Vulnerabilities > CVE-2015-3279 - Numeric Errors vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2015-07-14

Updated: 2016-12-28

Summary

Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Linuxfoundation Linuxfoundation Cups Filters 1.0 Linuxfoundation Cups Filters 1.0.1 Linuxfoundation Cups Filters 1.0.2 Linuxfoundation Cups Filters 1.0.3 Linuxfoundation Cups Filters 1.0.4 Linuxfoundation Cups Filters 1.0.5 Linuxfoundation Cups Filters 1.0.6 Linuxfoundation Cups Filters 1.0.7 Linuxfoundation Cups Filters 1.0.8 Linuxfoundation Cups Filters 1.0.9 Linuxfoundation Cups Filters 1.0.10 Linuxfoundation Cups Filters 1.0.11 Linuxfoundation Cups Filters 1.0.12 Linuxfoundation Cups Filters 1.0.13 Linuxfoundation Cups Filters 1.0.14 Linuxfoundation Cups Filters 1.0.15 Linuxfoundation Cups Filters 1.0.16 Linuxfoundation Cups Filters 1.0.17 Linuxfoundation Cups Filters 1.0.18 Linuxfoundation Cups Filters 1.0.19 Linuxfoundation Cups Filters 1.0.20 Linuxfoundation Cups Filters 1.0.21 Linuxfoundation Cups Filters 1.0.22 Linuxfoundation Cups Filters 1.0.23 Linuxfoundation Cups Filters 1.0.24 Linuxfoundation Cups Filters 1.0.25 Linuxfoundation Cups Filters 1.0.26 Linuxfoundation Cups Filters 1.0.27 Linuxfoundation Cups Filters 1.0.28 Linuxfoundation Cups Filters 1.0.29 Linuxfoundation Cups Filters 1.0.30 Linuxfoundation Cups Filters 1.0.31 Linuxfoundation Cups Filters 1.0.32 Linuxfoundation Cups Filters 1.0.33 Linuxfoundation Cups Filters 1.0.34 Linuxfoundation Cups Filters 1.0.35 Linuxfoundation Cups Filters 1.0.36 Linuxfoundation Cups Filters 1.0.37 Linuxfoundation Cups Filters 1.0.38 Linuxfoundation Cups Filters 1.0.39 Linuxfoundation Cups Filters 1.0.40 Linuxfoundation Cups Filters 1.0.41 Linuxfoundation Cups Filters 1.0.42 Linuxfoundation Cups Filters 1.0.43 Linuxfoundation Cups Filters 1.0.44 Linuxfoundation Cups Filters 1.0.45 Linuxfoundation Cups Filters 1.0.46 Linuxfoundation Cups Filters 1.0.47 Linuxfoundation Cups Filters 1.0.48 Linuxfoundation Cups Filters 1.0.49 Linuxfoundation Cups Filters 1.0.50 Linuxfoundation Cups Filters 1.0.51 Linuxfoundation Cups Filters 1.0.52 Linuxfoundation Cups Filters 1.0.53 Linuxfoundation Cups Filters 1.0.54 Linuxfoundation Cups Filters 1.0.55 Linuxfoundation Cups Filters 1.0.56 Linuxfoundation Cups Filters 1.0.57 Linuxfoundation Cups Filters 1.0.58 Linuxfoundation Cups Filters 1.0.59 Linuxfoundation Cups Filters 1.0.60 Linuxfoundation Cups Filters 1.0.61 Linuxfoundation Cups Filters 1.0.62 Linuxfoundation Cups Filters 1.0.63 Linuxfoundation Cups Filters 1.0.64 Linuxfoundation Cups Filters 1.0.65 Linuxfoundation Cups Filters 1.0.66 Linuxfoundation Cups Filters 1.0.67 Linuxfoundation Cups Filters 1.0.68 Linuxfoundation Cups Filters 1.0.69 Linuxfoundation Cups Filters 1.0.70	71
OS	Canonical Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 14.10 Canonical Ubuntu Linux 15.04	4
OS	Debian Debian Debian Linux 7.1 Debian Debian Linux 8.0	2

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-314.NASL
description	Petr Sklenar of Red Hat discovered that the texttopdf tool, part of cups filters, was susceptible to multiple heap-based buffer and integer overflows due to improper handling of print jobs. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code. For Debian 6
last seen	2020-03-17
modified	2015-09-25
plugin id	86127
published	2015-09-25
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/86127
title	Debian DLA-314-1 : cups security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-314-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(86127); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_bugtraq_id(75436, 75557); script_name(english:"Debian DLA-314-1 : cups security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Petr Sklenar of Red Hat discovered that the texttopdf tool, part of cups filters, was susceptible to multiple heap-based buffer and integer overflows due to improper handling of print jobs. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code. For Debian 6 'Squeeze', this issue has been fixed in cups version 1.4.4-7+squeeze10. For Wheezy and Jessie, this has been fixed in the cups-filter package. We recommend you to upgrade your cups packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/ NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/09/msg00009.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/cups" ); script_set_attribute( attribute:"see_also", value:"https://wiki.debian.org/LTS/" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups-bsd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups-ppdc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cupsddk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcups2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcups2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupscgi1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupscgi1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupsdriver1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupsdriver1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupsimage2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupsimage2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupsmime1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupsmime1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupsppdc1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcupsppdc1-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"cups", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"cups-bsd", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"cups-client", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"cups-common", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"cups-dbg", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"cups-ppdc", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"cupsddk", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcups2", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcups2-dev", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupscgi1", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupscgi1-dev", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupsdriver1", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupsdriver1-dev", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupsimage2", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupsimage2-dev", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupsmime1", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupsmime1-dev", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupsppdc1", reference:"1.4.4-7+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libcupsppdc1-dev", reference:"1.4.4-7+squeeze10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2659-1.NASL
description	Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly handled line sizes. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code as the lp user. (CVE-2015-3258, CVE-2015-3279). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84564
published	2015-07-07
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84564
title	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : cups-filters vulnerabilities (USN-2659-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2659-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(84564); script_version("2.8"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_bugtraq_id(75436); script_xref(name:"USN", value:"2659-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : cups-filters vulnerabilities (USN-2659-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly handled line sizes. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code as the lp user. (CVE-2015-3258, CVE-2015-3279). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2659-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected cups-filters package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-filters"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04\|14\.04\|14\.10\|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10 / 15.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"cups-filters", pkgver:"1.0.18-0ubuntu0.4")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"cups-filters", pkgver:"1.0.52-0ubuntu1.5")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"cups-filters", pkgver:"1.0.61-0ubuntu2.3")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"cups-filters", pkgver:"1.0.67-0ubuntu2.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-2360.NASL
description	Updated cups-filters packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the
last seen	2020-06-01
modified	2020-06-02
plugin id	87152
published	2015-12-02
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87152
title	CentOS 7 : cups-filters (CESA-2015:2360)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2360 and # CentOS Errata and Security Advisory 2015:2360 respectively. # include("compat.inc"); if (description) { script_id(87152); script_version("2.6"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_xref(name:"RHSA", value:"2015:2360"); script_name(english:"CentOS 7 : cups-filters (CESA-2015:2360)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated cups-filters packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. (CVE-2015-3258, CVE-2015-3279) The CVE-2015-3258 issue was discovered by Petr Sklenar of Red Hat. Notably, this update also fixes the following bug : * Previously, when polling CUPS printers from a CUPS server, when a printer name contained an underscore (_), the client displayed the name containing a hyphen (-) instead. This made the print queue unavailable. With this update, CUPS allows the underscore character in printer names, and printers appear as shown on the CUPS server as expected. (BZ#1167408) In addition, this update adds the following enhancement : * Now, the information from local and remote CUPS servers is cached during each poll, and the CUPS server load is reduced. (BZ#1191691) All cups-filters users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement." ); # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002181.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e73baac" ); script_set_attribute( attribute:"solution", value:"Update the affected cups-filters packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3258"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-filters-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-filters-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-filters-1.0.35-21.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-filters-devel-1.0.35-21.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-filters-libs-1.0.35-21.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-devel / cups-filters-libs"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-492.NASL
description	cups-filters was updated to fix three security issues. These security issues were fixed : - CVE-2015-2265: The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allowed remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707 (bsc#921753). - CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018). - CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281).
last seen	2020-06-05
modified	2015-07-15
plugin id	84756
published	2015-07-15
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84756
title	openSUSE Security Update : cups-filters (openSUSE-2015-492)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-492. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(84756); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-2707", "CVE-2015-2265", "CVE-2015-3258", "CVE-2015-3279"); script_name(english:"openSUSE Security Update : cups-filters (openSUSE-2015-492)"); script_summary(english:"Check for the openSUSE-2015-492 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "cups-filters was updated to fix three security issues. These security issues were fixed : - CVE-2015-2265: The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allowed remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707 (bsc#921753). - CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018). - CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=921753" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=936281" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=937018" ); script_set_attribute( attribute:"solution", value:"Update the affected cups-filters packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-cups-browsed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-cups-browsed-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-foomatic-rip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-foomatic-rip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-ghostscript-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-cups-browsed-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-cups-browsed-debuginfo-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-debuginfo-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-debugsource-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-devel-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-foomatic-rip-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-foomatic-rip-debuginfo-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-ghostscript-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-ghostscript-debuginfo-1.0.58-2.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-cups-browsed / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-11192.NASL
description	Fixes CVE-2015-3258 & CVE-2015-3279 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-07-20
plugin id	84844
published	2015-07-20
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84844
title	Fedora 21 : cups-filters-1.0.71-1.fc21 (2015-11192)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-11192. # include("compat.inc"); if (description) { script_id(84844); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_xref(name:"FEDORA", value:"2015-11192"); script_name(english:"Fedora 21 : cups-filters-1.0.71-1.fc21 (2015-11192)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVE-2015-3258 & CVE-2015-3279 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162145.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?02f1dfab" ); script_set_attribute( attribute:"solution", value:"Update the affected cups-filters package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-filters"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"cups-filters-1.0.71-1.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-11163.NASL
description	Fixes CVE-2015-3258 & CVE-2015-3279 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-07-15
plugin id	84753
published	2015-07-15
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84753
title	Fedora 22 : cups-filters-1.0.71-1.fc22 (2015-11163)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-11163. # include("compat.inc"); if (description) { script_id(84753); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_xref(name:"FEDORA", value:"2015-11163"); script_name(english:"Fedora 22 : cups-filters-1.0.71-1.fc22 (2015-11163)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVE-2015-3258 & CVE-2015-3279 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161930.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bac0da65" ); script_set_attribute( attribute:"solution", value:"Update the affected cups-filters package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-filters"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"cups-filters-1.0.71-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1377-1.NASL
description	cups-filters was updated to fix two security issues. These security issues were fixed : - CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018). - CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	85398
published	2015-08-14
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85398
title	SUSE SLED12 / SLES12 Security Update : cups-filters (SUSE-SU-2015:1377-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:1377-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(85398); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:12"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_bugtraq_id(75436, 75557); script_name(english:"SUSE SLED12 / SLES12 Security Update : cups-filters (SUSE-SU-2015:1377-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "cups-filters was updated to fix two security issues. These security issues were fixed : - CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018). - CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936281" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937018" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3258/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3279/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20151377-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?515f8e4c" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-393=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-393=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters-cups-browsed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters-cups-browsed-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters-foomatic-rip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters-foomatic-rip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters-ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cups-filters-ghostscript-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12\|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-1.0.58-8.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-cups-browsed-1.0.58-8.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-cups-browsed-debuginfo-1.0.58-8.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-debuginfo-1.0.58-8.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-debugsource-1.0.58-8.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-foomatic-rip-1.0.58-8.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-foomatic-rip-debuginfo-1.0.58-8.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-ghostscript-1.0.58-8.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"cups-filters-ghostscript-debuginfo-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-cups-browsed-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-cups-browsed-debuginfo-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-debuginfo-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-debugsource-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-foomatic-rip-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-foomatic-rip-debuginfo-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-ghostscript-1.0.58-8.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"cups-filters-ghostscript-debuginfo-1.0.58-8.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-2360.NASL
description	From Red Hat Security Advisory 2015:2360 : Updated cups-filters packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the
last seen	2020-06-01
modified	2020-06-02
plugin id	87035
published	2015-11-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87035
title	Oracle Linux 7 : cups-filters (ELSA-2015-2360)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2360 and # Oracle Linux Security Advisory ELSA-2015-2360 respectively. # include("compat.inc"); if (description) { script_id(87035); script_version("1.6"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_xref(name:"RHSA", value:"2015:2360"); script_name(english:"Oracle Linux 7 : cups-filters (ELSA-2015-2360)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:2360 : Updated cups-filters packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. (CVE-2015-3258, CVE-2015-3279) The CVE-2015-3258 issue was discovered by Petr Sklenar of Red Hat. Notably, this update also fixes the following bug : * Previously, when polling CUPS printers from a CUPS server, when a printer name contained an underscore (_), the client displayed the name containing a hyphen (-) instead. This made the print queue unavailable. With this update, CUPS allows the underscore character in printer names, and printers appear as shown on the CUPS server as expected. (BZ#1167408) In addition, this update adds the following enhancement : * Now, the information from local and remote CUPS servers is cached during each poll, and the CUPS server load is reduced. (BZ#1191691) All cups-filters users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-November/005570.html" ); script_set_attribute( attribute:"solution", value:"Update the affected cups-filters packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-filters-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-filters-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"cups-filters-1.0.35-21.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"cups-filters-devel-1.0.35-21.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"cups-filters-libs-1.0.35-21.el7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-devel / cups-filters-libs"); }

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_BF1D933121B611E586FF14DAE9D210B8.NASL
description	Stefan Cornelius from Red Hat reports : An integer overflow flaw leading to a heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the
last seen	2020-06-01
modified	2020-06-02
plugin id	84528
published	2015-07-06
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84528
title	FreeBSD : cups-filters -- texttopdf integer overflow (bf1d9331-21b6-11e5-86ff-14dae9d210b8)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(84528); script_version("2.6"); script_cvs_date("Date: 2018/11/23 12:49:57"); script_cve_id("CVE-2015-3279"); script_name(english:"FreeBSD : cups-filters -- texttopdf integer overflow (bf1d9331-21b6-11e5-86ff-14dae9d210b8)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Stefan Cornelius from Red Hat reports : An integer overflow flaw leading to a heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. Tim Waugh reports : The Page allocation is moved into textcommon.c, where it does all the necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds for CVE-2015-3259 due to integer overflows for the calloc() call initializing Page[0] and the memset() call in texttopdf.c's WritePage() function zeroing the entire array." ); # https://access.redhat.com/security/cve/CVE-2015-3279 script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-3279" ); # http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?35f4859f" ); script_set_attribute( attribute:"see_also", value:"http://osdir.com/ml/opensource-software-security/2015-07/msg00021.html" ); # https://vuxml.freebsd.org/freebsd/bf1d9331-21b6-11e5-86ff-14dae9d210b8.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?16853316" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:cups-filters"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"cups-filters<1.0.71")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201510-08.NASL
description	The remote host is affected by the vulnerability described in GLSA-201510-08 (cups-filters: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cups-filters. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted print job using cups-filters, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	86693
published	2015-11-02
reporter	This script is Copyright (C) 2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/86693
title	GLSA-201510-08 : cups-filters: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201510-08. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(86693); script_version("$Revision: 2.1 $"); script_cvs_date("$Date: 2015/11/02 14:33:25 $"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_xref(name:"GLSA", value:"201510-08"); script_name(english:"GLSA-201510-08 : cups-filters: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201510-08 (cups-filters: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cups-filters. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted print job using cups-filters, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201510-08" ); script_set_attribute( attribute:"solution", value: "All cups-filters users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-print/cups-filters-1.0.71'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cups-filters"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/10/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-print/cups-filters", unaffected:make_list("ge 1.0.71"), vulnerable:make_list("lt 1.0.71"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20151119_CUPS_FILTERS_ON_SL7_X.NASL
description	A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the
last seen	2020-03-18
modified	2015-12-22
plugin id	87553
published	2015-12-22
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87553
title	Scientific Linux Security Update : cups-filters on SL7.x x86_64 (20151119)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(87553); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_name(english:"Scientific Linux Security Update : cups-filters on SL7.x x86_64 (20151119)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. (CVE-2015-3258, CVE-2015-3279) Notably, this update also fixes the following bug : - Previously, when polling CUPS printers from a CUPS server, when a printer name contained an underscore (_), the client displayed the name containing a hyphen (-) instead. This made the print queue unavailable. With this update, CUPS allows the underscore character in printer names, and printers appear as shown on the CUPS server as expected. In addition, this update adds the following enhancement : - Now, the information from local and remote CUPS servers is cached during each poll, and the CUPS server load is reduced." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=6636 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dbff5690" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cups-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cups-filters-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cups-filters-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cups-filters-libs"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cups-filters-1.0.35-21.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cups-filters-debuginfo-1.0.35-21.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cups-filters-devel-1.0.35-21.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cups-filters-libs-1.0.35-21.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-debuginfo / cups-filters-devel / etc"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-2360.NASL
description	Updated cups-filters packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the
last seen	2020-06-01
modified	2020-06-02
plugin id	86984
published	2015-11-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86984
title	RHEL 7 : cups-filters (RHSA-2015:2360)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2360. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(86984); script_version("2.11"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_xref(name:"RHSA", value:"2015:2360"); script_name(english:"RHEL 7 : cups-filters (RHSA-2015:2360)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated cups-filters packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. (CVE-2015-3258, CVE-2015-3279) The CVE-2015-3258 issue was discovered by Petr Sklenar of Red Hat. Notably, this update also fixes the following bug : * Previously, when polling CUPS printers from a CUPS server, when a printer name contained an underscore (_), the client displayed the name containing a hyphen (-) instead. This made the print queue unavailable. With this update, CUPS allows the underscore character in printer names, and printers appear as shown on the CUPS server as expected. (BZ#1167408) In addition, this update adds the following enhancement : * Now, the information from local and remote CUPS servers is cached during each poll, and the CUPS server load is reduced. (BZ#1191691) All cups-filters users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:2360" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-3258" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-3279" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-filters-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-filters-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-filters-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:2360"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"cups-filters-1.0.35-21.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"cups-filters-1.0.35-21.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"cups-filters-debuginfo-1.0.35-21.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"cups-filters-devel-1.0.35-21.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"cups-filters-libs-1.0.35-21.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-debuginfo / cups-filters-devel / etc"); } }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3303.NASL
description	It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	84598
published	2015-07-08
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84598
title	Debian DSA-3303-1 : cups-filters - security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3303. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(84598); script_version("2.7"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2015-3258", "CVE-2015-3279"); script_bugtraq_id(75436, 75557); script_xref(name:"DSA", value:"3303"); script_name(english:"Debian DSA-3303-1 : cups-filters - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/cups-filters" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/cups-filters" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3303" ); script_set_attribute( attribute:"solution", value: "Upgrade the cups-filters packages. For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.18-2.1+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 1.0.61-5+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups-filters"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"cups-filters", reference:"1.0.18-2.1+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libcupsfilters-dev", reference:"1.0.18-2.1+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libcupsfilters1", reference:"1.0.18-2.1+deb7u2")) flag++; if (deb_check(release:"8.0", prefix:"cups-browsed", reference:"1.0.61-5+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"cups-filters", reference:"1.0.61-5+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"cups-filters-core-drivers", reference:"1.0.61-5+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libcupsfilters-dev", reference:"1.0.61-5+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libcupsfilters1", reference:"1.0.61-5+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libfontembed-dev", reference:"1.0.61-5+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libfontembed1", reference:"1.0.61-5+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories

bugzilla

id	1238990
title	CVE-2015-3279 cups-filters: texttopdf integer overflow

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment cups-filters-devel is earlier than 0:1.0.35-21.el7
oval oval:com.redhat.rhsa:tst:20152360001
comment cups-filters-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141795002

AND
comment cups-filters is earlier than 0:1.0.35-21.el7
oval oval:com.redhat.rhsa:tst:20152360003
comment cups-filters is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141795006

AND

comment cups-filters-libs is earlier than 0:1.0.35-21.el7
oval oval:com.redhat.rhsa:tst:20152360005
comment cups-filters-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141795004

rhsa

id	RHSA-2015:2360
released	2015-11-19
severity	Moderate
title	RHSA-2015:2360: cups-filters security, bug fix, and enhancement update (Moderate)

rpms

cups-filters-0:1.0.35-21.el7
cups-filters-debuginfo-0:1.0.35-21.el7
cups-filters-devel-0:1.0.35-21.el7
cups-filters-libs-0:1.0.35-21.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References