Executive Summary
Summary | |
---|---|
Title | CUPS vulnerability |
Informations | |||
---|---|---|---|
Name | USN-760-1 | First vendor Publication | 2009-04-16 |
Vendor | Ubuntu | Last vendor Modification | 2009-04-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 7.10: Ubuntu 8.04 LTS: Ubuntu 8.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that CUPS did not properly check the height of TIFF images. If a user or automated system were tricked into opening a crafted TIFF image file, a remote attacker could cause a denial of service or possibly execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile. |
Original Source
Url : http://www.ubuntu.com/usn/USN-760-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11546 | |||
Oval ID: | oval:org.mitre.oval:def:11546 | ||
Title: | Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. | ||
Description: | Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0163 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for cups CESA-2009:0429 centos5 i386 File : nvt/gb_CESA-2009_0429_cups_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:0428 centos3 i386 File : nvt/gb_CESA-2009_0428_cups_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:0429 centos4 i386 File : nvt/gb_CESA-2009_0429_cups_centos4_i386.nasl |
2010-03-22 | Name : Fedora Update for cups FEDORA-2010-2743 File : nvt/gb_fedora_2010_2743_cups_fc11.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:282-1 (cups) File : nvt/mdksa_2009_282_1.nasl |
2009-12-10 | Name : Fedora Core 11 FEDORA-2009-10891 (cups) File : nvt/fcore_2009_10891.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:283 (cups) File : nvt/mdksa_2009_283.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:282 (cups) File : nvt/mdksa_2009_282.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:281 (cups) File : nvt/mdksa_2009_281.nasl |
2009-10-13 | Name : SLES10: Security update for CUPS File : nvt/sles10_cups0.nasl |
2009-10-11 | Name : SLES11: Security update for CUPS File : nvt/sles11_cups.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5047860.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0429 (cups) File : nvt/ovcesa2009_0429.nasl |
2009-05-11 | Name : FreeBSD Ports: cups-base File : nvt/freebsd_cups-base8.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3769 (cups) File : nvt/fcore_2009_3769.nasl |
2009-04-28 | Name : Gentoo Security Advisory GLSA 200904-20 (cups) File : nvt/glsa_200904_20.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3753 (cups) File : nvt/fcore_2009_3753.nasl |
2009-04-28 | Name : SuSE Security Advisory SUSE-SA:2009:024 (cups) File : nvt/suse_sa_2009_024.nasl |
2009-04-20 | Name : Ubuntu USN-759-1 (poppler) File : nvt/ubuntu_759_1.nasl |
2009-04-20 | Name : RedHat Security Advisory RHSA-2009:0428 File : nvt/RHSA_2009_0428.nasl |
2009-04-20 | Name : Ubuntu USN-760-1 (cupsys) File : nvt/ubuntu_760_1.nasl |
2009-04-20 | Name : Debian Security Advisory DSA 1773-1 (cups) File : nvt/deb_1773_1.nasl |
2009-04-20 | Name : RedHat Security Advisory RHSA-2009:0429 File : nvt/RHSA_2009_0429.nasl |
2009-04-17 | Name : CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability File : nvt/cups_cve_2009_0163.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-116-01 cups File : nvt/esoft_slk_ssa_2009_116_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54462 | CUPS TIFF Image Decoding Routines Multiple Filter File Handling Overflows A remote overflow exists in CUPS. CUPS fails to handle a integer overflow in processing TIFF files resulting in a heaped-based buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0428.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0429.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090416_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090416_cups_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2009-10-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-282.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-6174.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cups-090416.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12396.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cups-090416.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-090416.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0429.nasl - Type : ACT_GATHER_INFO |
2009-05-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_736e55bc39bb11dea493001b77d09812.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-116-01.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-20.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-760-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote openSUSE host is missing a security update. File : suse_cups-6172.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3769.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3753.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0428.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0429.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0428.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1773.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_3_10.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:53 |
|