Executive Summary
Summary | |
---|---|
Title | New cupsys packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1437 | First vendor Publication | 2007-12-26 |
Vendor | Debian | Last vendor Modification | 2007-12-26 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several local vulnerabilities have been discovered in the Common UNIX Printing System. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5849 Wei Wang discovered that an buffer overflow in the SNMP backend may lead to the execution of arbitrary code. CVE-2007-6358 Elias Pipping discovered that insecure handling of a temporary file in the pdftops.pl script may lead to local denial of service. This vulnerability is not exploitable in the default configuration. For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch2. The old stable distribution (sarge) is not affected by CVE-2007-5849. The other issue doesn't warrant an update on it's own and has been postponed. For the unstable distribution (sid), these problems have been fixed in version 1.3.5-1. We recommend that you upgrade your cupsys packages. |
Original Source
Url : http://www.debian.org/security/2007/dsa-1437 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17315 | |||
Oval ID: | oval:org.mitre.oval:def:17315 | ||
Title: | USN-563-1 -- cupsys vulnerabilities | ||
Description: | Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-563-1 CVE-2007-5849 CVE-2007-6358 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | cupsys |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18490 | |||
Oval ID: | oval:org.mitre.oval:def:18490 | ||
Title: | DSA-1437-1 cupsys | ||
Description: | Several local vulnerabilities have been discovered in the Common UNIX Printing System. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1437-1 CVE-2007-5849 CVE-2007-6358 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | cupsys |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-04-09 | Name : Mandriva Update for cups MDVSA-2008:036 (cups) File : nvt/gb_mandriva_MDVSA_2008_036.nasl |
2009-03-23 | Name : Ubuntu Update for cupsys vulnerabilities USN-563-1 File : nvt/gb_ubuntu_USN_563_1.nasl |
2009-01-23 | Name : SuSE Update for cups SUSE-SA:2008:002 File : nvt/gb_suse_2008_002.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200712-14 (cups) File : nvt/glsa_200712_14.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1437-1 (cupsys) File : nvt/deb_1437_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42029 | Alternate pdftops Filter for CUPS pdfin.[PID].tmp Symlink Arbitrary File Over... |
40719 | CUPS SNMP Back End (backend/snmp.c) asn1_get_string Function Crafted SNMP Res... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-036.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote openSUSE host is missing a security update. File : suse_cups-4806.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-563-1.nasl - Type : ACT_GATHER_INFO |
2007-12-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1437.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote printer service is affected by a buffer overflow vulnerability. File : cups_1_3_5.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200712-14.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:07 |
|