Showing 1 - 3 of 3

CVE-2009-0032

Status Candidate

Overview

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

Related Files

Mandriva Linux Security Advisory 2009-029: Posted Jan 25, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-029 - Security vulnerabilities have been discovered and corrected in CUPS. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. The updated packages have been patched to prevent this.; tags | advisory, remote, overflow, arbitrary, local, vulnerability; systems | linux, mandriva; advisories | CVE-2008-5286, CVE-2009-0032; SHA-256 | 5bd12d58fe984f20eaf9ce8cdca247ed7d8e7d8f56db06e9e6d14c5d9cc5ef19; Download | Favorite | View

Mandriva Linux Security Advisory 2009-028: Posted Jan 25, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-028 - Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. The updated packages have been patched to prevent this.; tags | advisory, remote, web, denial of service, overflow, arbitrary, local, cgi, vulnerability; systems | linux, mandriva; advisories | CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2009-0032; SHA-256 | 1e8a4108fdf9c2d57d8db1cf6e760cbbcb404476f8da36f8cd8b11ddda80fdbe; Download | Favorite | View

Mandriva Linux Security Advisory 2009-027: Posted Jan 25, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-027 - A vulnerability has been discovered in CUPS shipped with Mandriva Linux which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. The updated packages have been patched to prevent this.; tags | advisory, arbitrary, local; systems | linux, mandriva; advisories | CVE-2009-0032; SHA-256 | 1c87943c9e741986daa1f1e9fb9d367afebe78c319ee66ce82cba925bda98601; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 228 files
indoushka 159 files
Jay Turla 150 files
Ubuntu 65 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

CVE-2009-0032

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems