Summary
| Detail | |||
|---|---|---|---|
| Vendor | Easy Software Products | First view | 2005-01-10 |
| Product | Cups | Last view | 2005-12-31 |
| Version | 1.1.22_rc1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:easy_software_products:cups | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
| 10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| 5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
| 5 | 2005-09-13 | CVE-2005-2874 | The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. |
| 2.1 | 2005-01-10 | CVE-2004-1270 | lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message. |
| 5 | 2005-01-10 | CVE-2004-1269 | lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. |
| 2.1 | 2005-01-10 | CVE-2004-1268 | lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. |
| 6.5 | 2005-01-10 | CVE-2004-1267 | Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-399 | Resource Management Errors |
| 25% (1) | CWE-189 | Numeric Errors |
| 25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
| 22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
| 22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
| 12834 | CUPS Malformed Traversal HTTP Request Remote DoS |
| 12454 | CUPS lppasswd passwd.new Arbitrary Append |
| 12453 | CUPS lppasswd passwd.new File Limit DoS |
| 12439 | CUPS ParseCommand() Function HPGL File Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for Cups File : nvt/sles9p5020714.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto... File : nvt/glsa_200601_17.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword) File : nvt/glsa_200601_02.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-25 (CUPS) File : nvt/glsa_200412_25.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cups-lpr, fr-cups-lpr File : nvt/freebsd_cups-lpr.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cups-base, fr-cups-base File : nvt/freebsd_cups-base0.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cups-base File : nvt/freebsd_cups-base.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 962-1 (pdftohtml) File : nvt/deb_962_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 961-1 (pdfkit.framework) File : nvt/deb_961_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 950-1 (cupsys) File : nvt/deb_950_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 940-1 (gpdf) File : nvt/deb_940_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 938-1 (koffice) File : nvt/deb_938_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 937-1 (tetex-bin) File : nvt/deb_937_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 936-1 (libextractor) File : nvt/deb_936_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 932-1 (xpdf) File : nvt/deb_932_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 931-1 (xpdf) File : nvt/deb_931_1.nasl |
| 2005-11-03 | Name : CUPS < 1.1.23 Multiple Vulnerabilities File : nvt/cups_multiple_vulnerabilities.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2006-045-04 kdegraphics File : nvt/esoft_slk_ssa_2006_045_04.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2006-045-09 xpdf File : nvt/esoft_slk_ssa_2006_045_09.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
| 2007-01-08 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-772.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-962.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-961.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO |
| 2006-07-05 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2006-0177.nasl - Type: ACT_GATHER_INFO |
| 2006-07-05 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-868.nasl - Type: ACT_GATHER_INFO |
| 2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2006-0163.nasl - Type: ACT_GATHER_INFO |
| 2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2006-0160.nasl - Type: ACT_GATHER_INFO |
| 2006-07-03 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2005-840.nasl - Type: ACT_GATHER_INFO |
| 2006-02-15 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2006-045-09.nasl - Type: ACT_GATHER_INFO |
| 2006-02-15 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2006-045-04.nasl - Type: ACT_GATHER_INFO |
| 2006-02-01 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200601-17.nasl - Type: ACT_GATHER_INFO |
| 2006-01-21 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-236-2.nasl - Type: ACT_GATHER_INFO |
| 2006-01-21 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-236-1.nasl - Type: ACT_GATHER_INFO |
| 2006-01-20 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2006-0160.nasl - Type: ACT_GATHER_INFO |
| 2006-01-15 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2006-0177.nasl - Type: ACT_GATHER_INFO |
| 2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-50-1.nasl - Type: ACT_GATHER_INFO |
