How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated cups packages that fix denial of service issues, a security
information leak, as well as other various bugs are now available.
The Common UNIX Printing System (CUPS) is a print spooler.
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code
used for parsing PDF files and is therefore affected by these bugs. An
attacker who has the ability to send a malicious PDF file to a printer
could cause CUPS to crash or possibly execute arbitrary code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0888 to this issue.
When set up to print to a shared printer via Samba, CUPS would
authenticate with that shared printer using a username and password.
By default, the username and password used to connect to the Samba
share is written into the error log file. A local user who is able to
read the error log file could collect these usernames and passwords.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0923 to this issue.
These updated packages also include a fix that prevents some CUPS
configuration files from being accidentally replaced.
All users of CUPS should upgrade to these updated packages, which
resolve these issues.
See also :
Update the affected cups, cups-devel and / or cups-libs packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 15630 ()
CVE ID: CVE-2004-0888CVE-2004-0923
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.