Executive Summary
Summary | |
---|---|
Title | cups security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0498 | First vendor Publication | 2008-06-04 |
Vendor | RedHat | Last vendor Modification | 2008-06-04 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated cups packages that fix a security issue are now available for Red Hat Enterprise Linux 3, Red Hat Enterprise Linux 4, and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An integer overflow flaw leading to a heap buffer overflow was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1722) All CUPS users are advised to upgrade to these updated packages, which contain backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 441692 - CVE-2008-1722 cups: integer overflow in the image filter |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0498.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17808 | |||
Oval ID: | oval:org.mitre.oval:def:17808 | ||
Title: | USN-606-1 -- cupsys vulnerability | ||
Description: | Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-606-1 CVE-2008-1722 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | cupsys |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17812 | |||
Oval ID: | oval:org.mitre.oval:def:17812 | ||
Title: | USN-656-1 -- cupsys vulnerabilities | ||
Description: | It was discovered that the SGI image filter in CUPS did not perform proper bounds checking. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-656-1 CVE-2008-3639 CVE-2008-3640 CVE-2008-3641 CVE-2008-1722 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | cupsys |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18637 | |||
Oval ID: | oval:org.mitre.oval:def:18637 | ||
Title: | DSA-1625-1 cupsys - arbitrary code execution | ||
Description: | Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1625-1 CVE-2008-0053 CVE-2008-1373 CVE-2008-1722 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | cupsys |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22069 | |||
Oval ID: | oval:org.mitre.oval:def:22069 | ||
Title: | ELSA-2008:0498: cups security update (Moderate) | ||
Description: | Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0498-02 CVE-2008-1722 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7208 | |||
Oval ID: | oval:org.mitre.oval:def:7208 | ||
Title: | DSA-1625 cupsys -- buffer overflows | ||
Description: | Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). The Common Vulnerabilities and Exposures project identifies the following problems: Buffer overflows in the HP-GL input filter allowed to possibly run arbitrary code through crafted HP-GL files. Buffer overflow in the GIF filter allowed to possibly run arbitrary code through crafted GIF files. Integer overflows in the PNG filter allowed to possibly run arbitrary code through crafted PNG files. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1625 CVE-2008-0053 CVE-2008-1373 CVE-2008-1722 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | cupsys |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8768 | |||
Oval ID: | oval:org.mitre.oval:def:8768 | ||
Title: | Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. | ||
Description: | Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1722 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-11062 (cups) File : nvt/fcore_2009_11062.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12652 (cups) File : nvt/fcore_2009_12652.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3753 (cups) File : nvt/fcore_2009_3753.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3769 (cups) File : nvt/fcore_2009_3769.nasl |
2009-04-09 | Name : Mandriva Update for cups MDVSA-2008:170 (cups) File : nvt/gb_mandriva_MDVSA_2008_170.nasl |
2009-03-23 | Name : Ubuntu Update for cupsys vulnerabilities USN-656-1 File : nvt/gb_ubuntu_USN_656_1.nasl |
2009-03-23 | Name : Ubuntu Update for cupsys vulnerability USN-606-1 File : nvt/gb_ubuntu_USN_606_1.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0498-01 File : nvt/gb_RHSA-2008_0498-01_cups.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0498 centos3 i386 File : nvt/gb_CESA-2008_0498_cups_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0498 centos3 x86_64 File : nvt/gb_CESA-2008_0498_cups_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0498 centos4 i386 File : nvt/gb_CESA-2008_0498_cups_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0498 centos4 x86_64 File : nvt/gb_CESA-2008_0498_cups_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-3449 File : nvt/gb_fedora_2008_3449_cups_fc7.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-3586 File : nvt/gb_fedora_2008_3586_cups_fc8.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-3756 File : nvt/gb_fedora_2008_3756_cups_fc9.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-8801 File : nvt/gb_fedora_2008_8801_cups_fc8.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-8844 File : nvt/gb_fedora_2008_8844_cups_fc9.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10895 File : nvt/gb_fedora_2008_10895_cups_fc10.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10911 File : nvt/gb_fedora_2008_10911_cups_fc8.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10917 File : nvt/gb_fedora_2008_10917_cups_fc9.nasl |
2008-12-03 | Name : FreeBSD Ports: cups-base File : nvt/freebsd_cups-base7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-23 (cups) File : nvt/glsa_200804_23.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1625-1 (cupsys) File : nvt/deb_1625_1.nasl |
2008-06-17 | Name : Cups < 1.3.8 vulnerability File : nvt/cups_CB-A08-0045.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44398 | CUPS PNG File Handling Multiple Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0498.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1028.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080604_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-170.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-656-1.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1028.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1028.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1625.nasl - Type : ACT_GATHER_INFO |
2008-07-25 | Name : The remote printer service (CUPS) is affected by a buffer overflow vulnerabil... File : cups_1_3_8.nasl - Type : ACT_GATHER_INFO |
2008-06-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0498.nasl - Type : ACT_GATHER_INFO |
2008-06-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0498.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3756.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3449.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3586.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-606-1.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-23.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:41 |
|