Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.892332
Kategorie:Debian Local Security Checks
Titel:Debian LTS: Security Advisory for sane-backends (DLA-2332-1)
Zusammenfassung:The remote host is missing an update for the 'sane-backends'; package(s) announced via the DLA-2332-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'sane-backends'
package(s) announced via the DLA-2332-1 advisory.

Vulnerability Insight:
Kevin Backhouse discovered multiple vulnerabilies in the epson2 and
epsonds backends of SANE, a library for scanners. A malicious remote
device could exploit these to trigger information disclosure, denial
of service and possibly remote code execution.

CVE-2020-12862

An out-of-bounds read in SANE Backends before 1.0.30 may allow a
malicious device connected to the same local network as the victim
to read important information, such as the ASLR offsets of the
program, aka GHSL-2020-082.

CVE-2020-12863

An out-of-bounds read in SANE Backends before 1.0.30 may allow a
malicious device connected to the same local network as the victim
to read important information, such as the ASLR offsets of the
program, aka GHSL-2020-083.

CVE-2020-12865

A heap buffer overflow in SANE Backends before 1.0.30 may allow a
malicious device connected to the same local network as the victim
to execute arbitrary code, aka GHSL-2020-084.

CVE-2020-12867

A NULL pointer dereference in sanei_epson_net_read in SANE
Backends before 1.0.30 allows a malicious device connected to the
same local network as the victim to cause a denial of service, aka
GHSL-2020-075.

Affected Software/OS:
'sane-backends' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
1.0.25-4.1+deb9u1.

We recommend that you upgrade your sane-backends packages.

CVSS Score:
5.2

CVSS Vector:
AV:A/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-12862
Common Vulnerability Exposure (CVE) ID: CVE-2020-12863
Common Vulnerability Exposure (CVE) ID: CVE-2020-12865
Common Vulnerability Exposure (CVE) ID: CVE-2020-12867
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.