Vulnerabilities > CVE-2007-4351 - Numeric Errors vulnerability in Cups
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2007-009.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 29723 published 2007-12-18 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29723 title Mac OS X Multiple Vulnerabilities (Security Update 2007-009) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(29723); script_version("1.27"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2006-0024", "CVE-2007-1218", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-3798", "CVE-2007-3876", "CVE-2007-4131", "CVE-2007-4351", "CVE-2007-4572", "CVE-2007-4708", "CVE-2007-4709", "CVE-2007-4710", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4965", "CVE-2007-5116", "CVE-2007-5379", "CVE-2007-5380", "CVE-2007-5398", "CVE-2007-5476", "CVE-2007-5770", "CVE-2007-5847", "CVE-2007-5848", "CVE-2007-5849", "CVE-2007-5850", "CVE-2007-5851", "CVE-2007-5853", "CVE-2007-5854", "CVE-2007-5855", "CVE-2007-5856", "CVE-2007-5857", "CVE-2007-5858", "CVE-2007-5859", "CVE-2007-5860", "CVE-2007-5861", "CVE-2007-5863", "CVE-2007-6077", "CVE-2007-6165"); script_bugtraq_id(17106, 22772, 24965, 25417, 25696, 26096, 26268, 26274, 26346, 26350, 26421, 26454, 26455, 26510, 26598, 26908, 26910, 26926); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-009)"); script_summary(english:"Check for the presence of Security Update 2007-009"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs."); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307179"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/13649"); script_set_attribute(attribute:"solution", value:"Install Security Update 2007-009."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mail.app Image Attachment Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(16, 20, 22, 79, 119, 134, 189, 200, 264, 287, 310, 362, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if ( ! uname ) exit(0); if ( egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname) ) { packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2007-009|200[89]-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if ( egrep(pattern:"Darwin.* (9\.[01]\.)", string:uname) ) { packages = get_kb_item("Host/MacOSX/packages/boms"); if ( ! packages ) exit(0); if ( !egrep(pattern:"^com\.apple\.pkg\.update\.security\.2007\.009\.bom", string:packages) ) security_hole(0); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1023.NASL description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27836 published 2007-11-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27836 title RHEL 3 : cups (RHSA-2007:1023) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1023. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(27836); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-4045", "CVE-2007-4351", "CVE-2007-5393"); script_bugtraq_id(26367, 26524); script_xref(name:"RHSA", value:"2007:1023"); script_name(english:"RHEL 3 : cups (RHSA-2007:1023)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4045" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4351" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5393" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:1023" ); script_set_attribute( attribute:"solution", value:"Update the affected cups, cups-devel and / or cups-libs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/27"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:1023"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"cups-1.1.17-13.3.46")) flag++; if (rpm_check(release:"RHEL3", reference:"cups-devel-1.1.17-13.3.46")) flag++; if (rpm_check(release:"RHEL3", reference:"cups-libs-1.1.17-13.3.46")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-539-1.NASL description Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28146 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28146 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerability (USN-539-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-539-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28146); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-4351"); script_xref(name:"USN", value:"539-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerability (USN-539-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/539-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"cupsys", pkgver:"1.2.2-0ubuntu0.6.06.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"cupsys-bsd", pkgver:"1.2.2-0ubuntu0.6.06.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"cupsys-client", pkgver:"1.2.2-0ubuntu0.6.06.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsimage2", pkgver:"1.2.2-0ubuntu0.6.06.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsimage2-dev", pkgver:"1.2.2-0ubuntu0.6.06.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2", pkgver:"1.2.2-0ubuntu0.6.06.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2-dev", pkgver:"1.2.2-0ubuntu0.6.06.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2-gnutls10", pkgver:"1.2.2-0ubuntu0.6.06.4")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"cupsys", pkgver:"1.2.4-2ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"cupsys-bsd", pkgver:"1.2.4-2ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"cupsys-client", pkgver:"1.2.4-2ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"cupsys-common", pkgver:"1.2.4-2ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcupsimage2", pkgver:"1.2.4-2ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcupsimage2-dev", pkgver:"1.2.4-2ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcupsys2", pkgver:"1.2.4-2ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libcupsys2-dev", pkgver:"1.2.4-2ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"cupsys", pkgver:"1.2.8-0ubuntu8.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"cupsys-bsd", pkgver:"1.2.8-0ubuntu8.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"cupsys-client", pkgver:"1.2.8-0ubuntu8.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"cupsys-common", pkgver:"1.2.8-0ubuntu8.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcupsimage2", pkgver:"1.2.8-0ubuntu8.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcupsimage2-dev", pkgver:"1.2.8-0ubuntu8.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcupsys2", pkgver:"1.2.8-0ubuntu8.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"libcupsys2-dev", pkgver:"1.2.8-0ubuntu8.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"cupsys", pkgver:"1.3.2-1ubuntu7.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"cupsys-bsd", pkgver:"1.3.2-1ubuntu7.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"cupsys-client", pkgver:"1.3.2-1ubuntu7.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"cupsys-common", pkgver:"1.3.2-1ubuntu7.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcupsimage2", pkgver:"1.3.2-1ubuntu7.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcupsimage2-dev", pkgver:"1.3.2-1ubuntu7.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcupsys2", pkgver:"1.3.2-1ubuntu7.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libcupsys2-dev", pkgver:"1.3.2-1ubuntu7.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cupsys / cupsys-bsd / cupsys-client / cupsys-common / libcupsimage2 / etc"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-305-01.NASL description CUPS was found to contain errors in ipp.c which could allow a remote attacker to crash CUPS, resulting in a denial of service. If you use CUPS, it is recommended to update to the latest package for your version of Slackware. The latest cups package is available for Slackware -current, and patched packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 that fix the problems. last seen 2020-06-01 modified 2020-06-02 plugin id 27609 published 2007-11-02 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27609 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : cups (SSA:2007-305-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2007-305-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(27609); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2007-4351"); script_xref(name:"SSA", value:"2007-305-01"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : cups (SSA:2007-305-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "CUPS was found to contain errors in ipp.c which could allow a remote attacker to crash CUPS, resulting in a denial of service. If you use CUPS, it is recommended to update to the latest package for your version of Slackware. The latest cups package is available for Slackware -current, and patched packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 that fix the problems." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.501902 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2edf5e4b" ); script_set_attribute(attribute:"solution", value:"Update the affected cups package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:cups"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"cups", pkgver:"1.1.19", pkgarch:"i386", pkgnum:"2_slack8.1")) flag++; if (slackware_check(osver:"9.0", pkgname:"cups", pkgver:"1.1.19", pkgarch:"i386", pkgnum:"2_slack9.0")) flag++; if (slackware_check(osver:"9.1", pkgname:"cups", pkgver:"1.1.21", pkgarch:"i486", pkgnum:"2_slack9.1")) flag++; if (slackware_check(osver:"10.0", pkgname:"cups", pkgver:"1.1.21", pkgarch:"i486", pkgnum:"2_slack10.0")) flag++; if (slackware_check(osver:"10.1", pkgname:"cups", pkgver:"1.1.23", pkgarch:"i486", pkgnum:"2_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"cups", pkgver:"1.1.23", pkgarch:"i486", pkgnum:"2_slack10.2")) flag++; if (slackware_check(osver:"11.0", pkgname:"cups", pkgver:"1.1.23", pkgarch:"i486", pkgnum:"5_slack11.0")) flag++; if (slackware_check(osver:"12.0", pkgname:"cups", pkgver:"1.2.11", pkgarch:"i486", pkgnum:"2_slack12.0")) flag++; if (slackware_check(osver:"current", pkgname:"cups", pkgver:"1.3.3", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-204.NASL description Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS that can be exploited by malicious individuals to execute arbitrary code. This flaw is due to a boundary error when processing IPP (Internet Printing Protocol) tags. Update : Due to incorrect build requirements/conflicts, the cups-config in Mandriva Linux 2008.0 was displaying the full CFLAGS and libs instead of just the libraries when last seen 2020-06-01 modified 2020-06-02 plugin id 27615 published 2007-11-02 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27615 title Mandrake Linux Security Advisory : cups (MDKSA-2007:204-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:204. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(27615); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-4351"); script_xref(name:"MDKSA", value:"2007:204-1"); script_name(english:"Mandrake Linux Security Advisory : cups (MDKSA-2007:204-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS that can be exploited by malicious individuals to execute arbitrary code. This flaw is due to a boundary error when processing IPP (Internet Printing Protocol) tags. Update : Due to incorrect build requirements/conflicts, the cups-config in Mandriva Linux 2008.0 was displaying the full CFLAGS and libs instead of just the libraries when 'cups-config --libs' was invoked. This update corrects the cups-config behaviour." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-serial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcups2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcups2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cups"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"cups-1.3.0-3.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"cups-common-1.3.0-3.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"cups-serial-1.3.0-3.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64cups2-1.3.0-3.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64cups2-devel-1.3.0-3.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcups2-1.3.0-3.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libcups2-devel-1.3.0-3.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"php-cups-1.3.0-3.2mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2007-2715.NASL description This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27797 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27797 title Fedora 7 : cups-1.2.12-6.fc7 (2007-2715) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2715. # include("compat.inc"); if (description) { script_id(27797); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-4351"); script_xref(name:"FEDORA", value:"2007-2715"); script_name(english:"Fedora 7 : cups-1.2.12-6.fc7 (2007-2715)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=361661" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004416.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2ddec4d5" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-lpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"cups-1.2.12-6.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-debuginfo-1.2.12-6.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-devel-1.2.12-6.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-libs-1.2.12-6.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-lpd-1.2.12-6.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1022.NASL description From Red Hat Security Advisory 2007:1022 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67599 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67599 title Oracle Linux 4 : cups (ELSA-2007-1022) NASL family Scientific Linux Local Security Checks NASL id SL_20071107_CUPS_ON_SL4_X.NASL description Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) last seen 2020-06-01 modified 2020-06-02 plugin id 60286 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60286 title Scientific Linux Security Update : cups on SL4.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1023.NASL description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37449 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37449 title CentOS 3 : cups (CESA-2007:1023) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8DD9722C8E9711DCB8F6001C2514716C.NASL description Secunia reports : Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the last seen 2020-06-01 modified 2020-06-02 plugin id 27845 published 2007-11-09 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27845 title FreeBSD : cups -- off-by-one buffer overflow (8dd9722c-8e97-11dc-b8f6-001c2514716c) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1020.NASL description Updated CUPS packages that fix a security issue in the Internet Printing Protocol (IPP) handling and correct some bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) Red Hat would like to thank Alin Rad Pop for reporting this issue. All CUPS users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. In addition, the following bugs were fixed : * the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. * the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. * a bug has been fixed in the handling of the If-Modified-Since: HTTP header. * in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. * an access check in the LSPP configuration has been made more secure. * the cups-lpd service no longer ignores the last seen 2020-06-01 modified 2020-06-02 plugin id 43660 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43660 title CentOS 5 : cups (CESA-2007:1020) NASL family Fedora Local Security Checks NASL id FEDORA_2007-2982.NASL description This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler, as well as several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27822 published 2007-11-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27822 title Fedora 8 : cups-1.3.4-2.fc8 (2007-2982) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1022.NASL description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36860 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36860 title RHEL 4 : cups (RHSA-2007:1022) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1023.NASL description From Red Hat Security Advisory 2007:1023 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67600 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67600 title Oracle Linux 3 : cups (ELSA-2007-1023) NASL family Scientific Linux Local Security Checks NASL id SL_20071031_CUPS_ON_SL5_X.NASL description A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) In addition, the following bugs were fixed : - the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. - the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. - a bug has been fixed in the handling of the If-Modified-Since: HTTP header. - in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. - an access check in the LSPP configuration has been made more secure. - the cups-lpd service no longer ignores the last seen 2020-06-01 modified 2020-06-02 plugin id 60279 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60279 title Scientific Linux Security Update : cups on SL5.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1407.NASL description Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code. The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 28253 published 2007-11-20 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28253 title Debian DSA-1407-1 : cupsys - buffer overflow NASL family Misc. NASL id CUPS_IPP_TAG_OVERFLOW.NASL description According to its banner, the version of CUPS installed on the remote host fails to check the text-length field in the last seen 2020-06-01 modified 2020-06-02 plugin id 27608 published 2007-11-02 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27608 title CUPS cups/ipp.c ippReadIO Function IPP Tag Handling Overflow NASL family Fedora Local Security Checks NASL id FEDORA_2008-3449.NASL description - Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-11 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). - Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-10 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). - Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-9 - Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656). - Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-8 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - LSPP fixes (cupsdSetString/ClearString). - Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). - Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661). - Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5 - Use ppdev for parallel port Device ID retrieval (bug #311671). - Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4 - Applied patch to fix CVE-2007-3387 (bug #251518). - Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3 - Better buildroot tag. - Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522). - Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2 - Use kernel support for USB paper-out detection, when available (bug #249213). - Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1 - 1.2.12. No longer need adminutil or str2408 patches. - Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3 - Better paper-out detection patch still (bug #246222). - Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2 - Applied patch to fix group handling in PPDs (bug #186231, STR #2408). - Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1 - Fixed permissions on classes.conf in the file manifest (bug #245748). - 1.2.11. - Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com> - Make the initscript use start priority 56 (bug #213828). - Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12 - Better paper-out detection patch (bug #241589). - Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11 - Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32197 published 2008-05-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32197 title Fedora 7 : cups-1.2.12-11.fc7 (2008-3449) NASL family SuSE Local Security Checks NASL id SUSE_CUPS-4598.NASL description A missing length check in the IPP implementation of cups could lead to a buffer overflow. Attackers could exploit that to potentially execute arbitrary code with root privileges (CVE-2007-4351). last seen 2020-06-01 modified 2020-06-02 plugin id 27605 published 2007-11-01 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27605 title openSUSE 10 Security Update : cups (cups-4598) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1022.NASL description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37428 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37428 title CentOS 4 : cups (CESA-2007:1022) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1020.NASL description Updated CUPS packages that fix a security issue in the Internet Printing Protocol (IPP) handling and correct some bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) Red Hat would like to thank Alin Rad Pop for reporting this issue. All CUPS users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. In addition, the following bugs were fixed : * the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. * the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. * a bug has been fixed in the handling of the If-Modified-Since: HTTP header. * in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. * an access check in the LSPP configuration has been made more secure. * the cups-lpd service no longer ignores the last seen 2020-06-01 modified 2020-06-02 plugin id 27602 published 2007-11-01 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27602 title RHEL 5 : cups (RHSA-2007:1020) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1020.NASL description From Red Hat Security Advisory 2007:1020 : Updated CUPS packages that fix a security issue in the Internet Printing Protocol (IPP) handling and correct some bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) Red Hat would like to thank Alin Rad Pop for reporting this issue. All CUPS users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. In addition, the following bugs were fixed : * the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. * the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. * a bug has been fixed in the handling of the If-Modified-Since: HTTP header. * in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. * an access check in the LSPP configuration has been made more secure. * the cups-lpd service no longer ignores the last seen 2020-06-01 modified 2020-06-02 plugin id 67598 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67598 title Oracle Linux 5 : cups (ELSA-2007-1020) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-16.NASL description The remote host is affected by the vulnerability described in GLSA-200711-16 (CUPS: Memory corruption) Alin Rad Pop (Secunia Research) discovered an off-by-one error in the ippReadIO() function when handling Internet Printing Protocol (IPP) tags that might allow to overwrite one byte on the stack. Impact : A local attacker could send a specially crafted IPP request containing last seen 2020-06-01 modified 2020-06-02 plugin id 28199 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28199 title GLSA-200711-16 : CUPS: Memory corruption
Oval
| accepted | 2013-04-29T04:07:02.297-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10604 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 26268 CVE(CAN) ID: CVE-2007-4351 Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS的cups/ipp.c文件中的ippReadIO()函数在处理IPP(Internet打印协议)标签时存在栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 如果远程攻击者向打印服务发送了包含有特制textWithLanguage或nameWithLanguage标签的IPP请求的话,就可能导致用0覆盖栈上的一个字节,导致执行任意指令。 Easy Software Products CUPS 1.3.3 Easy Software Products CUPS 1.2.4 RedHat Enterprise Linux v.5 server RedHat Enterprise Linux Desktop v.5 client 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2007:1020-01)以及相应补丁: RHSA-2007:1020-01:Important: cups security and bug fix update 链接:<a href="https://www.redhat.com/support/errata/RHSA-2007-1020.html" target="_blank">https://www.redhat.com/support/errata/RHSA-2007-1020.html</a> |
| id | SSV:2375 |
| last seen | 2017-11-19 |
| modified | 2007-11-02 |
| published | 2007-11-02 |
| reporter | Root |
| title | CUPS IPP标签远程栈溢出漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-11-09 |
| organization | Red Hat |
| statement | Vulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5. This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Updates are available from https://rhn.redhat.com/cve/CVE-2007-4351.html |
References
- http://secunia.com/secunia_research/2007-76/advisory/
- http://secunia.com/advisories/27233
- http://www.cups.org/str.php?L2561
- https://issues.rpath.com/browse/RPL-1875
- https://bugzilla.redhat.com/show_bug.cgi?id=361661
- http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm
- http://www.debian.org/security/2007/dsa-1407
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00012.html
- http://security.gentoo.org/glsa/glsa-200711-16.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:204
- http://www.redhat.com/support/errata/RHSA-2007-1020.html
- http://www.redhat.com/support/errata/RHSA-2007-1022.html
- http://www.redhat.com/support/errata/RHSA-2007-1023.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.501902
- http://www.novell.com/linux/security/advisories/2007_58_cups.html
- http://www.kb.cert.org/vuls/id/446897
- http://www.securityfocus.com/bid/26268
- http://www.securitytracker.com/id?1018879
- http://secunia.com/advisories/27410
- http://secunia.com/advisories/27445
- http://secunia.com/advisories/27474
- http://secunia.com/advisories/27447
- http://secunia.com/advisories/27494
- http://secunia.com/advisories/27499
- http://secunia.com/advisories/27540
- http://secunia.com/advisories/27577
- http://secunia.com/advisories/27604
- http://secunia.com/advisories/27712
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/28136
- http://www.cisco.com/en/US/products/products_security_response09186a00809a1f11.html
- http://secunia.com/advisories/30847
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2007/3681
- http://www.vupen.com/english/advisories/2008/1934/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38190
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10604
- https://usn.ubuntu.com/539-1/