FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Gentoo security team summarizes :

The following issues were reported in CUPS :

- iDefense reported an integer overflow in the _cupsImageReadTIFF()
function in the 'imagetops' filter, leading to a heap-based buffer
overflow (CVE-2009-0163).

- Aaron Siegel of Apple Product Security reported that the CUPS web
interface does not verify the content of the 'Host' HTTP header
properly (CVE-2009-0164).

- Braden Thomas and Drew Yao of Apple Product Security reported that
CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166,
found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially
crafted print job to CUPS, possibly resulting in the execution of
arbitrary code with the privileges of the configured CUPS user -- by
default this is 'lp', or a Denial of Service. Furthermore, the web
interface could be used to conduct DNS rebinding attacks.

See also :

http://www.cups.org/articles.php?L582
http://www.nessus.org/u?798006fa

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 38705 (freebsd_pkg_736e55bc39bb11dea493001b77d09812.nasl)

Bugtraq ID: 34568
34571
34665

CVE ID: CVE-2009-0146
CVE-2009-0147
CVE-2009-0163
CVE-2009-0164
CVE-2009-0166

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now