oval:org.mitre.oval:def:7234

Definition Id: oval:org.mitre.oval:def:7234

Oval ID:	oval:org.mitre.oval:def:7234
Title:	DSA-2007 cups -- format string vulnerability
Description:	Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf. This works as the lppasswd binary happens to be installed with setuid 0 permissions.
Family:	unix	Class:	patch
Reference(s):	DSA-2007 CVE-2010-0393	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	cups
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND Packages section cupsys-bsd is earlier than 1.3.8-1+lenny8 AND cups-common is earlier than 1.3.8-1+lenny8 AND libcupsys2-dev is earlier than 1.3.8-1+lenny8 AND cupsys-common is earlier than 1.3.8-1+lenny8 AND cupsys-client is earlier than 1.3.8-1+lenny8 AND cupsys-dbg is earlier than 1.3.8-1+lenny8 AND cupsys is earlier than 1.3.8-1+lenny8 AND libcupsys2 is earlier than 1.3.8-1+lenny8 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libcups2-dev is earlier than 1.3.8-1+lenny8 AND cups-bsd is earlier than 1.3.8-1+lenny8 AND libcupsimage2-dev is earlier than 1.3.8-1+lenny8 AND libcupsimage2 is earlier than 1.3.8-1+lenny8 AND cups-client is earlier than 1.3.8-1+lenny8 AND libcups2 is earlier than 1.3.8-1+lenny8 AND cups-dbg is earlier than 1.3.8-1+lenny8 AND cups is earlier than 1.3.8-1+lenny8

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:7234

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0263s

Facebook rss twitter linkedin mail