Showing 1 - 3 of 3

CVE-2009-0032

Status Candidate

Overview

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

Related Files

Mandriva Linux Security Advisory 2009-029: Posted Jan 25, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-029 - Security vulnerabilities have been discovered and corrected in CUPS. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. The updated packages have been patched to prevent this.; tags | advisory, remote, overflow, arbitrary, local, vulnerability; systems | linux, mandriva; advisories | CVE-2008-5286, CVE-2009-0032; SHA-256 | 5bd12d58fe984f20eaf9ce8cdca247ed7d8e7d8f56db06e9e6d14c5d9cc5ef19; Download | Favorite | View

Mandriva Linux Security Advisory 2009-028: Posted Jan 25, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-028 - Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. The updated packages have been patched to prevent this.; tags | advisory, remote, web, denial of service, overflow, arbitrary, local, cgi, vulnerability; systems | linux, mandriva; advisories | CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2009-0032; SHA-256 | 1e8a4108fdf9c2d57d8db1cf6e760cbbcb404476f8da36f8cd8b11ddda80fdbe; Download | Favorite | View

Mandriva Linux Security Advisory 2009-027: Posted Jan 25, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-027 - A vulnerability has been discovered in CUPS shipped with Mandriva Linux which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. The updated packages have been patched to prevent this.; tags | advisory, arbitrary, local; systems | linux, mandriva; advisories | CVE-2009-0032; SHA-256 | 1c87943c9e741986daa1f1e9fb9d367afebe78c319ee66ce82cba925bda98601; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Jay Turla 111 files
Ubuntu 63 files
Gentoo 33 files
Debian 27 files
sinn3r 23 files
h00die 23 files
Pedro Ribeiro 21 files
juan vazquez 18 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (377)
CentOS (58)
Cisco (1,944)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (386)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,966)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,788)
UNIX (9,443)
UnixWare (187)
Windows (6,732)
Other

CVE-2009-0032

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems