Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2005:008: cups Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the cups package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2005:008 (cups).

A buffer overflow was discovered in the ParseCommand function in the hpgltops
utility. A possible hacker with the ability to send malicious HPGL files to a printer
could possibly execute arbitrary code as the 'lp' user (CVE-2004-1267).

Vulnerabilities in the lppasswd utility were also discovered. The program
ignores write errors when modifying the CUPS passwd file. A local user who is
able to fill the associated file system could corrupt the CUPS passwd file or
prevent future use of lppasswd (CVE-2004-1268 and CVE-2004-1269). As well,
lppasswd does not verify that the file is different from STDERR,
which could allow a local user to control output to via certain user
input that could trigger an error message (CVE-2004-1270).

The updated packages have been patched to prevent these problems.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.