Executive Summary

Informations
Name CVE-2010-2941 First vendor Publication 2010-11-05
Vendor Cve Last vendor Modification 2017-08-17

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.9 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 5.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12954
 
Oval ID: oval:org.mitre.oval:def:12954
Title: DSA-2176-1 cups -- several
Description: Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2176-1
CVE-2008-5183
CVE-2009-3553
CVE-2010-0540
CVE-2010-0542
CVE-2010-1748
CVE-2010-2431
CVE-2010-2432
CVE-2010-2941
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13015
 
Oval ID: oval:org.mitre.oval:def:13015
Title: USN-1012-1 -- cups, cupsys vulnerability
Description: Emmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by the CUPS AppArmor profile.
Family: unix Class: patch
Reference(s): USN-1012-1
CVE-2010-2941
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): cups
cupsys
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22210
 
Oval ID: oval:org.mitre.oval:def:22210
Title: RHSA-2010:0866: cups security update (Important)
Description: ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Family: unix Class: patch
Reference(s): RHSA-2010:0866-02
CVE-2010-2941
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22217
 
Oval ID: oval:org.mitre.oval:def:22217
Title: RHSA-2010:0811: cups security update (Important)
Description: ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Family: unix Class: patch
Reference(s): RHSA-2010:0811-01
CESA-2010:0811
CVE-2010-2431
CVE-2010-2941
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22255
 
Oval ID: oval:org.mitre.oval:def:22255
Title: ELSA-2010:0811: cups security update (Important)
Description: ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Family: unix Class: patch
Reference(s): ELSA-2010:0811-01
CVE-2010-2431
CVE-2010-2941
Version: 13
Platform(s): Oracle Linux 5
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23225
 
Oval ID: oval:org.mitre.oval:def:23225
Title: ELSA-2010:0866: cups security update (Important)
Description: ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Family: unix Class: patch
Reference(s): ELSA-2010:0866-02
CVE-2010-2941
Version: 6
Platform(s): Oracle Linux 6
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27944
 
Oval ID: oval:org.mitre.oval:def:27944
Title: DEPRECATED: ELSA-2010-0866 -- cups security update (important)
Description: [1:1.4.2-35:.1] - Applied patch to fix cupsd memory corruption vulnerability (CVE-2010-2941, STR #3648, bug #624438).
Family: unix Class: patch
Reference(s): ELSA-2010-0866
CVE-2010-2941
Version: 4
Platform(s): Oracle Linux 6
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28063
 
Oval ID: oval:org.mitre.oval:def:28063
Title: DEPRECATED: ELSA-2010-0811 -- cups security update (important)
Description: [1.3.7-18:.8] - Applied patch to fix cupsd memory corruption vulnerability (CVE-2010-2941, STR #3648, bug #624438). - Fix latent privilege escalation vulnerability (CVE-2010-2431, STR #3510, bug #605397).
Family: unix Class: patch
Reference(s): ELSA-2010-0811
CVE-2010-2431
CVE-2010-2941
Version: 4
Platform(s): Oracle Linux 5
Product(s): cups
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 91

OpenVAS Exploits

Date Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201207-10 (cups)
File : nvt/glsa_201207_10.nasl
2011-09-12 Name : Fedora Update for cups FEDORA-2011-11221
File : nvt/gb_fedora_2011_11221_cups_fc14.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-03-09 Name : Debian Security Advisory DSA 2176-1 (cups)
File : nvt/deb_2176_1.nasl
2010-12-02 Name : Fedora Update for cups FEDORA-2010-17641
File : nvt/gb_fedora_2010_17641_cups_fc14.nasl
2010-11-23 Name : Fedora Update for cups FEDORA-2010-17615
File : nvt/gb_fedora_2010_17615_cups_fc13.nasl
2010-11-23 Name : Fedora Update for cups FEDORA-2010-17627
File : nvt/gb_fedora_2010_17627_cups_fc12.nasl
2010-11-23 Name : Mandriva Update for cups MDVSA-2010:232 (cups)
File : nvt/gb_mandriva_MDVSA_2010_232.nasl
2010-11-23 Name : Mandriva Update for cups MDVSA-2010:233 (cups)
File : nvt/gb_mandriva_MDVSA_2010_233.nasl
2010-11-18 Name : CUPS IPP Use-After-Free Denial of Service Vulnerability
File : nvt/gb_cupsd_ipp_use_after_free_dos_vuln.nasl
2010-11-16 Name : Ubuntu Update for cups, cupsys vulnerability USN-1012-1
File : nvt/gb_ubuntu_USN_1012_1.nasl
2010-11-04 Name : RedHat Update for cups RHSA-2010:0811-01
File : nvt/gb_RHSA-2010_0811-01_cups.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-333-01 cups
File : nvt/esoft_slk_ssa_2010_333_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68951 CUPS IPP Request Handling Use-After-Free Arbitrary Code Execution

CUPS contains a flaw related to the 'ipp.c' function's failure to allocate memory correctly for attribute values with invalid string data types, creating a use-after-free error. This may allow a remote attacker to use a crafted IPP request to execute arbitrary code.

Snort® IPS/IDS

Date Description
2014-01-10 CUPS IPP multi-valued attribute memory corruption attempt
RuleID : 26972 - Revision : 4 - Type : SERVER-OTHER
2014-01-10 Apple CUPS IPP memory corruption attempt
RuleID : 23139 - Revision : 5 - Type : SERVER-OTHER
2014-01-10 Apple CUPS IPP memory corruption attempt
RuleID : 23138 - Revision : 5 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_cups-101124.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0866.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0811.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_cups_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101028_cups_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201207-10.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_cups-101124.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_cups-101124.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2176.nasl - Type : ACT_GATHER_INFO
2010-12-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cups-101119.nasl - Type : ACT_GATHER_INFO
2010-11-30 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-333-01.nasl - Type : ACT_GATHER_INFO
2010-11-30 Name : The remote print service is affected by multiple vulnerabilities.
File : cups_1_4_5.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0811.nasl - Type : ACT_GATHER_INFO
2010-11-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17627.nasl - Type : ACT_GATHER_INFO
2010-11-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17615.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0866.nasl - Type : ACT_GATHER_INFO
2010-11-17 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17641.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-233.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-232.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1012-1.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0811.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BID http://www.securityfocus.com/bid/44530
CONFIRM http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://support.apple.com/kb/HT4435
https://bugzilla.redhat.com/show_bug.cgi?id=624438
DEBIAN http://www.debian.org/security/2011/dsa-2176
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05097...
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05127...
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05130...
GENTOO http://security.gentoo.org/glsa/glsa-201207-10.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
OSVDB http://www.osvdb.org/68951
REDHAT http://rhn.redhat.com/errata/RHSA-2010-0811.html
http://www.redhat.com/support/errata/RHSA-2010-0866.html
SECTRACK http://securitytracker.com/id?1024662
SECUNIA http://secunia.com/advisories/42287
http://secunia.com/advisories/42867
http://secunia.com/advisories/43521
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2010&...
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
UBUNTU http://www.ubuntu.com/usn/USN-1012-1
VUPEN http://www.vupen.com/english/advisories/2010/2856
http://www.vupen.com/english/advisories/2010/3042
http://www.vupen.com/english/advisories/2010/3088
http://www.vupen.com/english/advisories/2011/0061
http://www.vupen.com/english/advisories/2011/0535
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/62882

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2020-05-23 01:42:26
  • Multiple Updates
2020-05-23 00:26:14
  • Multiple Updates
2017-08-17 09:23:05
  • Multiple Updates
2016-06-28 18:17:08
  • Multiple Updates
2016-04-26 20:00:18
  • Multiple Updates
2014-06-14 13:29:03
  • Multiple Updates
2014-02-17 10:56:47
  • Multiple Updates
2014-01-19 21:27:03
  • Multiple Updates
2013-05-16 17:02:43
  • Multiple Updates
2013-05-10 23:30:04
  • Multiple Updates