Executive Summary

Informations
Name CVE-2010-1748 First vendor Publication 2010-06-17
Vendor Cve Last vendor Modification 2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13346
 
Oval ID: oval:org.mitre.oval:def:13346
Title: USN-952-1 -- cups, cupsys vulnerabilities
Description: Adrian Pastor and Tim Starling discovered that the CUPS web interface incorrectly protected against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. It was discovered that CUPS did not properly handle memory allocations in the texttops filter. If a user or automated system were tricked into printing a crafted text file, a remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the CUPS user . Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. A remote attacker who had access to the CUPS web interface could use this flaw to read a limited amount of memory from the cupsd process and possibly obtain confidential data
Family: unix Class: patch
Reference(s): USN-952-1
CVE-2010-0540
CVE-2010-0542
CVE-2010-1748
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
 Product(s): cups
cupsys
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22302
 
Oval ID: oval:org.mitre.oval:def:22302
Title: RHSA-2010:0490: cups security update (Important)
Description: The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
Family: unix Class: patch
Reference(s): RHSA-2010:0490-01
CESA-2010:0490
CVE-2010-0540
CVE-2010-0542
CVE-2010-1748
 Version: 42
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22760
 
Oval ID: oval:org.mitre.oval:def:22760
Title: ELSA-2010:0490: cups security update (Important)
Description: The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
Family: unix Class: patch
Reference(s): ELSA-2010:0490-01
CVE-2010-0540
CVE-2010-0542
CVE-2010-1748
 Version: 17
Platform(s): Oracle Linux 5
 Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9723
 
Oval ID: oval:org.mitre.oval:def:9723
Title: The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstated by the (1) /admin?OP=redirectURL=% and (2) /admin?URL=/admin/OP=% URIs.
Description: The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1748
 Version: 6
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 91

OpenVAS Exploits

Date Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201207-10 (cups)
File : nvt/glsa_201207_10.nasl
2011-08-09 Name : CentOS Update for cups CESA-2010:0490 centos5 i386
File : nvt/gb_CESA-2010_0490_cups_centos5_i386.nasl
2011-03-09 Name : Debian Security Advisory DSA 2176-1 (cups)
File : nvt/deb_2176_1.nasl
2010-12-21 Name : CUPS Information Disclosure Vulnerability
File : nvt/gb_cups_info_disc_vuln.nasl
2010-11-23 Name : Fedora Update for cups FEDORA-2010-17615
File : nvt/gb_fedora_2010_17615_cups_fc13.nasl
2010-11-23 Name : Fedora Update for cups FEDORA-2010-17627
File : nvt/gb_fedora_2010_17627_cups_fc12.nasl
2010-11-23 Name : Mandriva Update for cups MDVSA-2010:232 (cups)
File : nvt/gb_mandriva_MDVSA_2010_232.nasl
2010-08-20 Name : CentOS Update for cups CESA-2010:0490 centos3 i386
File : nvt/gb_CESA-2010_0490_cups_centos3_i386.nasl
2010-07-30 Name : Fedora Update for cups FEDORA-2010-10101
File : nvt/gb_fedora_2010_10101_cups_fc12.nasl
2010-07-02 Name : Fedora Update for cups FEDORA-2010-10388
File : nvt/gb_fedora_2010_10388_cups_fc13.nasl
2010-06-28 Name : Fedora Update for cups FEDORA-2010-10066
File : nvt/gb_fedora_2010_10066_cups_fc11.nasl
2010-06-25 Name : Ubuntu Update for cups, cupsys vulnerabilities USN-952-1
File : nvt/gb_ubuntu_USN_952_1.nasl
2010-06-22 Name : CUPS Web Interface Multiple Vulnerabilities
File : nvt/gb_cups_web_interface_mult_vulnerabilities.nasl
2010-06-18 Name : RedHat Update for cups RHSA-2010:0490-01
File : nvt/gb_RHSA-2010_0490-01_cups.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-176-05 cups
File : nvt/esoft_slk_ssa_2010_176_05.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
65569 CUPS Web Interface Form Variable Handling cupsd Process Memory Disclosure

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_cups-101124.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0490.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100617_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-07-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201207-10.nasl - Type : ACT_GATHER_INFO
2011-05-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-176-05.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_cups-101124.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_cups-101124.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2176.nasl - Type : ACT_GATHER_INFO
2010-12-06 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cups-7244.nasl - Type : ACT_GATHER_INFO
2010-12-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cups-101119.nasl - Type : ACT_GATHER_INFO
2010-12-06 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12665.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-232.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10101.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote CUPS install contains a memory information disclosure vulnerability.
File : cups_memory_access.nasl - Type : ACT_ATTACK
2010-07-08 Name : The remote printer service is affected by multiple vulnerabilities.
File : cups_1_4_4.nasl - Type : ACT_GATHER_INFO
2010-07-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10388.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10066.nasl - Type : ACT_GATHER_INFO
2010-06-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-952-1.nasl - Type : ACT_GATHER_INFO
2010-06-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0490.nasl - Type : ACT_GATHER_INFO
2010-06-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0490.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote host is missing a Mac OS X update that fixes a security issue.
File : macosx_SecUpd2010-004.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_4.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
BID http://www.securityfocus.com/bid/40871
CONFIRM http://cups.org/articles.php?L596
http://cups.org/str.php?L3577
http://support.apple.com/kb/HT4188
DEBIAN http://www.debian.org/security/2011/dsa-2176
GENTOO http://security.gentoo.org/glsa/glsa-201207-10.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECUNIA http://secunia.com/advisories/40220
http://secunia.com/advisories/43521
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
VUPEN http://www.vupen.com/english/advisories/2010/1481
http://www.vupen.com/english/advisories/2011/0535

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2024-02-16 12:12:27
  • Multiple Updates
2020-05-23 01:42:03
  • Multiple Updates
2020-05-23 00:25:45
  • Multiple Updates
2018-07-13 01:03:26
  • Multiple Updates
2017-09-19 09:23:46
  • Multiple Updates
2016-06-29 00:12:49
  • Multiple Updates
2016-04-26 19:48:08
  • Multiple Updates
2014-06-14 13:28:40
  • Multiple Updates
2014-02-17 10:55:16
  • Multiple Updates
2013-05-30 13:23:03
  • Multiple Updates
2013-05-16 17:02:40
  • Multiple Updates
2013-05-10 23:24:06
  • Multiple Updates