Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64

Critical Nessus Plugin ID 60378

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

SL5 Only: A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the 'lp' user. Please note: the default CUPS configuration in Red Hat Enterprise Linux 5 does not allow remote connections to the IPP TCP port. (CVE-2008-0047)

Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the 'lp' user if the file is printed.
(CVE-2008-0053)

A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters 'imagetops' and 'imagetoraster'.
An attacker could create a malicious GIF file that could possibly execute arbitrary code as the 'lp' user if the file was printed.
(CVE-2008-1373)

SL 3 & 4 Only: It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Scientific Linux 3 and 4 did not completely resolve the integer overflow in the 'pdftops' filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1374)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?c90d8c09

Plugin Details

Severity: Critical

ID: 60378

File Name: sl_20080401_cups_on_SL3_x.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2012/08/01

Updated: 2019/01/07

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2008/04/01

Reference Information

CVE: CVE-2004-0888, CVE-2008-0047, CVE-2008-0053, CVE-2008-1373, CVE-2008-1374

CWE: 119, 189