ID de Prueba:	1.3.6.1.4.1.25623.1.0.16141
Categoría:	Gain a shell remotely
Título:	CUPS < 1.1.23 Multiple Vulnerabilities
Resumen:	CUPS is prone to multiple vulnerabilities.
Descripción:	Summary: CUPS is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - The is_path_absolute function in scheduler/client.c for the daemon in CUPS allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a '..\..' URL in an HTTP request. - A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted HPGL files can execute arbitrary commands as the CUPS 'lp' account. - A local user may be able to prevent anyone from changing his or her password until a temporary copy of the new password file is cleaned up ('lppasswd' flaw). - A local user may be able to add arbitrary content to the password file by closing the stderr file descriptor while running lppasswd (lppasswd flaw). - A local attacker may be able to truncate the CUPS password file, thereby denying service to valid clients using digest authentication. (lppasswd flaw). - The application applies ACLs to incoming print jobs in a case-sensitive fashion. Thus, an attacker can bypass restrictions by changing the case in printer names when submitting jobs. [Fixed in 1.1.21.] Affected Software/OS: CUPS version 1.0.4 through 1.1.22. Solution: Update to version 1.1.23 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1267 http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:008 http://tigger.uic.edu/~jlongs2/holes/cups.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620 http://www.redhat.com/support/errata/RHSA-2005-013.html http://www.redhat.com/support/errata/RHSA-2005-053.html https://usn.ubuntu.com/50-1/ XForce ISS Database: cups-parsecommand-hpgl-bo(18604) https://exchange.xforce.ibmcloud.com/vulnerabilities/18604 Common Vulnerability Exposure (CVE) ID: CVE-2004-1268 http://tigger.uic.edu/~jlongs2/holes/cups2.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398 XForce ISS Database: cups-lppasswd-passwd-truncate(18606) https://exchange.xforce.ibmcloud.com/vulnerabilities/18606 Common Vulnerability Exposure (CVE) ID: CVE-2004-1269 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545 XForce ISS Database: cups-lppasswd-dos(18608) https://exchange.xforce.ibmcloud.com/vulnerabilities/18608 Common Vulnerability Exposure (CVE) ID: CVE-2004-1270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507 XForce ISS Database: cups-lppasswd-passwd-modify(18609) https://exchange.xforce.ibmcloud.com/vulnerabilities/18609 Common Vulnerability Exposure (CVE) ID: CVE-2005-2874 1012811 http://securitytracker.com/id?1012811 FEDORA-2005-908 http://lwn.net/Alerts/152835/ RHSA-2005:772 http://www.redhat.com/support/errata/RHSA-2005-772.html http://www.cups.org/relnotes.php#010123 http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072 oval:org.mitre.oval:def:9774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9774
Copyright	Copyright (C) 2005 George A. Theall

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.