Summary
The remote host is missing an update to cupsys
announced via advisory DSA 1407-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201407-1
Insight
Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in version 1.2.7-4etch1. Updated packages for the arm architecure will be provided later.
The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution.
We recommend that you upgrade your cupsys packages.
Severity
Classification
-
CVE CVE-2007-4351 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities