 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.105298 |
| Categoría: | Web application abuses |
| Título: | CUPS < 2.0.3 Multiple Vulnerabilities - Active Check |
| Resumen: | Common Unix Printing System (CUPS) is prone to multiple; vulnerabilities. |
| Descripción: | Summary: Common Unix Printing System (CUPS) is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2015-1158: An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap. The dangling pointer causes ACL verification to fail when parsing 'admin/conf' and 'admin' ACLs. The ACL handling failure results in unrestricted access to privileged operations, allowing an unauthenticated remote user to upload a replacement CUPS configuration file and mount further attacks. - CVE-2015-1159: A cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web. In certain cases, the CGI template can echo user input to file rather than escaping the text first. This may be used to set up a reflected XSS attack in the QUERY parameter of the web interface help page. By default, many linux distributions run with the web interface activated, OS X has the web interface deactivated by default. Vulnerability Impact: These vulnerabilities may allow a remote unauthenticated attacker access to privileged operations on the CUPS server and to execute arbitrary javascript in a user's browser. Affected Software/OS: CUPS prior to version 2.0.3 Solution: Update to version 2.0.3 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-1158 BugTraq ID: 75098 http://www.securityfocus.com/bid/75098 CERT/CC vulnerability note: VU#810572 http://www.kb.cert.org/vuls/id/810572 Debian Security Information: DSA-3283 (Google Search) http://www.debian.org/security/2015/dsa-3283 https://www.exploit-db.com/exploits/37336/ https://www.exploit-db.com/exploits/41233/ https://security.gentoo.org/glsa/201510-07 http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html https://code.google.com/p/google-security-research/issues/detail?id=455 https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py RedHat Security Advisories: RHSA-2015:1123 http://rhn.redhat.com/errata/RHSA-2015-1123.html http://www.securitytracker.com/id/1032556 SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html http://www.ubuntu.com/usn/USN-2629-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1159 BugTraq ID: 75106 http://www.securityfocus.com/bid/75106 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |