Executive Summary
Summary | |
---|---|
Title | CUPS vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-707-1 | First vendor Publication | 2009-01-12 |
Vendor | Ubuntu | Last vendor Modification | 2009-01-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 7.10: Ubuntu 8.04 LTS: Ubuntu 8.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that CUPS didn't properly handle adding a large number of RSS subscriptions. A local user could exploit this and cause CUPS to crash, leading to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and 8.10. (CVE-2008-5183) It was discovered that CUPS did not authenticate users when adding and cancelling RSS subscriptions. An unprivileged local user could bypass intended restrictions and add a large number of RSS subscriptions. This issue only applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184) It was discovered that the PNG filter in CUPS did not properly handle certain malformed images. If a user or automated system were tricked into opening a crafted PNG image file, a remote attacker could cause a denial of service or execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286) It was discovered that the example pstopdf CUPS filter created log files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377) |
Original Source
Url : http://www.ubuntu.com/usn/USN-707-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-476 | NULL Pointer Dereference |
25 % | CWE-255 | Credentials Management |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10058 | |||
Oval ID: | oval:org.mitre.oval:def:10058 | ||
Title: | Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. | ||
Description: | Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5286 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10586 | |||
Oval ID: | oval:org.mitre.oval:def:10586 | ||
Title: | cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | ||
Description: | cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5183 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20149 | |||
Oval ID: | oval:org.mitre.oval:def:20149 | ||
Title: | DSA-1677-1 cupsys - arbitrary code execution | ||
Description: | An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1677-1 CVE-2008-5286 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | cupsys |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22728 | |||
Oval ID: | oval:org.mitre.oval:def:22728 | ||
Title: | ELSA-2008:1029: cups security update (Moderate) | ||
Description: | cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:1029-01 CVE-2008-5183 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29137 | |||
Oval ID: | oval:org.mitre.oval:def:29137 | ||
Title: | RHSA-2008:1029 -- cups security update (Moderate) | ||
Description: | Updated cups packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:1029 CESA-2008:1029-CentOS 5 CVE-2008-5183 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8231 | |||
Oval ID: | oval:org.mitre.oval:def:8231 | ||
Title: | DSA-1677 cupsys -- integer overflow | ||
Description: | An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1677 CVE-2008-5286 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | cupsys |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2008-12-22 | CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2011-03-09 | Name : Debian Security Advisory DSA 2176-1 (cups) File : nvt/deb_2176_1.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-11062 (cups) File : nvt/fcore_2009_11062.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12652 (cups) File : nvt/fcore_2009_12652.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for Cups File : nvt/sles10_cups.nasl |
2009-10-10 | Name : SLES9: Security update for Cups File : nvt/sles9p5041140.nasl |
2009-06-05 | Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3769 (cups) File : nvt/fcore_2009_3769.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3753 (cups) File : nvt/fcore_2009_3753.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:1028-01 File : nvt/gb_RHSA-2008_1028-01_cups.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:1029-01 File : nvt/gb_RHSA-2008_1029-01_cups.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:1028 centos3 x86_64 File : nvt/gb_CESA-2008_1028_cups_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:1028 centos3 i386 File : nvt/gb_CESA-2008_1028_cups_centos3_i386.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10895 File : nvt/gb_fedora_2008_10895_cups_fc10.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10911 File : nvt/gb_fedora_2008_10911_cups_fc8.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10917 File : nvt/gb_fedora_2008_10917_cups_fc9.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:002 File : nvt/suse_sr_2009_002.nasl |
2008-12-23 | Name : Gentoo Security Advisory GLSA 200812-11 (cups) File : nvt/glsa_200812_11.nasl |
2008-12-10 | Name : Debian Security Advisory DSA 1677-1 (cupsys) File : nvt/deb_1677_1.nasl |
2008-12-03 | Name : FreeBSD Ports: cups-base File : nvt/freebsd_cups-base7.nasl |
2008-11-26 | Name : CUPS Subscription Incorrectly uses Guest Account DoS Vulnerability File : nvt/gb_cups_guest_acc_dos_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50637 | CUPS pstopdf /tmp/pstopdf.log Temporary File Symlink Arbitrary File Overwrite |
50494 | CUPS _cupsImageReadPNG Function PNG File Handling Overflow |
50352 | CUPS cgi-bin/admin.c Multiple RSS Subscription Function Policy Bypass CSRF |
50351 | CUPS cupsd RSS Subscription Saturation NULL Dereference DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow at... RuleID : 15146 - Revision : 6 - Type : SERVER-OTHER |
2014-01-10 | Apple CUPS TrueColor PNG filter overly large image height integer overflow at... RuleID : 15145 - Revision : 9 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1029.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1028.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081215_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2176.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1029.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-5845.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12317.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-081203.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-081121.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-707-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-028.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10895.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_3_10.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2009-01-14 | Name : The remote openSUSE host is missing a security update. File : suse_cups-5838.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1028.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1029.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1028.nasl - Type : ACT_GATHER_INFO |
2008-12-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-11.nasl - Type : ACT_GATHER_INFO |
2008-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10917.nasl - Type : ACT_GATHER_INFO |
2008-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10911.nasl - Type : ACT_GATHER_INFO |
2008-12-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1677.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_87106b67be1311dda5780030843d3802.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:37 |
|