FreeBSD : CUPS -- local information disclosure (30cea6be-1d0c-11d9-814e-0001020eed82)

low Nessus Plugin ID 36362

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Certain methods of authenticated remote printing in CUPS can disclose user names and passwords in the log files.

A workaround for this problem is to set more strict access permissions on the CUPS logfiles.

Solution

Update the affected package.

See Also

https://support.apple.com/?artnum=61798

https://github.com/apple/cups/issues/920

http://www.nessus.org/u?b6aeb1e5

Plugin Details

Severity: Low

ID: 36362

File Name: freebsd_pkg_30cea6be1d0c11d9814e0001020eed82.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cups-base, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/13/2004

Vulnerability Publication Date: 9/23/2004

Reference Information

CVE: CVE-2004-0923

CERT: 557062

Secunia: 12690