Executive Summary
Summary | |
---|---|
Title | cups security update |
Informations | |||
---|---|---|---|
Name | DSA-2176 | First vendor Publication | 2011-03-02 |
Vendor | Debian | Last vendor Modification | 2011-03-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.9 | Attack Range | Adjacent network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 5.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. |
Original Source
Url : http://www.debian.org/security/2011/dsa-2176 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-416 | Use After Free |
12 % | CWE-476 | NULL Pointer Dereference |
12 % | CWE-399 | Resource Management Errors |
12 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
12 % | CWE-264 | Permissions, Privileges, and Access Controls |
12 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10365 | |||
Oval ID: | oval:org.mitre.oval:def:10365 | ||
Title: | The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. | ||
Description: | The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0542 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10382 | |||
Oval ID: | oval:org.mitre.oval:def:10382 | ||
Title: | Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. | ||
Description: | Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0540 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10586 | |||
Oval ID: | oval:org.mitre.oval:def:10586 | ||
Title: | cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | ||
Description: | cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5183 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11183 | |||
Oval ID: | oval:org.mitre.oval:def:11183 | ||
Title: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | ||
Description: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3553 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12954 | |||
Oval ID: | oval:org.mitre.oval:def:12954 | ||
Title: | DSA-2176-1 cups -- several | ||
Description: | Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2176-1 CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22210 | |||
Oval ID: | oval:org.mitre.oval:def:22210 | ||
Title: | RHSA-2010:0866: cups security update (Important) | ||
Description: | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0866-02 CVE-2010-2941 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22217 | |||
Oval ID: | oval:org.mitre.oval:def:22217 | ||
Title: | RHSA-2010:0811: cups security update (Important) | ||
Description: | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0811-01 CESA-2010:0811 CVE-2010-2431 CVE-2010-2941 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22255 | |||
Oval ID: | oval:org.mitre.oval:def:22255 | ||
Title: | ELSA-2010:0811: cups security update (Important) | ||
Description: | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0811-01 CVE-2010-2431 CVE-2010-2941 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22302 | |||
Oval ID: | oval:org.mitre.oval:def:22302 | ||
Title: | RHSA-2010:0490: cups security update (Important) | ||
Description: | The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0490-01 CESA-2010:0490 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22727 | |||
Oval ID: | oval:org.mitre.oval:def:22727 | ||
Title: | ELSA-2009:1595: cups security update (Moderate) | ||
Description: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1595-02 CVE-2009-2820 CVE-2009-3553 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22728 | |||
Oval ID: | oval:org.mitre.oval:def:22728 | ||
Title: | ELSA-2008:1029: cups security update (Moderate) | ||
Description: | cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:1029-01 CVE-2008-5183 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22760 | |||
Oval ID: | oval:org.mitre.oval:def:22760 | ||
Title: | ELSA-2010:0490: cups security update (Important) | ||
Description: | The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0490-01 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23225 | |||
Oval ID: | oval:org.mitre.oval:def:23225 | ||
Title: | ELSA-2010:0866: cups security update (Important) | ||
Description: | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0866-02 CVE-2010-2941 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27944 | |||
Oval ID: | oval:org.mitre.oval:def:27944 | ||
Title: | DEPRECATED: ELSA-2010-0866 -- cups security update (important) | ||
Description: | [1:1.4.2-35:.1] - Applied patch to fix cupsd memory corruption vulnerability (CVE-2010-2941, STR #3648, bug #624438). | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0866 CVE-2010-2941 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28063 | |||
Oval ID: | oval:org.mitre.oval:def:28063 | ||
Title: | DEPRECATED: ELSA-2010-0811 -- cups security update (important) | ||
Description: | [1.3.7-18:.8] - Applied patch to fix cupsd memory corruption vulnerability (CVE-2010-2941, STR #3648, bug #624438). - Fix latent privilege escalation vulnerability (CVE-2010-2431, STR #3510, bug #605397). | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0811 CVE-2010-2431 CVE-2010-2941 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29137 | |||
Oval ID: | oval:org.mitre.oval:def:29137 | ||
Title: | RHSA-2008:1029 -- cups security update (Moderate) | ||
Description: | Updated cups packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:1029 CESA-2008:1029-CentOS 5 CVE-2008-5183 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9723 | |||
Oval ID: | oval:org.mitre.oval:def:9723 | ||
Title: | The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstated by the (1) /admin?OP=redirectURL=% and (2) /admin?URL=/admin/OP=% URIs. | ||
Description: | The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1748 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201207-10 (cups) File : nvt/glsa_201207_10.nasl |
2011-10-14 | Name : Mandriva Update for cups MDVSA-2011:146 (cups) File : nvt/gb_mandriva_MDVSA_2011_146.nasl |
2011-09-12 | Name : Fedora Update for cups FEDORA-2011-11221 File : nvt/gb_fedora_2011_11221_cups_fc14.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:1595 centos5 i386 File : nvt/gb_CESA-2009_1595_cups_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2010:0129 centos5 i386 File : nvt/gb_CESA-2010_0129_cups_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2010:0490 centos5 i386 File : nvt/gb_CESA-2010_0490_cups_centos5_i386.nasl |
2011-03-09 | Name : Debian Security Advisory DSA 2176-1 (cups) File : nvt/deb_2176_1.nasl |
2010-12-21 | Name : CUPS Information Disclosure Vulnerability File : nvt/gb_cups_info_disc_vuln.nasl |
2010-12-02 | Name : Fedora Update for cups FEDORA-2010-17641 File : nvt/gb_fedora_2010_17641_cups_fc14.nasl |
2010-11-23 | Name : Mandriva Update for cups MDVSA-2010:233 (cups) File : nvt/gb_mandriva_MDVSA_2010_233.nasl |
2010-11-23 | Name : Mandriva Update for cups MDVSA-2010:232 (cups) File : nvt/gb_mandriva_MDVSA_2010_232.nasl |
2010-11-23 | Name : Fedora Update for cups FEDORA-2010-17627 File : nvt/gb_fedora_2010_17627_cups_fc12.nasl |
2010-11-23 | Name : Fedora Update for cups FEDORA-2010-17615 File : nvt/gb_fedora_2010_17615_cups_fc13.nasl |
2010-11-18 | Name : CUPS IPP Use-After-Free Denial of Service Vulnerability File : nvt/gb_cupsd_ipp_use_after_free_dos_vuln.nasl |
2010-11-16 | Name : Ubuntu Update for cups, cupsys vulnerability USN-1012-1 File : nvt/gb_ubuntu_USN_1012_1.nasl |
2010-11-04 | Name : RedHat Update for cups RHSA-2010:0811-01 File : nvt/gb_RHSA-2010_0811-01_cups.nasl |
2010-08-20 | Name : CentOS Update for cups CESA-2010:0490 centos3 i386 File : nvt/gb_CESA-2010_0490_cups_centos3_i386.nasl |
2010-07-30 | Name : Fedora Update for cups FEDORA-2010-10101 File : nvt/gb_fedora_2010_10101_cups_fc12.nasl |
2010-07-02 | Name : Fedora Update for cups FEDORA-2010-10388 File : nvt/gb_fedora_2010_10388_cups_fc13.nasl |
2010-06-28 | Name : Fedora Update for cups FEDORA-2010-10066 File : nvt/gb_fedora_2010_10066_cups_fc11.nasl |
2010-06-25 | Name : Ubuntu Update for cups, cupsys vulnerabilities USN-952-1 File : nvt/gb_ubuntu_USN_952_1.nasl |
2010-06-22 | Name : CUPS Web Interface Multiple Vulnerabilities File : nvt/gb_cups_web_interface_mult_vulnerabilities.nasl |
2010-06-21 | Name : CUPS 'texttops' Filter NULL-pointer Dereference Vulnerability File : nvt/gb_cups_40943.nasl |
2010-06-18 | Name : RedHat Update for cups RHSA-2010:0490-01 File : nvt/gb_RHSA-2010_0490-01_cups.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2010-04-16 | Name : Mandriva Update for cups MDVSA-2010:073 (cups) File : nvt/gb_mandriva_MDVSA_2010_073.nasl |
2010-04-16 | Name : Mandriva Update for cups MDVSA-2010:073-1 (cups) File : nvt/gb_mandriva_MDVSA_2010_073_1.nasl |
2010-04-06 | Name : Mac OS X Security Update 2010-001 File : nvt/macosx_secupd_2010-001.nasl |
2010-03-22 | Name : Fedora Update for cups FEDORA-2010-2743 File : nvt/gb_fedora_2010_2743_cups_fc11.nasl |
2010-03-12 | Name : Fedora Update for cups FEDORA-2010-3761 File : nvt/gb_fedora_2010_3761_cups_fc12.nasl |
2010-03-05 | Name : Ubuntu Update for cups, cupsys vulnerabilities USN-906-1 File : nvt/gb_ubuntu_USN_906_1.nasl |
2010-03-05 | Name : RedHat Update for cups RHSA-2010:0129-01 File : nvt/gb_RHSA-2010_0129-01_cups.nasl |
2010-02-19 | Name : Mandriva Update for dhcp MDVA-2010:073 (dhcp) File : nvt/gb_mandriva_MDVA_2010_073.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12652 (cups) File : nvt/fcore_2009_12652.nasl |
2009-12-10 | Name : Fedora Core 12 FEDORA-2009-11314 (cups) File : nvt/fcore_2009_11314.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-11062 (cups) File : nvt/fcore_2009_11062.nasl |
2009-12-10 | Name : Fedora Core 11 FEDORA-2009-10891 (cups) File : nvt/fcore_2009_10891.nasl |
2009-12-01 | Name : CUPS File Descriptors Handling Remote Denial Of Service Vulnerability File : nvt/cups_37048.nasl |
2009-11-23 | Name : RedHat Security Advisory RHSA-2009:1595 File : nvt/RHSA_2009_1595.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-06-05 | Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3769 (cups) File : nvt/fcore_2009_3769.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3753 (cups) File : nvt/fcore_2009_3753.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:1029-01 File : nvt/gb_RHSA-2008_1029-01_cups.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10917 File : nvt/gb_fedora_2008_10917_cups_fc9.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10911 File : nvt/gb_fedora_2008_10911_cups_fc8.nasl |
2009-02-16 | Name : Fedora Update for cups FEDORA-2008-10895 File : nvt/gb_fedora_2008_10895_cups_fc10.nasl |
2008-11-26 | Name : CUPS Subscription Incorrectly uses Guest Account DoS Vulnerability File : nvt/gb_cups_guest_acc_dos_vuln.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-333-01 cups File : nvt/esoft_slk_ssa_2010_333_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-176-05 cups File : nvt/esoft_slk_ssa_2010_176_05.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68951 | CUPS IPP Request Handling Use-After-Free Arbitrary Code Execution CUPS contains a flaw related to the 'ipp.c' function's failure to allocate memory correctly for attribute values with invalid string data types, creating a use-after-free error. This may allow a remote attacker to use a crafted IPP request to execute arbitrary code. |
65699 | CUPS auth.c cupsDoAuthentication Function HTTP_UNAUTHORIZED Response Remote DoS |
65698 | CUPS cupsFileOpen Function Multiple Temporary File Symlink Arbitrary File Ove... |
65692 | CUPS texttops.c _WriteProlog Function Memory Corruption |
65569 | CUPS Web Interface Form Variable Handling cupsd Process Memory Disclosure |
65555 | Apple Mac OS X CUPS Web Interface Settings Manipulation CSRF |
60204 | CUPS scheduler/select.c cupsdDoSelect() Function Use-after-free DoS |
50351 | CUPS cupsd RSS Subscription Saturation NULL Dereference DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | CUPS IPP multi-valued attribute memory corruption attempt RuleID : 26972 - Revision : 4 - Type : SERVER-OTHER |
2014-01-10 | Apple CUPS IPP memory corruption attempt RuleID : 23139 - Revision : 5 - Type : SERVER-OTHER |
2014-01-10 | Apple CUPS IPP memory corruption attempt RuleID : 23138 - Revision : 5 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_cups-101124.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1029.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1595.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0129.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0490.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0811.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0866.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1595.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100303_cups_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081215_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100617_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101028_cups_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_cups_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201207-10.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cups-110921.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-7775.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-7774.nasl - Type : ACT_GATHER_INFO |
2011-10-11 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-146.nasl - Type : ACT_GATHER_INFO |
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-176-05.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cups-101124.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_cups-101124.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2176.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12665.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cups-101119.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-7244.nasl - Type : ACT_GATHER_INFO |
2010-11-30 | Name : The remote print service is affected by multiple vulnerabilities. File : cups_1_4_5.nasl - Type : ACT_GATHER_INFO |
2010-11-30 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-333-01.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0811.nasl - Type : ACT_GATHER_INFO |
2010-11-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17627.nasl - Type : ACT_GATHER_INFO |
2010-11-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17615.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0866.nasl - Type : ACT_GATHER_INFO |
2010-11-17 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17641.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-232.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-233.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1012-1.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0811.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10101.nasl - Type : ACT_GATHER_INFO |
2010-07-14 | Name : The remote CUPS install contains a memory information disclosure vulnerability. File : cups_memory_access.nasl - Type : ACT_ATTACK |
2010-07-08 | Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_4_4.nasl - Type : ACT_GATHER_INFO |
2010-07-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10388.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10066.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3761.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3693.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2743.nasl - Type : ACT_GATHER_INFO |
2010-06-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-952-1.nasl - Type : ACT_GATHER_INFO |
2010-06-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0490.nasl - Type : ACT_GATHER_INFO |
2010-06-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0490.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2010-004.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_4.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_4_3.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-073.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_cups-100305.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cups-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cups-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0129.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-906-1.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0129.nasl - Type : ACT_GATHER_INFO |
2010-01-20 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-001.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1029.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-091210.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cups-091210.nasl - Type : ACT_GATHER_INFO |
2009-12-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_cups-091204.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12652.nasl - Type : ACT_GATHER_INFO |
2009-12-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11314.nasl - Type : ACT_GATHER_INFO |
2009-12-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10891.nasl - Type : ACT_GATHER_INFO |
2009-11-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1595.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-081121.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-028.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10895.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-707-1.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1029.nasl - Type : ACT_GATHER_INFO |
2008-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10911.nasl - Type : ACT_GATHER_INFO |
2008-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10917.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:55 |
|