 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.52231 |
| Kategorie: | FreeBSD Local Security Checks |
| Titel: | FreeBSD Ports: cups-lpr, fr-cups-lpr |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: cups-lpr fr-cups-lpr CVE-2004-1268 lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. CVE-2004-1269 lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. CVE-2004-1270 lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message. Solution: Update your system with the appropriate patches or software upgrades. http://www.cups.org/str.php?L1023 http://tigger.uic.edu/~ jlongs2/holes/cups2.txt http://www.vuxml.org/freebsd/7850a238-680a-11d9-a9e7-0001020eed82.html CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Querverweis: |
BugTraq ID: 12007 BugTraq ID: 12004 Common Vulnerability Exposure (CVE) ID: CVE-2004-1268 http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:008 http://tigger.uic.edu/~jlongs2/holes/cups2.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398 http://www.redhat.com/support/errata/RHSA-2005-013.html http://www.redhat.com/support/errata/RHSA-2005-053.html https://usn.ubuntu.com/50-1/ XForce ISS Database: cups-lppasswd-passwd-truncate(18606) https://exchange.xforce.ibmcloud.com/vulnerabilities/18606 Common Vulnerability Exposure (CVE) ID: CVE-2004-1269 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545 XForce ISS Database: cups-lppasswd-dos(18608) https://exchange.xforce.ibmcloud.com/vulnerabilities/18608 Common Vulnerability Exposure (CVE) ID: CVE-2004-1270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507 XForce ISS Database: cups-lppasswd-passwd-modify(18609) https://exchange.xforce.ibmcloud.com/vulnerabilities/18609 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |