Debian DSA-1530-1 : cupsys - Several vulnerabilities

Critical Nessus Plugin ID 31663

Synopsis

The remote Debian host is missing a security-related update.

Description

Several local/remote vulnerabilities have been discovered in cupsys, the Common Unix Printing System. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2008-0047 Heap-based buffer overflow in CUPS, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

- CVE-2008-0882 Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly the execution of arbitrary code via crafted packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer.

Solution

Upgrade the cupsys packages.

For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch3.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472105

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467653

https://security-tracker.debian.org/tracker/CVE-2008-0047

https://security-tracker.debian.org/tracker/CVE-2008-0882

https://www.debian.org/security/2008/dsa-1530

Plugin Details

Severity: Critical

ID: 31663

File Name: debian_DSA-1530.nasl

Version: 1.17

Type: local

Agent: unix

Published: 2008/03/26

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:cupsys, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/03/25

Reference Information

CVE: CVE-2008-0047, CVE-2008-0882

BID: 27906, 28307

DSA: 1530

CWE: 119