Executive Summary

Informations
NameCVE-2007-5849First vendor Publication2007-12-19
VendorCveLast vendor Modification2011-10-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application5

OpenVAS Exploits

DateDescription
2010-05-12Name : Mac OS X Security Update 2007-009
File : nvt/macosx_secupd_2007-009.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-04-09Name : Mandriva Update for cups MDVSA-2008:036 (cups)
File : nvt/gb_mandriva_MDVSA_2008_036.nasl
2009-03-23Name : Ubuntu Update for cupsys vulnerabilities USN-563-1
File : nvt/gb_ubuntu_USN_563_1.nasl
2009-01-23Name : SuSE Update for cups SUSE-SA:2008:002
File : nvt/gb_suse_2008_002.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200712-14 (cups)
File : nvt/glsa_200712_14.nasl
2008-01-17Name : Debian Security Advisory DSA 1437-1 (cupsys)
File : nvt/deb_1437_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
40719CUPS SNMP Back End (backend/snmp.c) asn1_get_string Function Crafted SNMP Res...

Nessus® Vulnerability Scanner

DateDescription
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-036.nasl - Type : ACT_GATHER_INFO
2008-01-10Name : The remote SuSE system is missing the security patch cups-4806
File : suse_cups-4806.nasl - Type : ACT_GATHER_INFO
2008-01-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-563-1.nasl - Type : ACT_GATHER_INFO
2007-12-27Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1437.nasl - Type : ACT_GATHER_INFO
2007-12-19Name : The remote printer service is affected by a buffer overflow vulnerability.
File : cups_1_3_5.nasl - Type : ACT_GATHER_INFO
2007-12-19Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200712-14.nasl - Type : ACT_GATHER_INFO
2007-12-18Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
BIDhttp://www.securityfocus.com/bid/26910
http://www.securityfocus.com/bid/26917
CERThttp://www.us-cert.gov/cas/techalerts/TA07-352A.html
CONFIRMhttp://bugs.gentoo.org/show_bug.cgi?id=201570
http://docs.info.apple.com/article.html?artnum=307179
http://www.cups.org/str.php?L2589
DEBIANhttp://www.debian.org/security/2007/dsa-1437
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00908...
GENTOOhttp://www.gentoo.org/security/en/glsa/glsa-200712-14.xml
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:036
SECUNIAhttp://secunia.com/advisories/28113
http://secunia.com/advisories/28129
http://secunia.com/advisories/28136
http://secunia.com/advisories/28200
http://secunia.com/advisories/28386
http://secunia.com/advisories/28441
http://secunia.com/advisories/28636
http://secunia.com/advisories/28676
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html
http://www.novell.com/linux/security/advisories/suse_security_summary_report....
UBUNTUhttp://www.ubuntu.com/usn/usn-563-1
VUPENhttp://www.vupen.com/english/advisories/2007/4238
http://www.vupen.com/english/advisories/2007/4242
XFhttp://xforce.iss.net/xforce/xfdb/39097
http://xforce.iss.net/xforce/xfdb/39101

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:42:29
  • Multiple Updates
2013-05-11 10:41:26
  • Multiple Updates