SuSE Update For Cups SUSE-SA:2007:058 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

A missing length check in the IPP implementation of cups could lead to a buffer overflow. Attackers could exploit that to crash cupsd or to potentially even execute arbitrary code with root privileges CVE-2007-4351. On SUSE Linux 10.1 and 10.0 as well as on all SLES based products only crashing cupsd is possible. A cummulative update that integrates other fixes for SLES will be released later.

Affected

cups on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3

References

http://www.novell.com/linux/security/advisories/2007_58_cups.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-4351

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for libvirt
SLES10: Security update for freetype2
SLES10: Security update for IBM Java 5
SLES10: Security update for nfs-utils
SLES10: Security update for GhostScript

SuSE Update for cups SUSE-SA:2007:058

Take action and discover your vulnerabilities