############################################################################### # # Copyright: OS2A and it's member companies # # $Revision: 1.1 $ # # $Log: os2a_DSA-950-1_800329.nasl,v $ # Revision 1.1 2006/01/24 08:54:40 hpavithra # Debian advisory scripts for DSA-950-1, DSA-951-1, DSA-952-1. # # Revision 1.1 2006/01/01 23:08:05 bdoctor # *** empty log message *** # # # ------------------------------------------------------------------------ # This program was written by OS2A and/or it's member companies and is # licensed under the GNU GPL license. Please see below for details. This # header contains information regarding licensing terms under the GPL, and # information regarding obtaining source code from the Author. Consequently, # pursuant to section 3(c) of the GPL, you must accompany the information # found in this header with any distribution you make of this Program. # ------------------------------------------------------------------------ ############################################################################## # The plugin text is copyright Debian, Inc. if (!defined_func("bn_random")) exit(0); if(description) { script_id(800329); script_cve_id("CVE-2005-3627,CVE-2005-3626,CVE-2005-3625,CVE-2005-3624,CVE-2005-3628,CVE-2005-3191,CVE-2005-3193,CVE-2005-3192"); script_version ("$Revision: 1.1 $"); name["english"] = "Debian update for cupsys: DSA-950-1"; script_name(english:name["english"]); desc["english"] = " Overview and Solution: 'infamous41md' and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. For the old stable distribution (woody) these problems have been fixed in version 1.1.14-5woody14. CUPS doesn't use the xpdf source anymore since 1.1.22-7, when it switched to using xpdf-utils for PDF processing. We recommend that you upgrade your CUPS packages. Affected Platforms: Debian 3.0, Debian 3.1 References: http://www.debian.org/security/2006/dsa-950 Risk factor: High"; script_description(english:desc["english"]); summary["english"] = "Check for the version of cupsys package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"Copyright (C) 2006 OS2A"); family["english"] = "Debian Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Debian/dpkg-l", "Host/Debian/release"); exit(0); } include("debian_package.inc"); release = get_kb_item("Host/Debian/release"); if(release == NULL) { exit(0); } if(release == "3.0") { if(deb_check(prefix:"cupsys", release:"3.0", reference:"1.1.14-5woody14")) { security_hole(0); exit(0); } if(deb_check(prefix:"cupsys-bsd", release:"3.0", reference:"1.1.14-5woody14")) { security_hole(0); exit(0); } if(deb_check(prefix:"cupsys-client", release:"3.0", reference:"1.1.14-5woody14")) { security_hole(0); exit(0); } if(deb_check(prefix:"cupsys-pstoraster", release:"3.0", reference:"1.1.14-5woody14")) { security_hole(0); exit(0); } if(deb_check(prefix:"libcupsys2", release:"3.0", reference:"1.1.14-5woody14")) { security_hole(0); exit(0); } if(deb_check(prefix:"libcupsys2-dev", release:"3.0", reference:"1.1.14-5woody14")) { security_hole(0); exit(0); } if(deb_pkg_exists(prefix:"cupsys", release:"3.0")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"cupsys-bsd", release:"3.0")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"cupsys-client", release:"3.0")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"cupsys-pstoraster", release:"3.0")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"libcupsys2", release:"3.0")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"libcupsys2-dev", release:"3.0")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } } if(release == "3.1") { if(deb_check(prefix:"cupsys", release:"3.1", reference:"1.1.23-10sarge1")) { security_hole(0); exit(0); } if(deb_check(prefix:"cupsys-bsd", release:"3.1", reference:"1.1.23-10sarge1")) { security_hole(0); exit(0); } if(deb_check(prefix:"cupsys-client", release:"3.1", reference:"1.1.23-10sarge1")) { security_hole(0); exit(0); } if(deb_check(prefix:"libcupsimage2", release:"3.1", reference:"1.1.23-10sarge1")) { security_hole(0); exit(0); } if(deb_check(prefix:"libcupsimage2-dev", release:"3.1", reference:"1.1.23-10sarge1")) { security_hole(0); exit(0); } if(deb_check(prefix:"libcupsys2-dev", release:"3.1", reference:"1.1.23-10sarge1")) { security_hole(0); exit(0); } if(deb_check(prefix:"libcupsys2-gnutls10", release:"3.1", reference:"1.1.23-10sarge1")) { security_hole(0); exit(0); } if(deb_pkg_exists(prefix:"cupsys", release:"3.1")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"cupsys-bsd", release:"3.1")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"cupsys-client", release:"3.1")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"libcupsimage2", release:"3.1")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"libcupsimage2-dev", release:"3.1")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"libcupsys2-dev", release:"3.1")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } if(deb_pkg_exists(prefix:"libcupsys2-gnutls10", release:"3.1")) { set_kb_item(name:"DSA-950-1", value:TRUE); exit(0); } }