Vulnerabilities > CVE-2014-4337 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linuxfoundation Cups-Filters

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
linuxfoundation
CWE-119
nessus

Summary

The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.

Vulnerable Configurations

Part Description Count
Application
Linuxfoundation
53

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-100.NASL
    descriptionUpdated cups-filters packages fix security vulnerabilities : Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6473). Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6474, CVE-2013-6475). Florian Weimer discovered that cups-filters did not restrict driver directories in in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6476). Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups-browsed daemon (CVE-2014-2707). In cups-filters before 1.0.53, out-of-bounds accesses in the process_browse_data function when reading the packet variable could leading to a crash, thus resulting in a denial of service (CVE-2014-4337). In cups-filters before 1.0.53, if there was only a single BrowseAllow line in cups-browsed.conf and its host specification was invalid, this was interpreted as if no BrowseAllow line had been specified, which resulted in it accepting browse packets from all hosts (CVE-2014-4338). The CVE-2014-2707 issue with malicious broadcast packets, which had been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been completely fixed by that update. A more complete fix was implemented in cups-filters 1.0.53 (CVE-2014-4336). Note that only systems that have enabled the affected feature by using the CreateIPPPrinterQueues configuration directive in /etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 / CVE-2014-4336 issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id82353
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82353
    titleMandriva Linux Security Advisory : cups-filters (MDVSA-2015:100)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:100. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82353);
      script_version("1.3");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2013-6473", "CVE-2013-6474", "CVE-2013-6475", "CVE-2013-6476", "CVE-2014-2707", "CVE-2014-4336", "CVE-2014-4337", "CVE-2014-4338");
      script_xref(name:"MDVSA", value:"2015:100");
    
      script_name(english:"Mandriva Linux Security Advisory : cups-filters (MDVSA-2015:100)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups-filters packages fix security vulnerabilities :
    
    Florian Weimer discovered that cups-filters incorrectly handled memory
    in the urftopdf filter. An attacker could possibly use this issue to
    execute arbitrary code with the privileges of the lp user
    (CVE-2013-6473).
    
    Florian Weimer discovered that cups-filters incorrectly handled memory
    in the pdftoopvp filter. An attacker could possibly use this issue to
    execute arbitrary code with the privileges of the lp user
    (CVE-2013-6474, CVE-2013-6475).
    
    Florian Weimer discovered that cups-filters did not restrict driver
    directories in in the pdftoopvp filter. An attacker could possibly use
    this issue to execute arbitrary code with the privileges of the lp
    user (CVE-2013-6476).
    
    Sebastian Krahmer discovered it was possible to use malicious
    broadcast packets to execute arbitrary commands on a server running
    the cups-browsed daemon (CVE-2014-2707).
    
    In cups-filters before 1.0.53, out-of-bounds accesses in the
    process_browse_data function when reading the packet variable could
    leading to a crash, thus resulting in a denial of service
    (CVE-2014-4337).
    
    In cups-filters before 1.0.53, if there was only a single BrowseAllow
    line in cups-browsed.conf and its host specification was invalid, this
    was interpreted as if no BrowseAllow line had been specified, which
    resulted in it accepting browse packets from all hosts
    (CVE-2014-4338).
    
    The CVE-2014-2707 issue with malicious broadcast packets, which had
    been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been
    completely fixed by that update. A more complete fix was implemented
    in cups-filters 1.0.53 (CVE-2014-4336).
    
    Note that only systems that have enabled the affected feature by using
    the CreateIPPPrinterQueues configuration directive in
    /etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 /
    CVE-2014-4336 issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0170.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0181.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0267.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected cups-filters, lib64cups-filters-devel and / or
    lib64cups-filters1 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-filters");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups-filters-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups-filters1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"cups-filters-1.0.53-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64cups-filters-devel-1.0.53-1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64cups-filters1-1.0.53-1.mbs2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141103_CUPS_FILTERS_ON_SL7_X.NASL
    descriptionAn out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups- browsed, would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the
    last seen2020-03-18
    modified2014-11-04
    plugin id78855
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78855
    titleScientific Linux Security Update : cups-filters on SL7.x x86_64 (20141103)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78855);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2014-4337", "CVE-2014-4338");
    
      script_name(english:"Scientific Linux Security Update : cups-filters on SL7.x x86_64 (20141103)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An out-of-bounds read flaw was found in the way the
    process_browse_data() function of cups-browsed handled certain browse
    packets. A remote attacker could send a specially crafted browse
    packet that, when processed by cups- browsed, would crash the
    cups-browsed daemon. (CVE-2014-4337)
    
    A flaw was found in the way the cups-browsed daemon interpreted the
    'BrowseAllow' directive in the cups-browsed.conf file. An attacker
    able to add a malformed 'BrowseAllow' directive to the
    cups-browsed.conf file could use this flaw to bypass intended access
    restrictions. (CVE-2014-4338)
    
    After installing this update, the cups-browsed daemon will be
    restarted automatically."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=1865
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?862f3299"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cups-filters");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cups-filters-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cups-filters-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cups-filters-libs");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cups-filters-1.0.35-15.el7_0.1")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cups-filters-debuginfo-1.0.35-15.el7_0.1")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cups-filters-devel-1.0.35-15.el7_0.1")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cups-filters-libs-1.0.35-15.el7_0.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-debuginfo / cups-filters-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1795.NASL
    descriptionUpdated cups-filters packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the
    last seen2020-06-01
    modified2020-06-02
    plugin id78840
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78840
    titleRHEL 7 : cups-filters (RHSA-2014:1795)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1795. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78840);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2014-4337", "CVE-2014-4338");
      script_xref(name:"RHSA", value:"2014:1795");
    
      script_name(english:"RHEL 7 : cups-filters (RHSA-2014:1795)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups-filters packages that fix two security issues are now
    available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The cups-filters package contains backends, filters, and other
    software that was once part of the core CUPS distribution but is now
    maintained independently.
    
    An out-of-bounds read flaw was found in the way the
    process_browse_data() function of cups-browsed handled certain browse
    packets. A remote attacker could send a specially crafted browse
    packet that, when processed by cups-browsed, would crash the
    cups-browsed daemon. (CVE-2014-4337)
    
    A flaw was found in the way the cups-browsed daemon interpreted the
    'BrowseAllow' directive in the cups-browsed.conf file. An attacker
    able to add a malformed 'BrowseAllow' directive to the
    cups-browsed.conf file could use this flaw to bypass intended access
    restrictions. (CVE-2014-4338)
    
    All cups-filters users are advised to upgrade to these updated
    packages, which contain backported patches to correct these issues.
    After installing this update, the cups-browsed daemon will be
    restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4337"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-filters");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-filters-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-filters-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-filters-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1795";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"cups-filters-1.0.35-15.el7_0.1")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"cups-filters-1.0.35-15.el7_0.1")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"cups-filters-debuginfo-1.0.35-15.el7_0.1")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"cups-filters-devel-1.0.35-15.el7_0.1")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"cups-filters-libs-1.0.35-15.el7_0.1")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-debuginfo / cups-filters-devel / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1795.NASL
    descriptionFrom Red Hat Security Advisory 2014:1795 : Updated cups-filters packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the
    last seen2020-06-01
    modified2020-06-02
    plugin id78838
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78838
    titleOracle Linux 7 : cups-filters (ELSA-2014-1795)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:1795 and 
    # Oracle Linux Security Advisory ELSA-2014-1795 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78838);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2014-4337", "CVE-2014-4338");
      script_bugtraq_id(68122, 68124);
      script_xref(name:"RHSA", value:"2014:1795");
    
      script_name(english:"Oracle Linux 7 : cups-filters (ELSA-2014-1795)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:1795 :
    
    Updated cups-filters packages that fix two security issues are now
    available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The cups-filters package contains backends, filters, and other
    software that was once part of the core CUPS distribution but is now
    maintained independently.
    
    An out-of-bounds read flaw was found in the way the
    process_browse_data() function of cups-browsed handled certain browse
    packets. A remote attacker could send a specially crafted browse
    packet that, when processed by cups-browsed, would crash the
    cups-browsed daemon. (CVE-2014-4337)
    
    A flaw was found in the way the cups-browsed daemon interpreted the
    'BrowseAllow' directive in the cups-browsed.conf file. An attacker
    able to add a malformed 'BrowseAllow' directive to the
    cups-browsed.conf file could use this flaw to bypass intended access
    restrictions. (CVE-2014-4338)
    
    All cups-filters users are advised to upgrade to these updated
    packages, which contain backported patches to correct these issues.
    After installing this update, the cups-browsed daemon will be
    restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-November/004606.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cups-filters packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-filters");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-filters-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-filters-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"cups-filters-1.0.35-15.el7_0.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"cups-filters-devel-1.0.35-15.el7_0.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"cups-filters-libs-1.0.35-15.el7_0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-devel / cups-filters-libs");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1795.NASL
    descriptionUpdated cups-filters packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the
    last seen2020-06-01
    modified2020-06-02
    plugin id78860
    published2014-11-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78860
    titleCentOS 7 : cups-filters (CESA-2014:1795)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1795 and 
    # CentOS Errata and Security Advisory 2014:1795 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78860);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2014-4337", "CVE-2014-4338");
      script_xref(name:"RHSA", value:"2014:1795");
    
      script_name(english:"CentOS 7 : cups-filters (CESA-2014:1795)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups-filters packages that fix two security issues are now
    available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The cups-filters package contains backends, filters, and other
    software that was once part of the core CUPS distribution but is now
    maintained independently.
    
    An out-of-bounds read flaw was found in the way the
    process_browse_data() function of cups-browsed handled certain browse
    packets. A remote attacker could send a specially crafted browse
    packet that, when processed by cups-browsed, would crash the
    cups-browsed daemon. (CVE-2014-4337)
    
    A flaw was found in the way the cups-browsed daemon interpreted the
    'BrowseAllow' directive in the cups-browsed.conf file. An attacker
    able to add a malformed 'BrowseAllow' directive to the
    cups-browsed.conf file could use this flaw to bypass intended access
    restrictions. (CVE-2014-4338)
    
    All cups-filters users are advised to upgrade to these updated
    packages, which contain backported patches to correct these issues.
    After installing this update, the cups-browsed daemon will be
    restarted automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-November/020734.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7f4238ba"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cups-filters packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4337");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-filters");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-filters-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-filters-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-filters-1.0.35-15.el7_0.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-filters-devel-1.0.35-15.el7_0.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-filters-libs-1.0.35-15.el7_0.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-devel / cups-filters-libs");
    }
    

Redhat

advisories
rhsa
idRHSA-2014:1795
rpms
  • cups-filters-0:1.0.35-15.el7_0.1
  • cups-filters-debuginfo-0:1.0.35-15.el7_0.1
  • cups-filters-devel-0:1.0.35-15.el7_0.1
  • cups-filters-libs-0:1.0.35-15.el7_0.1