Description: | Description:
The remote host is missing updates announced in advisory CLA-2003:769.
SANE (Scanner Access Now Easy) is an interface to both local and networked scanners and other image acquisition devices. The sane package contains several scanner drivers, utilities and saned, a application that allows the sharing of scanners across a network.
This update fixes several vulnerabilities in the sane package:
- Remote vulnerabilities in saned. These vulnerabilities can be exploited by remote attackers to cause a denial of service or even execute arbitrary code with the privileges of the user running saned (which is usually root). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned[1,2,3,4,5,6] the names CVE-2003-0773, CVE-2003-0774, CVE-2003-0775, CVE-2003-0776, CVE-2003-0777 and CVE-2003-0778 to these issues.
- Temporary file handling vulnerabilities (does not affect Conectiva Linux 9). In several sane backends (drivers), temporary files are created in an unsafe manner. A local attacker can exploit these vulnerabilities to overwrite arbitrary system or user files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2001-0890[7] to this issue.
The Conectiva Linux 9 package (sane-1.0.9) also includes fixes for a bug[8] in the plustek driver which may cause hardware damage in EPSON 1260 scanners (previous versions do not contain the driver).
Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0890 http://www.gjaeger.de/scanner/plustek.html#epson http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:769 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003
Risk factor : High
CVSS Score: 7.5
|