Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.850659
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for cups (openSUSE-SU-2015:1056-1)
Zusammenfassung:The remote host is missing an update for the 'cups'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'cups'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update fixes the following issues:

- CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation
via cross-site scripting and bad print job submission used to replace
cupsd.conf on server (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158
CVE-2015-1159 bugzilla.suse.com bsc#924208). In general it is crucial to
limit access to CUPS to trustworthy users who do not misuse their
permission to submit print jobs which means to upload arbitrary data
onto the CUPS server, see the references and cf. the
entries about CVE-2012-5519.

Affected Software/OS:
cups on openSUSE 13.1

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-5519
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
BugTraq ID: 56494
http://www.securityfocus.com/bid/56494
http://www.openwall.com/lists/oss-security/2012/11/10/5
http://www.openwall.com/lists/oss-security/2012/11/11/2
http://www.openwall.com/lists/oss-security/2012/11/11/5
RedHat Security Advisories: RHSA-2013:0580
http://rhn.redhat.com/errata/RHSA-2013-0580.html
SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
http://www.ubuntu.com/usn/USN-1654-1
XForce ISS Database: cups-systemgroup-priv-esc(80012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80012
Common Vulnerability Exposure (CVE) ID: CVE-2015-1158
BugTraq ID: 75098
http://www.securityfocus.com/bid/75098
CERT/CC vulnerability note: VU#810572
http://www.kb.cert.org/vuls/id/810572
Debian Security Information: DSA-3283 (Google Search)
http://www.debian.org/security/2015/dsa-3283
https://www.exploit-db.com/exploits/37336/
https://www.exploit-db.com/exploits/41233/
https://security.gentoo.org/glsa/201510-07
http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html
https://code.google.com/p/google-security-research/issues/detail?id=455
https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py
RedHat Security Advisories: RHSA-2015:1123
http://rhn.redhat.com/errata/RHSA-2015-1123.html
http://www.securitytracker.com/id/1032556
http://www.ubuntu.com/usn/USN-2629-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1159
BugTraq ID: 75106
http://www.securityfocus.com/bid/75106
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.