Executive Summary
Summary | |
---|---|
Title | CUPS vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-906-1 | First vendor Publication | 2010-03-03 |
Vendor | Ubuntu | Last vendor Modification | 2010-03-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: Ubuntu 9.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the CUPS scheduler did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2009-3553, CVE-2010-0302) Ronald Volgers discovered that the CUPS lppasswd tool could be made to load localized message strings from arbitrary files by setting an environment variable. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. The default compiler options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to a denial of service. (CVE-2010-0393) |
Original Source
Url : http://www.ubuntu.com/usn/USN-906-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-416 | Use After Free |
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11183 | |||
Oval ID: | oval:org.mitre.oval:def:11183 | ||
Title: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | ||
Description: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3553 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11216 | |||
Oval ID: | oval:org.mitre.oval:def:11216 | ||
Title: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. | ||
Description: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0302 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13070 | |||
Oval ID: | oval:org.mitre.oval:def:13070 | ||
Title: | DSA-2007-1 cups -- format string vulnerability | ||
Description: | Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf. This works as the lppasswd binary happens to be installed with setuid 0 permissions. For the stable distribution, this problem has been fixed in version 1.3.8-1+lenny8. For the testing distribution this problem will be fixed soon. For the unstable distribution this problem has been fixed in version 1.4.2-9.1. We recommend that you upgrade your cups packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2007-1 CVE-2010-0393 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | cups |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22030 | |||
Oval ID: | oval:org.mitre.oval:def:22030 | ||
Title: | RHSA-2010:0129: cups security update (Moderate) | ||
Description: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0129-01 CESA-2010:0129 CVE-2010-0302 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22727 | |||
Oval ID: | oval:org.mitre.oval:def:22727 | ||
Title: | ELSA-2009:1595: cups security update (Moderate) | ||
Description: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1595-02 CVE-2009-2820 CVE-2009-3553 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22958 | |||
Oval ID: | oval:org.mitre.oval:def:22958 | ||
Title: | ELSA-2010:0129: cups security update (Moderate) | ||
Description: | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0129-01 CVE-2010-0302 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28031 | |||
Oval ID: | oval:org.mitre.oval:def:28031 | ||
Title: | DEPRECATED: ELSA-2010-0129 -- cups security update (moderate) | ||
Description: | [1:1.3.7-11:.6] - Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553, bug #557775). | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0129 CVE-2010-0302 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201207-10 (cups) File : nvt/glsa_201207_10.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:1595 centos5 i386 File : nvt/gb_CESA-2009_1595_cups_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2010:0129 centos5 i386 File : nvt/gb_CESA-2010_0129_cups_centos5_i386.nasl |
2011-03-09 | Name : Debian Security Advisory DSA 2176-1 (cups) File : nvt/deb_2176_1.nasl |
2010-11-23 | Name : Fedora Update for cups FEDORA-2010-17627 File : nvt/gb_fedora_2010_17627_cups_fc12.nasl |
2010-11-23 | Name : Fedora Update for cups FEDORA-2010-17615 File : nvt/gb_fedora_2010_17615_cups_fc13.nasl |
2010-07-30 | Name : Fedora Update for cups FEDORA-2010-10101 File : nvt/gb_fedora_2010_10101_cups_fc12.nasl |
2010-07-02 | Name : Fedora Update for cups FEDORA-2010-10388 File : nvt/gb_fedora_2010_10388_cups_fc13.nasl |
2010-06-28 | Name : Fedora Update for cups FEDORA-2010-10066 File : nvt/gb_fedora_2010_10066_cups_fc11.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-04-16 | Name : Mandriva Update for cups MDVSA-2010:073-1 (cups) File : nvt/gb_mandriva_MDVSA_2010_073_1.nasl |
2010-04-16 | Name : Mandriva Update for cups MDVSA-2010:073 (cups) File : nvt/gb_mandriva_MDVSA_2010_073.nasl |
2010-04-06 | Name : Mac OS X Security Update 2010-001 File : nvt/macosx_secupd_2010-001.nasl |
2010-03-22 | Name : Fedora Update for cups FEDORA-2010-2743 File : nvt/gb_fedora_2010_2743_cups_fc11.nasl |
2010-03-16 | Name : Debian Security Advisory DSA 2007-1 (cups) File : nvt/deb_2007_1.nasl |
2010-03-12 | Name : Fedora Update for cups FEDORA-2010-3761 File : nvt/gb_fedora_2010_3761_cups_fc12.nasl |
2010-03-10 | Name : CUPS 'lppasswd' Tool Localized Message String Security Bypass Vulnerability File : nvt/gb_cups_lppasswd_sec_bypass_vuln.nasl |
2010-03-10 | Name : CUPS 'scheduler/select.c' Denial Of Service Vulnerability File : nvt/gb_cups_cupsdDoSelect_dos_vuln.nasl |
2010-03-05 | Name : RedHat Update for cups RHSA-2010:0129-01 File : nvt/gb_RHSA-2010_0129-01_cups.nasl |
2010-03-05 | Name : Ubuntu Update for cups, cupsys vulnerabilities USN-906-1 File : nvt/gb_ubuntu_USN_906_1.nasl |
2010-02-19 | Name : Mandriva Update for mandriva-doc MDVA-2010:072 (mandriva-doc) File : nvt/gb_mandriva_MDVA_2010_072.nasl |
2010-02-19 | Name : Mandriva Update for dhcp MDVA-2010:073 (dhcp) File : nvt/gb_mandriva_MDVA_2010_073.nasl |
2009-12-10 | Name : Fedora Core 11 FEDORA-2009-10891 (cups) File : nvt/fcore_2009_10891.nasl |
2009-12-10 | Name : Fedora Core 12 FEDORA-2009-11314 (cups) File : nvt/fcore_2009_11314.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12652 (cups) File : nvt/fcore_2009_12652.nasl |
2009-12-01 | Name : CUPS File Descriptors Handling Remote Denial Of Service Vulnerability File : nvt/cups_37048.nasl |
2009-11-23 | Name : RedHat Security Advisory RHSA-2009:1595 File : nvt/RHSA_2009_1595.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62715 | CUPS lppasswd.c _cupsGetlang Function Format String Local Privilege Escalation |
60204 | CUPS scheduler/select.c cupsdDoSelect() Function Use-after-free DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0129.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1595.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1595.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100303_cups_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201207-10.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2176.nasl - Type : ACT_GATHER_INFO |
2010-07-08 | Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_4_4.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2743.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3693.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3761.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2010-004.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_4.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_4_3.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-073.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cups-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cups-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_cups-100305.nasl - Type : ACT_GATHER_INFO |
2010-03-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0129.nasl - Type : ACT_GATHER_INFO |
2010-03-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2007.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0129.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-906-1.nasl - Type : ACT_GATHER_INFO |
2010-01-20 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-001.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-091210.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cups-091210.nasl - Type : ACT_GATHER_INFO |
2009-12-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_cups-091204.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12652.nasl - Type : ACT_GATHER_INFO |
2009-12-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11314.nasl - Type : ACT_GATHER_INFO |
2009-12-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10891.nasl - Type : ACT_GATHER_INFO |
2009-11-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1595.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:37 |
|