English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.16141
Categoría:Gain a shell remotely
Título:CUPS < 1.1.23 Multiple Vulnerabilities
Resumen:The remote host is running a CUPS server whose version number is; between 1.0.4 and 1.1.22 inclusive. Such versions are prone to; multiple vulnerabilities :;; - The is_path_absolute function in scheduler/client.c for the; daemon in CUPS allows remote attackers to cause a denial; of service (CPU consumption by tight loop) via a '..\..'; URL in an HTTP request.;; - A remotely exploitable buffer overflow in the 'hpgltops'; filter that enable specially crafted HPGL files can; execute arbitrary commands as the CUPS 'lp' account.;; - A local user may be able to prevent anyone from changing; his or her password until a temporary copy of the new; password file is cleaned up ('lppasswd' flaw).;; - A local user may be able to add arbitrary content to the; password file by closing the stderr file descriptor; while running lppasswd (lppasswd flaw).;; - A local attacker may be able to truncate the CUPS; password file, thereby denying service to valid clients; using digest authentication. (lppasswd flaw).;; - The application applies ACLs to incoming print jobs in a; case-sensitive fashion. Thus, an attacker can bypass; restrictions by changing the case in printer names when; submitting jobs. [Fixed in 1.1.21.]
Descripción:Summary:
The remote host is running a CUPS server whose version number is
between 1.0.4 and 1.1.22 inclusive. Such versions are prone to
multiple vulnerabilities :

- The is_path_absolute function in scheduler/client.c for the
daemon in CUPS allows remote attackers to cause a denial
of service (CPU consumption by tight loop) via a '..\..'
URL in an HTTP request.

- A remotely exploitable buffer overflow in the 'hpgltops'
filter that enable specially crafted HPGL files can
execute arbitrary commands as the CUPS 'lp' account.

- A local user may be able to prevent anyone from changing
his or her password until a temporary copy of the new
password file is cleaned up ('lppasswd' flaw).

- A local user may be able to add arbitrary content to the
password file by closing the stderr file descriptor
while running lppasswd (lppasswd flaw).

- A local attacker may be able to truncate the CUPS
password file, thereby denying service to valid clients
using digest authentication. (lppasswd flaw).

- The application applies ACLs to incoming print jobs in a
case-sensitive fashion. Thus, an attacker can bypass
restrictions by changing the case in printer names when
submitting jobs. [Fixed in 1.1.21.]

Solution:
Upgrade to CUPS 1.1.23 or later.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 11968
BugTraq ID: 12004
BugTraq ID: 12005
BugTraq ID: 12007
BugTraq ID: 12200
BugTraq ID: 14265
Common Vulnerability Exposure (CVE) ID: CVE-2004-1267
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
http://tigger.uic.edu/~jlongs2/holes/cups.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620
http://www.redhat.com/support/errata/RHSA-2005-013.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
https://usn.ubuntu.com/50-1/
XForce ISS Database: cups-parsecommand-hpgl-bo(18604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18604
Common Vulnerability Exposure (CVE) ID: CVE-2004-1268
http://tigger.uic.edu/~jlongs2/holes/cups2.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398
XForce ISS Database: cups-lppasswd-passwd-truncate(18606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18606
Common Vulnerability Exposure (CVE) ID: CVE-2004-1269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545
XForce ISS Database: cups-lppasswd-dos(18608)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18608
Common Vulnerability Exposure (CVE) ID: CVE-2004-1270
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507
XForce ISS Database: cups-lppasswd-passwd-modify(18609)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18609
Common Vulnerability Exposure (CVE) ID: CVE-2005-2874
http://lwn.net/Alerts/152835/
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9774
http://www.redhat.com/support/errata/RHSA-2005-772.html
http://securitytracker.com/id?1012811
CopyrightThis script is Copyright (C) 2005 George A. Theall

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.