This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
SL5 Only: A heap buffer overflow flaw was found in a CUPS
administration interface CGI script. A local attacker able to connect
to the IPP port (TCP port 631) could send a malicious request causing
the script to crash or, potentially, execute arbitrary code as the
'lp' user. Please note: the default CUPS configuration in Red Hat
Enterprise Linux 5 does not allow remote connections to the IPP TCP
Two overflows were discovered in the HP-GL/2-to-PostScript filter. An
attacker could create a malicious HP-GL/2 file that could possibly
execute arbitrary code as the 'lp' user if the file is printed.
A buffer overflow flaw was discovered in the GIF decoding routines
used by CUPS image converting filters 'imagetops' and 'imagetoraster'.
An attacker could create a malicious GIF file that could possibly
execute arbitrary code as the 'lp' user if the file was printed.
SL 3 &
4 Only: It was discovered that the patch used to address
CVE-2004-0888 in CUPS packages in Scientific Linux 3 and 4 did not
completely resolve the integer overflow in the 'pdftops' filter on
64-bit platforms. An attacker could create a malicious PDF file that
could possibly execute arbitrary code as the 'lp' user if the file was
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60378 ()
CVE ID: CVE-2004-0888CVE-2008-0047CVE-2008-0053CVE-2008-1373CVE-2008-1374
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.