SUSE-SA:2004:031: cups

high Nessus Plugin ID 14730

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2004:031 (cups).


The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP).
Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive.
Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups.
It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'.

Solution

http://www.suse.de/security/2004_31_cups.html

Plugin Details

Severity: High

ID: 14730

File Name: suse_SA_2004_031.nasl

Version: 1.14

Agent: unix

Published: 9/15/2004

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2004-0558, CVE-2004-0801

BID: 11183, 11184