Lucene search

K

CentOS Update for cups CESA-2008:0206 centos4 x86_64

πŸ—“οΈΒ 27 Feb 2009Β 00:00:00Reported byΒ Copyright (C) 2009 Greenbone Networks GmbHTypeΒ 
openvas
Β openvas
πŸ”—Β plugins.openvas.orgπŸ‘Β 28Β Views

CentOS Update for cups CESA-2008:0206 centos4 x86_64. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter, a buffer overflow flaw in the GIF decoding routines used by CUPS image converting filters, and a patch issue in CUPS packages in Red Hat Enterprise Linux. All cups users are advised to upgrade to updated packages, containing backported patches to resolve these issues

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OpenVAS
CentOS Update for cups CESA-2008:0206 centos4 i386
27 Feb 200900:00
–openvas
OpenVAS
RedHat Update for cups RHSA-2008:0206-01
6 Mar 200900:00
–openvas
OpenVAS
CentOS Update for cups CESA-2008:0206 centos3 x86_64
27 Feb 200900:00
–openvas
OpenVAS
CentOS Update for cups CESA-2008:0206 centos4 i386
27 Feb 200900:00
–openvas
OpenVAS
CentOS Update for cups CESA-2008:0206 centos4 x86_64
27 Feb 200900:00
–openvas
OpenVAS
RedHat Update for cups RHSA-2008:0206-01
6 Mar 200900:00
–openvas
OpenVAS
CentOS Update for cups CESA-2008:0206 centos3 i386
27 Feb 200900:00
–openvas
OpenVAS
CentOS Update for cups CESA-2008:0206 centos3 i386
27 Feb 200900:00
–openvas
OpenVAS
CentOS Update for cups CESA-2008:0206 centos3 x86_64
27 Feb 200900:00
–openvas
OpenVAS
SuSE Update for cups SUSE-SA:2008:020
23 Jan 200900:00
–openvas
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for cups CESA-2008:0206 centos4 x86_64
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The Common UNIX Printing System (CUPS) provides a portable printing layer
  for UNIX(R) operating systems.

  Two overflows were discovered in the HP-GL/2-to-PostScript filter. An
  attacker could create a malicious HP-GL/2 file that could possibly execute
  arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053)
  
  A buffer overflow flaw was discovered in the GIF decoding routines used by
  CUPS image converting filters "imagetops" and "imagetoraster". An attacker
  could create a malicious GIF file that could possibly execute arbitrary
  code as the "lp" user if the file was printed. (CVE-2008-1373)
  
  It was discovered that the patch used to address CVE-2004-0888 in CUPS
  packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the
  integer overflow in the "pdftops" filter on 64-bit platforms.  An attacker
  could create a malicious PDF file that could possibly execute arbitrary
  code as the "lp" user if the file was printed. (CVE-2008-1374)
  
  All cups users are advised to upgrade to these updated packages, which
  contain backported patches to resolve these issues.";

tag_affected = "cups on CentOS 4";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2008-April/014800.html");
  script_id(880155);
  script_version("$Revision: 6651 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name: "CESA", value: "2008:0206");
  script_cve_id("CVE-2008-0053", "CVE-2008-1373", "CVE-2008-1374", "CVE-2004-0888", "CVE-2005-0206");
  script_name( "CentOS Update for cups CESA-2008:0206 centos4 x86_64");

  script_summary("Check for the Version of cups");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS4")
{

  if ((res = isrpmvuln(pkg:"cups", rpm:"cups~1.1.22~0.rc1.9.20.2.el4_6.6", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.22~0.rc1.9.20.2.el4_6.6", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.22~0.rc1.9.20.2.el4_6.6", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo