Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:008: cups Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the cups package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:008 (cups).
A buffer overflow was discovered in the ParseCommand function in the hpgltops
utility. A possible hacker with the ability to send malicious HPGL files to a printer
could possibly execute arbitrary code as the 'lp' user (CVE-2004-1267).
Vulnerabilities in the lppasswd utility were also discovered. The program
ignores write errors when modifying the CUPS passwd file. A local user who is
able to fill the associated file system could corrupt the CUPS passwd file or
prevent future use of lppasswd (CVE-2004-1268 and CVE-2004-1269). As well,
lppasswd does not verify that the passwd.new file is different from STDERR,
which could allow a local user to control output to passwd.new via certain user
input that could trigger an error message (CVE-2004-1270).
The updated packages have been patched to prevent these problems.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:008
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.