Ubuntu Security Notice (C) 2009-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that CUPS didn't properly handle adding a large
number of RSS subscriptions. A local user could exploit this and cause
CUPS to crash, leading to a denial of service. This issue only applied
to Ubuntu 7.10, 8.04 LTS and 8.10. (CVE-2008-5183)
It was discovered that CUPS did not authenticate users when adding and
cancelling RSS subscriptions. An unprivileged local user could bypass
intended restrictions and add a large number of RSS subscriptions.
This issue only applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)
It was discovered that the PNG filter in CUPS did not properly handle
certain malformed images. If a user or automated system were tricked
into opening a crafted PNG image file, a remote attacker could cause a
denial of service or execute arbitrary code with user privileges. In
Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the
AppArmor CUPS profile. (CVE-2008-5286)
It was discovered that the example pstopdf CUPS filter created log
files in an insecure way. Local users could exploit a race condition
to create or overwrite files with the privileges of the user invoking
the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and
8.04 LTS. (CVE-2008-5377).
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true