Lucene search
Copyright (C) 2009 Greenbone Networks GmbHOPENVAS:850039HistoryJan 23, 2009 - 12:00 a.m.
SuSE Update for cups SUSE-SA:2008:002
2009-01-2300:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
13
0.429 Medium
EPSS
Percentile
97.0%
Check for the Version of cups
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2008_002.nasl 8050 2017-12-08 09:34:29Z santu $
#
# SuSE Update for cups SUSE-SA:2008:002
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Various security issue have been fixed in the CUPS print server.
- CVE-2007-5848: A buffer overflow that can be exploited by users that are allowed to configure CUPS.
- CVE-2007-5849: Additionally a buffer overflow in the SNMP backend of CUPS was fixed that allowed
remote attackers to execute arbitrary code by sending specially crafted SNMP responses.
This requires a local administrator to trigger a SNMP request and the attacker then injecting
a response.
The second vulnerability affects openSUSE 10.2 and 10.3 only.";
tag_impact = "remote code execution";
tag_affected = "cups on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_id(850039);
script_version("$Revision: 8050 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $");
script_tag(name:"creation_date", value:"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_xref(name: "SUSE-SA", value: "2008-002");
script_cve_id("CVE-2007-5848", "CVE-2007-5849");
script_name( "SuSE Update for cups SUSE-SA:2008:002");
script_summary("Check for the Version of cups");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "openSUSE10.3")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.2.12~22.6", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.2.12~22.6", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.2.12~22.6", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.2.12~22.6", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs-32bit", rpm:"cups-libs-32bit~1.2.12~22.6", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "openSUSE10.2")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.2.7~12.9", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.2.7~12.9", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.2.7~12.9", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.2.7~12.9", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs-32bit", rpm:"cups-libs-32bit~1.2.7~12.9", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "NLDk9")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.20~108.46", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.20~108.46", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.20~108.46", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.20~108.46", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.23~40.35", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.23~40.35", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.23~40.35", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.23~40.35", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs-32bit", rpm:"cups-libs-32bit~1.1.23~40.35", rls:"NLDk9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "NLPOS9")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.20~108.46", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.20~108.46", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.20~108.46", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.20~108.46", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.23~40.35", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.23~40.35", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.23~40.35", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.23~40.35", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs-32bit", rpm:"cups-libs-32bit~1.1.23~40.35", rls:"NLPOS9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "OES")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.20~108.46", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.20~108.46", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.20~108.46", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.20~108.46", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.23~40.35", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.23~40.35", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.23~40.35", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.23~40.35", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs-32bit", rpm:"cups-libs-32bit~1.1.23~40.35", rls:"OES")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLES9")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.20~108.46", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.20~108.46", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.20~108.46", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.20~108.46", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.23~40.35", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.23~40.35", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.23~40.35", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.23~40.35", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs-32bit", rpm:"cups-libs-32bit~1.1.23~40.35", rls:"SLES9")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "LES10SP1")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.20~108.46", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.20~108.46", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.20~108.46", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.20~108.46", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.23~40.35", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.23~40.35", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.23~40.35", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.23~40.35", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs-32bit", rpm:"cups-libs-32bit~1.1.23~40.35", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLESDk10SP1")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.20~108.46", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.20~108.46", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.20~108.46", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.20~108.46", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.23~40.35", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.23~40.35", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.23~40.35", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.23~40.35", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs-32bit", rpm:"cups-libs-32bit~1.1.23~40.35", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SL10.1")
{
if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.23~40.35", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-client", rpm:"cups-client~1.1.23~40.35", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.23~40.35", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.23~40.35", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
References
Related
nessus
nessus
openSUSE 10 Security Update : cups (cups-4806)
2008-01-10 00:00:00
SuSE9 Security Update : cups (YOU Patch Number 12016)
2009-09-24 00:00:00
SuSE 10 Security Update : cups (ZYPP Patch Number 4805)
2008-01-10 00:00:00
suse
suse
remote code execution in cups
2008-01-10 16:51:00
cve
cve
CVE-2007-5848
2007-12-19 21:46:00
CVE-2007-5849
2007-12-19 21:46:00
openvas
openvas
SLES9: Security update for cups
2009-10-10 00:00:00
SLES9: Security update for cups
2009-10-10 00:00:00
Ubuntu: Security Advisory (USN-563-1)
2009-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2007-5848
2007-12-19 00:00:00
CVE-2007-5849
2007-12-19 00:00:00
cvelist
cvelist
CVE-2007-5848
2007-12-19 21:00:00
CVE-2007-5849
2007-12-19 21:00:00
debiancve
debiancve
CVE-2007-5848
2007-12-19 21:46:00
CVE-2007-5849
2007-12-19 21:46:00
prion
prion
Buffer overflow
2007-12-19 21:46:00
Integer overflow
2007-12-19 21:46:00
seebug
seebug
CUPS SNMPεη«―asn1_get_string()ε½ζ°θΏη¨ζ ζΊ’εΊζΌζ΄
2008-01-04 00:00:00
Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities
2008-01-06 00:00:00
debian
debian
[SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities
2007-12-26 13:20:46
osv
osv
cupsys
2007-12-26 00:00:00
ubuntu
ubuntu
CUPS vulnerabilities
2008-01-09 00:00:00
oraclelinux
oraclelinux
Important: cups security update
2008-02-25 00:00:00
Important: cups security update
2008-02-25 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2007-12-18 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
securityvulns
securityvulns
[ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities
2008-02-27 00:00:00
Cups multiple security vulnerabilities
2008-02-27 00:00:00