SuSE9 Security Update : Cups (YOU Patch Number 11965)

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 9 host is missing a security-related patch.

Description :

A number of vulnerabilities have been found in the xpdf code used by
cups which could be exploited, potentially remotely, by tricking the
user to print a specially crafted PDF file.

The vulnerabilities are in the source code file Stream.cc and may
allow execution of arbitrary code with the privileges of the user
viewing the PDF. Specifically, these are an array indexing error
leading to memory corruption (CVE-2007-4352), a possible integer
overflow causing to a buffer overflow (CVE-2007-5392) and a boundary
check error that can also cause a buffer overflow. (CVE-2007-5393)

See also :

http://support.novell.com/security/cve/CVE-2007-4352.html
http://support.novell.com/security/cve/CVE-2007-5392.html
http://support.novell.com/security/cve/CVE-2007-5393.html

Solution :

Apply YOU patch number 11965.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 41166 ()

Bugtraq ID:

CVE ID: CVE-2007-4352
CVE-2007-5392
CVE-2007-5393

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now