Oval Definition:oval:org.mitre.oval:def:13070
Revision Date:2014-06-23Version:20
Title:DSA-2007-1 cups -- format string vulnerability
Description:Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf. This works as the lppasswd binary happens to be installed with setuid 0 permissions. For the stable distribution, this problem has been fixed in version 1.3.8-1+lenny8. For the testing distribution this problem will be fixed soon. For the unstable distribution this problem has been fixed in version 1.4.2-9.1. We recommend that you upgrade your cups packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-0393
DSA-2007-1
Platform(s):Debian GNU/Linux 5.0
Product(s):cups
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independet section
  • Installed architecture is all
  • AND Packages section
  • cupsys-bsd DPKG is earlier than 1.3.8-1+lenny8
  • OR cupsys-client DPKG is earlier than 1.3.8-1+lenny8
  • OR cupsys-dbg DPKG is earlier than 1.3.8-1+lenny8
  • OR cups-common DPKG is earlier than 1.3.8-1+lenny8
  • OR cupsys DPKG is earlier than 1.3.8-1+lenny8
  • OR libcupsys2 DPKG is earlier than 1.3.8-1+lenny8
  • OR libcupsys2-dev DPKG is earlier than 1.3.8-1+lenny8
  • OR cupsys-common DPKG is earlier than 1.3.8-1+lenny8
  • OR libcups2-dev DPKG is earlier than 1.3.8-1+lenny8
  • OR cups-bsd DPKG is earlier than 1.3.8-1+lenny8
  • OR libcupsimage2-dev DPKG is earlier than 1.3.8-1+lenny8
  • OR libcupsimage2 DPKG is earlier than 1.3.8-1+lenny8
  • OR cups-client DPKG is earlier than 1.3.8-1+lenny8
  • OR libcups2 DPKG is earlier than 1.3.8-1+lenny8
  • OR cups-dbg DPKG is earlier than 1.3.8-1+lenny8
  • OR cups DPKG is earlier than 1.3.8-1+lenny8
    • BACK