NASLDB: SuSE 11.1 Security Update: cups (2010-02-10)
General
ID: 45099
Name: SuSE 11.1 Security Update: cups (2010-02-10)
Summary: Check for the cups package
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –
Port: 0
Family: SuSE Local Security Checks
Type: Local
Description
lppasswd when running setuid or setgid still honors
environment variables that specify the location of message
files. Local attackers could exploit that to gather
information by using crafted format strings (CVE-2010-0393).
The previous fix for a use-after-free vulnerability
(CVE-2009-3553) was incomplete (CVE-2010-0302).
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2009-3553
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2010/03/19
Plugin
Version: 1.5
Filename: suse_11_1_cups-100210.nasl
Filesize: 3197 bytes
MD5 Hash: f966ca08bb732aead967163d19b8aa4a
Identification: Host/SuSE/rpm-list
Require Keys: Host/SuSE/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2010-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack