SuSE Update For Cups SUSE-SA:2007:058 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

A missing length check in the IPP implementation of cups could lead to a buffer overflow. Attackers could exploit that to crash cupsd or to potentially even execute arbitrary code with root privileges CVE-2007-4351. On SUSE Linux 10.1 and 10.0 as well as on all SLES based products only crashing cupsd is possible. A cummulative update that integrates other fixes for SLES will be released later.

Affected

cups on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3

References

http://www.novell.com/linux/security/advisories/2007_58_cups.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-4351
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for flac
SLES10: Security update for DHCP
SLES10: Security update for Linux Kernel (x86)
SLES10: Security update for gecko-sdk and mozilla-xulrunner
SLES10: Security update for MySQL

SuSE Update for cups SUSE-SA:2007:058

Take action and discover your vulnerabilities