Eng

Services

Security Assessment

Website Security Audit

Network Penetration Testing

Solutions

DataCenter GreenZone

Web Application Security

Vulnerability Assessment

Intrusion Protection System

News and Events

Search: Advanced search

server monitoring

USN50-1 : cupsys vulnerabilities

Article ID: 20668

Last updated: 27 Jan, 2009

Print

Email to friend

Views: 347

Posted: 22 Jan, 2009
by: Tech Pubs S.

Updated: 27 Jan, 2009
by: Tech Pubs S.

USN50-1 : cupsys vulnerabilities

Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Tenable Network Security, Inc.


Family	Ubuntu Local Security Checks
Plugin ID	20668
Bugtraq ID
CVE ID	CVE-2004-1125 CVE-2004-1267 CVE-2004-1268 CVE-2004-1269 CVE-2004-1270 CVE-2004-2467

Description:
Synopsis : These remote packages are missing security patches : - cupsys - cupsys-bsd - cupsys-client - libcupsimage2 - libcupsimage2-dev - libcupsys2-dev - libcupsys2-gnutls10 Description : CVE-2004-1125: The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS contains xpdf code to convert incoming PDF files to the PostScript format, this vulnerability applies to cups as well. In this case it could even lead to privilege escalation: if an attacker submitted a malicious PDF file for printing, he could be able to execute arbitrary commands with the privileges of the CUPS server. Please note that the Ubuntu version of CUPS runs as a minimally privileged user cupsys by default, so there is no possibility of root privilege escalation. The privileges of the cupsys user are confined to modifying printer configurations, altering print jobs, and controlling printers. CVE-2004-1267: Ariel Berkman discovered a buffer overflow in the ParseCommand() function of the HPGL input driver. If an attacker printed a malicious HPGL file, they could exploit this to execute arbitrary commands with the privileges of the CUPS server. CVE-2004-1268, CVE-2004-1269, CAN [...] Solution : Upgrade to : - cupsys-1.1.20final+cvs20040330-4ubuntu16.3 (Ubuntu 4.10) - cupsys-bsd-1.1.20final+cvs20040330-4ubuntu16.3 (Ubuntu 4.10) - cupsys-client-1.1.20final+cvs20040330-4ubuntu16.3 (Ubuntu 4.10) - libcupsimage2-1.1.20final+cvs20040330-4ubuntu16.3 (Ubuntu 4.10) - libcupsimage2-dev-1.1.20final+cvs20040330-4ubuntu16.3 (Ubuntu 4.10) - libcupsys2-dev-1.1.20final+cvs20040330-4ubuntu16.3 (Ubuntu 4.10) - libcupsys2-gnutls10-1.1.20final+cvs20040330-4ubuntu16.3 (Ubuntu 4.10) Risk factor : High

This article was: Helpful | Not Helpful

Prev		Next
USN322-1 : Konqueror vulnerability		USN368-1 : Qt vulnerability

server monitoring