Executive Summary
Summary | |
---|---|
Title | CUPS vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-563-1 | First vendor Publication | 2008-01-09 |
Vendor | Ubuntu | Last vendor Modification | 2008-01-09 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code. Elias Pipping discovered that temporary files were not handled safely in certain situations when converting PDF to PS. A local attacker could cause a denial of service. |
Original Source
Url : http://www.ubuntu.com/usn/USN-563-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17315 | |||
Oval ID: | oval:org.mitre.oval:def:17315 | ||
Title: | USN-563-1 -- cupsys vulnerabilities | ||
Description: | Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-563-1 CVE-2007-5849 CVE-2007-6358 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | cupsys |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18490 | |||
Oval ID: | oval:org.mitre.oval:def:18490 | ||
Title: | DSA-1437-1 cupsys | ||
Description: | Several local vulnerabilities have been discovered in the Common UNIX Printing System. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1437-1 CVE-2007-5849 CVE-2007-6358 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | cupsys |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-04-09 | Name : Mandriva Update for cups MDVSA-2008:036 (cups) File : nvt/gb_mandriva_MDVSA_2008_036.nasl |
2009-03-23 | Name : Ubuntu Update for cupsys vulnerabilities USN-563-1 File : nvt/gb_ubuntu_USN_563_1.nasl |
2009-01-23 | Name : SuSE Update for cups SUSE-SA:2008:002 File : nvt/gb_suse_2008_002.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200712-14 (cups) File : nvt/glsa_200712_14.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1437-1 (cupsys) File : nvt/deb_1437_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42029 | Alternate pdftops Filter for CUPS pdfin.[PID].tmp Symlink Arbitrary File Over... |
40719 | CUPS SNMP Back End (backend/snmp.c) asn1_get_string Function Crafted SNMP Res... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-036.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote openSUSE host is missing a security update. File : suse_cups-4806.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-563-1.nasl - Type : ACT_GATHER_INFO |
2007-12-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1437.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote printer service is affected by a buffer overflow vulnerability. File : cups_1_3_5.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200712-14.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:52 |
|