This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
INFORMATION
SECURITY-DATABASE SCORING CVSS v2
DETAIL
: A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.12
Ubuntu 7.10:
cupsys 1.3.2-1ubuntu7.9
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.3
Ubuntu 8.10:
cups 1.3.9-2ubuntu6.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that CUPS didn't properly handle adding a large number of RSS
subscriptions. A local user could exploit this and cause CUPS to crash, leading
to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and
8.10. (CVE-2008-5183)
It was discovered that CUPS did not authenticate users when adding and
cancelling RSS subscriptions. An unprivileged local user could bypass intended
restrictions and add a large number of RSS subscriptions. This issue only
applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)
It was discovered that the PNG filter in CUPS did not properly handle certain
malformed images. If a user or automated system were tricked into opening a
crafted PNG image file, a remote attacker could cause a denial of service or
execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10,
attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)
It was discovered that the example pstopdf CUPS filter created log files in an
insecure way. Local users could exploit a race condition to create or overwrite
files with the privileges of the user invoking the program. This issue only
applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377)
ORIGINALSOURCES
Url :
http://www.ubuntu.com/usn/USN-707-1
CWE COMMON WEAKNESS ENUMERATION
CWE-189 - Numeric Errors (CWE/SANS Top 25)
CWE-399 - Resource Management Errors
CWE-255 - Credentials Management
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
OVAL ID
oval:org.mitre.oval:def:10586, cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered rem
oval:org.mitre.oval:def:10058, Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
oval:org.mitre.oval:def:11782, The operating system installed on the system is Red Hat Enterprise Linux 3
oval:org.mitre.oval:def:11414, The operating system installed on the system is Red Hat Enterprise Linux 5
CPE COMMON PLATFORM ENUMERATION
MILW0RM EXPLOITS
7550 : CUPS < 1.3.8-4 (pstopdf filter) Privilege Escalation Exploit.
7150 : CUPS 1.3.7 CSRF (add rss subscription) Remote Crash Exploit.
OPEN SOURCE VULNERABILTY DATABASE (OSVDB)
50637 : CUPS pstopdf /tmp/pstopdf.log Temporary File Symlink Arbitrary File Overwrite.
50494 : CUPS _cupsImageReadPNG Function PNG File Handling Overflow.
50352 : CUPS cgi-bin/admin.c Multiple RSS Subscription Function Policy Bypass CSRF.
50351 : CUPS cupsd RSS Subscription Saturation NULL Dereference DoS.
Security Dashboard
(Critical) 
(High)
(Medium)
