and 1.1.22 inclusive. Such versions are prone to\n multiple vulnerabilities :\n\n - The is_path_absolute function in scheduler/client.c for the\n daemon in CUPS allows remote attackers to cause a denial\n of service (CPU consumption by tight loop) via a '..\\..'\n URL in an HTTP request.\n\n - A remotely exploitable buffer overflow in the 'hpgltops'\n filter that enable specially crafted HPGL files can\n execute arbitrary commands as the CUPS 'lp' account.\n\n - A local user may be able to prevent anyone from changing\n his or her password until a temporary copy of the new\n password file is cleaned up ('lppasswd' flaw).\n\n - A local user may be able to add arbitrary content to the\n password file by closing the stderr file descriptor\n while running lppasswd (lppasswd flaw).\n\n - A local attacker may be able to truncate the CUPS\n password file, thereby denying service to valid clients\n using digest authentication. (lppasswd flaw).\n\n - The application applies ACLs to incoming print jobs in a\n case-sensitive fashion. Thus, an attacker can bypass\n restrictions by changing the case in printer names when\n submitting jobs. [Fixed in 1.1.21.]\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"1.1.23\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.23\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
