Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.16141 |
Kategorie: | Gain a shell remotely |
Titel: | CUPS < 1.1.23 Multiple Vulnerabilities |
Zusammenfassung: | The remote host is running a CUPS server whose version number is; between 1.0.4 and 1.1.22 inclusive. Such versions are prone to; multiple vulnerabilities :;; - The is_path_absolute function in scheduler/client.c for the; daemon in CUPS allows remote attackers to cause a denial; of service (CPU consumption by tight loop) via a '..\..'; URL in an HTTP request.;; - A remotely exploitable buffer overflow in the 'hpgltops'; filter that enable specially crafted HPGL files can; execute arbitrary commands as the CUPS 'lp' account.;; - A local user may be able to prevent anyone from changing; his or her password until a temporary copy of the new; password file is cleaned up ('lppasswd' flaw).;; - A local user may be able to add arbitrary content to the; password file by closing the stderr file descriptor; while running lppasswd (lppasswd flaw).;; - A local attacker may be able to truncate the CUPS; password file, thereby denying service to valid clients; using digest authentication. (lppasswd flaw).;; - The application applies ACLs to incoming print jobs in a; case-sensitive fashion. Thus, an attacker can bypass; restrictions by changing the case in printer names when; submitting jobs. [Fixed in 1.1.21.] |
Beschreibung: | Summary: The remote host is running a CUPS server whose version number is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to multiple vulnerabilities : - The is_path_absolute function in scheduler/client.c for the daemon in CUPS allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a '..\..' URL in an HTTP request. - A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted HPGL files can execute arbitrary commands as the CUPS 'lp' account. - A local user may be able to prevent anyone from changing his or her password until a temporary copy of the new password file is cleaned up ('lppasswd' flaw). - A local user may be able to add arbitrary content to the password file by closing the stderr file descriptor while running lppasswd (lppasswd flaw). - A local attacker may be able to truncate the CUPS password file, thereby denying service to valid clients using digest authentication. (lppasswd flaw). - The application applies ACLs to incoming print jobs in a case-sensitive fashion. Thus, an attacker can bypass restrictions by changing the case in printer names when submitting jobs. [Fixed in 1.1.21.] Solution: Upgrade to CUPS 1.1.23 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 11968 BugTraq ID: 12004 BugTraq ID: 12005 BugTraq ID: 12007 BugTraq ID: 12200 BugTraq ID: 14265 Common Vulnerability Exposure (CVE) ID: CVE-2004-1267 http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:008 http://tigger.uic.edu/~jlongs2/holes/cups.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620 http://www.redhat.com/support/errata/RHSA-2005-013.html http://www.redhat.com/support/errata/RHSA-2005-053.html https://usn.ubuntu.com/50-1/ XForce ISS Database: cups-parsecommand-hpgl-bo(18604) https://exchange.xforce.ibmcloud.com/vulnerabilities/18604 Common Vulnerability Exposure (CVE) ID: CVE-2004-1268 http://tigger.uic.edu/~jlongs2/holes/cups2.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398 XForce ISS Database: cups-lppasswd-passwd-truncate(18606) https://exchange.xforce.ibmcloud.com/vulnerabilities/18606 Common Vulnerability Exposure (CVE) ID: CVE-2004-1269 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545 XForce ISS Database: cups-lppasswd-dos(18608) https://exchange.xforce.ibmcloud.com/vulnerabilities/18608 Common Vulnerability Exposure (CVE) ID: CVE-2004-1270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507 XForce ISS Database: cups-lppasswd-passwd-modify(18609) https://exchange.xforce.ibmcloud.com/vulnerabilities/18609 Common Vulnerability Exposure (CVE) ID: CVE-2005-2874 http://lwn.net/Alerts/152835/ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9774 http://www.redhat.com/support/errata/RHSA-2005-772.html http://securitytracker.com/id?1012811 |
Copyright | This script is Copyright (C) 2005 George A. Theall |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |