Executive Summary
Summary | |
---|---|
Title | CUPS vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-598-1 | First vendor Publication | 2008-04-02 |
Vendor | Ubuntu | Last vendor Modification | 2008-04-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0047) It was discovered that the hpgl filter in CUPS did not properly validate its input when parsing parameters. If a crafted HP-GL/2 file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0053) It was discovered that CUPS had a flaw in its managing of remote shared printers via IPP. A remote attacker could send a crafted UDP packet and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0882) It was discovered that CUPS did not properly perform bounds checking in its GIF decoding routines. If a crafted GIF file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1373) |
Original Source
Url : http://www.ubuntu.com/usn/USN-598-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10085 | |||
Oval ID: | oval:org.mitre.oval:def:10085 | ||
Title: | Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | ||
Description: | Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0047 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10356 | |||
Oval ID: | oval:org.mitre.oval:def:10356 | ||
Title: | Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. | ||
Description: | Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0053 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11479 | |||
Oval ID: | oval:org.mitre.oval:def:11479 | ||
Title: | Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484. | ||
Description: | Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1373 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17501 | |||
Oval ID: | oval:org.mitre.oval:def:17501 | ||
Title: | USN-598-1 -- cupsys vulnerabilities | ||
Description: | It was discovered that the CUPS administration interface contained a heap- based overflow flaw. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-598-1 CVE-2008-0047 CVE-2008-0053 CVE-2008-0882 CVE-2008-1373 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | cupsys |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18674 | |||
Oval ID: | oval:org.mitre.oval:def:18674 | ||
Title: | DSA-1530-1 cupsys - multiple vulnerabilities | ||
Description: | Several local/remote vulnerabilities have been discovered in cupsys, the Common Unix Printing System. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1530-1 CVE-2008-0047 CVE-2008-0882 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | cupsys |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22130 | |||
Oval ID: | oval:org.mitre.oval:def:22130 | ||
Title: | ELSA-2008:0192: cups security update (Moderate) | ||
Description: | Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0192-01 CVE-2008-0047 CVE-2008-0053 CVE-2008-1373 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22585 | |||
Oval ID: | oval:org.mitre.oval:def:22585 | ||
Title: | ELSA-2008:0157: cups security update (Important) | ||
Description: | Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0157-01 CVE-2008-0882 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7966 | |||
Oval ID: | oval:org.mitre.oval:def:7966 | ||
Title: | DSA-1530 cupsys -- Several vulnerabilities | ||
Description: | Several local/remote vulnerabilities have been discovered in cupsys, the Common Unix Printing System. The Common Vulnerabilities and Exposures project identifies the following problems: Heap-based buffer overflow in CUPS, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly the execution of arbitrary code via crafted packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1530 CVE-2008-0047 CVE-2008-0882 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | cupsys |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9625 | |||
Oval ID: | oval:org.mitre.oval:def:9625 | ||
Title: | Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information. | ||
Description: | Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0882 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for CUPS File : nvt/sles10_cups4.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5023036.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3753 (cups) File : nvt/fcore_2009_3753.nasl |
2009-04-09 | Name : Mandriva Update for cups MDVSA-2008:051 (cups) File : nvt/gb_mandriva_MDVSA_2008_051.nasl |
2009-04-09 | Name : Mandriva Update for cups MDVSA-2008:081 (cups) File : nvt/gb_mandriva_MDVSA_2008_081.nasl |
2009-03-23 | Name : Ubuntu Update for cupsys vulnerabilities USN-598-1 File : nvt/gb_ubuntu_USN_598_1.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0206-01 File : nvt/gb_RHSA-2008_0206-01_cups.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0192-01 File : nvt/gb_RHSA-2008_0192-01_cups.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0161-01 File : nvt/gb_RHSA-2008_0161-01_cups.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0157-01 File : nvt/gb_RHSA-2008_0157-01_cups.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0153-01 File : nvt/gb_RHSA-2008_0153-01_cups.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 i386 File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 i386 File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0161 centos5 x86_64 File : nvt/gb_CESA-2008_0161_cups_centos5_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0161 centos5 i386 File : nvt/gb_CESA-2008_0161_cups_centos5_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0157 centos5 x86_64 File : nvt/gb_CESA-2008_0157_cups_centos5_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0157 centos5 i386 File : nvt/gb_CESA-2008_0157_cups_centos5_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0153 centos3 x86_64 File : nvt/gb_CESA-2008_0153_cups_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0153 centos3 i386 File : nvt/gb_CESA-2008_0153_cups_centos3_i386.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-8844 File : nvt/gb_fedora_2008_8844_cups_fc9.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-8801 File : nvt/gb_fedora_2008_8801_cups_fc8.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-3586 File : nvt/gb_fedora_2008_3586_cups_fc8.nasl |
2009-02-17 | Name : Fedora Update for cups FEDORA-2008-3449 File : nvt/gb_fedora_2008_3449_cups_fc7.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10911 File : nvt/gb_fedora_2008_10911_cups_fc8.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-2897 File : nvt/gb_fedora_2008_2897_cups_fc7.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-2131 File : nvt/gb_fedora_2008_2131_cups_fc8.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-1976 File : nvt/gb_fedora_2008_1976_cups_fc7.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-1901 File : nvt/gb_fedora_2008_1901_cups_fc8.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10917 File : nvt/gb_fedora_2008_10917_cups_fc9.nasl |
2009-01-23 | Name : SuSE Update for cups SUSE-SA:2008:012 File : nvt/gb_suse_2008_012.nasl |
2009-01-23 | Name : SuSE Update for cups SUSE-SA:2008:015 File : nvt/gb_suse_2008_015.nasl |
2009-01-23 | Name : SuSE Update for cups SUSE-SA:2008:020 File : nvt/gb_suse_2008_020.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-01 (cups) File : nvt/glsa_200804_01.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1625-1 (cupsys) File : nvt/deb_1625_1.nasl |
2008-06-17 | Name : Cups < 1.3.8 vulnerability File : nvt/cups_CB-A08-0045.nasl |
2008-03-27 | Name : Debian Security Advisory DSA 1530-1 (cupsys) File : nvt/deb_1530_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-094-01 cups File : nvt/esoft_slk_ssa_2008_094_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44160 | CUPS filter/image-gif.c gif_read_image() Function GIF Image Handling Overflow |
43382 | CUPS Multiple HP-GL/2-to-PostScript Unspecified Input Validation Issues Multiple unspecified overflows exist in CUPS. The HP-GL/2-to-Postcript filter fails to validate unspecified inputs resulting in a buffer overflows. With a specially crafted HP-GL/2 file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
43376 | CUPS CGI Backend IPP Request Search Expression Handling (cgiCompileSearch) Re... |
42030 | CUPS process_browse_data() Function Double-free Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | CUPS Gif Decoding Routine Buffer Overflow attempt RuleID : 17558 - Revision : 8 - Type : FILE-IMAGE |
2014-01-10 | CUPS server query metacharacter buffer overflow attempt RuleID : 16072 - Revision : 9 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0161.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0192.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0206.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0153.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0157.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080401_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080225_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0192.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12117.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12099.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-081.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-051.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1625.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3449.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3586.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2131.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2897.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0192.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-598-1.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0206.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-5115.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_cups-5117.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-094-01.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-01.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0206.nasl - Type : ACT_GATHER_INFO |
2008-04-03 | Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_3_7.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1530.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_cups-5076.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-5063.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote openSUSE host is missing a security update. File : suse_cups-5064.nasl - Type : ACT_GATHER_INFO |
2008-02-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0161.nasl - Type : ACT_GATHER_INFO |
2008-02-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0161.nasl - Type : ACT_GATHER_INFO |
2008-02-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1976.nasl - Type : ACT_GATHER_INFO |
2008-02-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1901.nasl - Type : ACT_GATHER_INFO |
2008-02-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0153.nasl - Type : ACT_GATHER_INFO |
2008-02-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0153.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0157.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0157.nasl - Type : ACT_GATHER_INFO |
2008-02-21 | Name : The remote printer service is prone to a denial of service attack. File : cups_1_3_6.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:01 |
|