Mandriva Linux Security Advisory : cups (MDVSA-2010:232)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities were discovered and corrected in cups :

Cross-site request forgery (CSRF) vulnerability in the web interface
in CUPS, allows remote attackers to hijack the authentication of
administrators for requests that change settings (CVE-2010-0540).

The _WriteProlog function in texttops.c in texttops in the Text Filter
subsystem in CUPS before 1.4.4 does not check the return values of
certain calloc calls, which allows remote attackers to cause a denial
of service (NULL pointer dereference or heap memory corruption) or
possibly execute arbitrary code via a crafted file (CVE-2010-0542).

The web interface in CUPS, reads uninitialized memory during handling
of form variables, which allows context-dependent attackers to obtain
sensitive information from cupsd process memory via unspecified
vectors (CVE-2010-1748).

The cupsFileOpen function in CUPS before 1.4.4 allows local users,
with lp group membership, to overwrite arbitrary files via a symlink
attack on the (1) /var/cache/cups/remote.cache or (2)
/var/cache/cups/job.cache file (CVE-2010-2431).

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate
memory for attribute values with invalid string data types, which
allows remote attackers to cause a denial of service (use-after-free
and application crash) or possibly execute arbitrary code via a
crafted IPP request (CVE-2010-2941).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 50606 ()

Bugtraq ID: 40889
40897
40943
41131
44530

CVE ID: CVE-2010-0540
CVE-2010-0542
CVE-2010-1748
CVE-2010-2431
CVE-2010-2941

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now