This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
SL5 Only: A heap buffer overflow flaw was found in a CUPS
administration interface CGI script. A local attacker able to connect
to the IPP port (TCP port 631) could send a malicious request causing
the script to crash or, potentially, execute arbitrary code as the
'lp' user. Please note: the default CUPS configuration in Red Hat
Enterprise Linux 5 does not allow remote connections to the IPP TCP
Two overflows were discovered in the HP-GL/2-to-PostScript filter. An
attacker could create a malicious HP-GL/2 file that could possibly
execute arbitrary code as the 'lp' user if the file is printed.
A buffer overflow flaw was discovered in the GIF decoding routines
used by CUPS image converting filters 'imagetops' and 'imagetoraster'.
An attacker could create a malicious GIF file that could possibly
execute arbitrary code as the 'lp' user if the file was printed.
SL 3 &
4 Only: It was discovered that the patch used to address
CVE-2004-0888 in CUPS packages in Scientific Linux 3 and 4 did not
completely resolve the integer overflow in the 'pdftops' filter on
64-bit platforms. An attacker could create a malicious PDF file that
could possibly execute arbitrary code as the 'lp' user if the file was
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0