English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 92446 CVE descriptions
and 51095 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63889
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2009:024 (cups)
Summary:SuSE Security Advisory SUSE-SA:2009:024 (cups)
Description:Description:
The remote host is missing updates announced in
advisory SUSE-SA:2009:024.

The Common Unix Printing System, CUPS, is a printing server for unix-like
operating systems. It allows a local user to print documents as well as
remote users via port 631/tcp.

There were two security vulnerabilities fixed in cups.

The first one can be triggered by a specially crafted tiff file. This
file could lead to an integer overflow in the 'imagetops' filter which
caused an heap overflow later.
This bug is probably exploitable remotely by users having remote access
to the CUPS server and allows the execution of arbitrary code with the
privileges of the cupsd process. (CVE-2009-0163)

The second issue affects the JBIG2 decoding of the 'pdftops' filter.
The JBIG2 decoding routines are vulnerable to various software failure
types like integer and buffer overflows and it is believed to be exploit-
able remotely to execute arbitrary code with the privileges of the cupsd
process.
(CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799,
CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182,
CVE-2009-1183)

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:024

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0146
Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502761/100/0/threaded
Bugtraq: 20090417 rPSA-2009-0061-1 cups (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502750/100/0/threaded
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Debian Security Information: DSA-1790 (Google Search)
http://www.debian.org/security/2009/dsa-1790
Debian Security Information: DSA-1793 (Google Search)
http://www.debian.org/security/2009/dsa-1793
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
http://security.gentoo.org/glsa/glsa-200904-20.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
RedHat Security Advisories: RHSA-2009:0458
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
SuSE Security Announcement: SUSE-SA:2009:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 34568
http://www.securityfocus.com/bid/34568
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9632
http://www.securitytracker.com/id?1022073
http://secunia.com/advisories/34755
http://secunia.com/advisories/34291
http://secunia.com/advisories/34481
http://secunia.com/advisories/34852
http://secunia.com/advisories/34756
http://secunia.com/advisories/34959
http://secunia.com/advisories/34963
http://secunia.com/advisories/35037
http://secunia.com/advisories/35065
http://secunia.com/advisories/35074
http://secunia.com/advisories/34991
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://secunia.com/advisories/35685
http://www.vupen.com/english/advisories/2009/1065
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2010/1040
Common Vulnerability Exposure (CVE) ID: CVE-2009-0147
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9941
Common Vulnerability Exposure (CVE) ID: CVE-2009-0163
Debian Security Information: DSA-1773 (Google Search)
http://www.debian.org/security/2009/dsa-1773
http://www.redhat.com/support/errata/RHSA-2009-0428.html
http://www.ubuntu.com/usn/usn-760-1
BugTraq ID: 34571
http://www.securityfocus.com/bid/34571
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11546
http://www.securitytracker.com/id?1022070
http://secunia.com/advisories/34722
http://secunia.com/advisories/34747
Common Vulnerability Exposure (CVE) ID: CVE-2009-0165
XForce ISS Database: multiple-jbig2-unspecified(50377)
http://xforce.iss.net/xforce/xfdb/50377
Common Vulnerability Exposure (CVE) ID: CVE-2009-0166
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9778
Common Vulnerability Exposure (CVE) ID: CVE-2009-0799
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
CERT/CC vulnerability note: VU#196617
http://www.kb.cert.org/vuls/id/196617
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10204
http://www.securitytracker.com/id?1022072
http://secunia.com/advisories/34746
http://www.vupen.com/english/advisories/2009/1076
Common Vulnerability Exposure (CVE) ID: CVE-2009-0800
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11323
Common Vulnerability Exposure (CVE) ID: CVE-2009-1179
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11892
http://secunia.com/advisories/35379
http://www.vupen.com/english/advisories/2009/1522
Common Vulnerability Exposure (CVE) ID: CVE-2009-1180
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9926
Common Vulnerability Exposure (CVE) ID: CVE-2009-1181
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9683
Common Vulnerability Exposure (CVE) ID: CVE-2009-1182
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10735
Common Vulnerability Exposure (CVE) ID: CVE-2009-1183
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10769
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 51095 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.