Vulnerabilities > CVE-2007-4045

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
apple
fedoraproject
nessus

Summary

The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3100.NASL
    descriptionThis update fixes several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28162
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28162
    titleFedora 7 : cups-1.2.12-7.fc7 (2007-3100)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-3100.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28162);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2007-0720", "CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393");
      script_bugtraq_id(25124, 26367);
      script_xref(name:"FEDORA", value:"2007-3100");
    
      script_name(english:"Fedora 7 : cups-1.2.12-7.fc7 (2007-3100)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes several PDF handling security issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=250161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=345101"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004642.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e5ed0b0"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-lpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"cups-1.2.12-7.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"cups-debuginfo-1.2.12-7.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"cups-devel-1.2.12-7.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"cups-libs-1.2.12-7.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"cups-lpd-1.2.12-7.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1023.NASL
    descriptionUpdated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27836
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27836
    titleRHEL 3 : cups (RHSA-2007:1023)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:1023. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27836);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-4045", "CVE-2007-4351", "CVE-2007-5393");
      script_bugtraq_id(26367, 26524);
      script_xref(name:"RHSA", value:"2007:1023");
    
      script_name(english:"RHEL 3 : cups (RHSA-2007:1023)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix several security issues are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX Printing System (CUPS) provides a portable printing
    layer for UNIX(R) operating systems.
    
    Alin Rad Pop discovered a flaw in the handling of PDF files. An
    attacker could create a malicious PDF file that would cause CUPS to
    crash or potentially execute arbitrary code when printed.
    (CVE-2007-5393)
    
    Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP
    tags. A remote attacker who is able to connect to the IPP TCP port
    could send a malicious request causing the CUPS daemon to crash.
    (CVE-2007-4351)
    
    A flaw was found in the way CUPS handled SSL negotiation. A remote
    attacker capable of connecting to the CUPS daemon could cause CUPS to
    crash. (CVE-2007-4045)
    
    All CUPS users are advised to upgrade to these updated packages, which
    contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:1023"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cups, cups-devel and / or cups-libs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:1023";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"cups-1.1.17-13.3.46")) flag++;
      if (rpm_check(release:"RHEL3", reference:"cups-devel-1.1.17-13.3.46")) flag++;
      if (rpm_check(release:"RHEL3", reference:"cups-libs-1.1.17-13.3.46")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200712-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200712-14 (CUPS: Multiple vulnerabilities) Wei Wang (McAfee AVERT Research) discovered an integer underflow in the asn1_get_string() function of the SNMP backend, leading to a stack-based buffer overflow when handling SNMP responses (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). Impact : A remote attacker on the local network could exploit the first vulnerability to execute arbitrary code with elevated privileges by sending specially crafted SNMP messages as a response to an SNMP broadcast request. A local attacker could exploit the second vulnerability to overwrite arbitrary files with the privileges of the user running the CUPS spooler (usually lp) by using symlink attacks. A remote attacker could cause a Denial of Service condition via the third vulnerability when SSL is enabled in CUPS. Workaround : To disable SNMP support in CUPS, you have have to manually delete the file
    last seen2020-06-01
    modified2020-06-02
    plugin id29734
    published2007-12-19
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29734
    titleGLSA-200712-14 : CUPS: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200712-14.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29734);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-4045", "CVE-2007-5849", "CVE-2007-6358");
      script_xref(name:"GLSA", value:"200712-14");
    
      script_name(english:"GLSA-200712-14 : CUPS: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200712-14
    (CUPS: Multiple vulnerabilities)
    
        Wei Wang (McAfee AVERT Research) discovered an integer underflow in the
        asn1_get_string() function of the SNMP backend, leading to a
        stack-based buffer overflow when handling SNMP responses
        (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate
        pdftops filter creates temporary files with predictable file names when
        reading from standard input (CVE-2007-6358). Furthermore, the
        resolution of a Denial of Service vulnerability covered in GLSA
        200703-28 introduced another Denial of Service vulnerability within SSL
        handling (CVE-2007-4045).
      
    Impact :
    
        A remote attacker on the local network could exploit the first
        vulnerability to execute arbitrary code with elevated privileges by
        sending specially crafted SNMP messages as a response to an SNMP
        broadcast request. A local attacker could exploit the second
        vulnerability to overwrite arbitrary files with the privileges of the
        user running the CUPS spooler (usually lp) by using symlink attacks. A
        remote attacker could cause a Denial of Service condition via the third
        vulnerability when SSL is enabled in CUPS.
      
    Workaround :
    
        To disable SNMP support in CUPS, you have have to manually delete the
        file '/usr/libexec/cups/backend/snmp'. Please note that the file is
        reinstalled if you merge CUPS again later. To disable the pdftops
        filter, delete all lines referencing 'pdftops' in CUPS' 'mime.convs'
        configuration file. To work around the third vulnerability, disable SSL
        support via the corresponding USE flag."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200703-28"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200712-14"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All CUPS users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-print/cups-1.2.12-r4'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cups");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-print/cups", unaffected:make_list("rge 1.2.12-r4", "ge 1.3.5"), vulnerable:make_list("lt 1.3.5"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CUPS");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1022.NASL
    descriptionFrom Red Hat Security Advisory 2007:1022 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67599
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67599
    titleOracle Linux 4 : cups (ELSA-2007-1022)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071107_CUPS_ON_SL4_X.NASL
    descriptionProblem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045)
    last seen2020-06-01
    modified2020-06-02
    plugin id60286
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60286
    titleScientific Linux Security Update : cups on SL4.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1023.NASL
    descriptionUpdated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37449
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37449
    titleCentOS 3 : cups (CESA-2007:1023)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2982.NASL
    descriptionThis update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler, as well as several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27822
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27822
    titleFedora 8 : cups-1.3.4-2.fc8 (2007-2982)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1022.NASL
    descriptionUpdated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36860
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36860
    titleRHEL 4 : cups (RHSA-2007:1022)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3586.NASL
    description - Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-2 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). - Fri May 2 2008 Tim Waugh <twaugh at redhat.com> - Include the hostname in the charset error (part of bug #441719). - Thu Apr 10 2008 Tim Waugh <twaugh at redhat.com> - Log an error when a client requests a charset other than ASCII or UTF-8. - Thu Apr 3 2008 Tim Waugh <twaugh at redhat.com> - Main package requires exactly-matching libs package. - Wed Apr 2 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-1 - 1.3.7. No longer need str2715, str2727, or CVE-2008-0047 patches. - Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.6-4 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). - Thu Feb 28 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-3 - Apply upstream fix for Adobe JPEG files (bug #166460, STR #2727). - Sat Feb 23 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-2 - Fix encoding of job-sheets option (bug #433753, STR #2715). - Wed Feb 20 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-1 - 1.3.6. No longer need str2650, str2664, or str2703 patches. - Tue Feb 12 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-3 - Fixed admin.cgi handling of DefaultAuthType (bug #432478, STR #2703). - Mon Jan 21 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-2 - Rebuilt. - Thu Jan 10 2008 Tim Waugh <twaugh at redhat.com> - Apply patch to fix busy looping in the backends (bug #426653, STR #2664). - Wed Jan 9 2008 Tim Waugh <twaugh at redhat.com> - Apply patch to prevent overlong PPD lines from causing failures except in strict mode (bug #405061). Needed for compatibility with older versions of foomatic (e.g. Red Hat Enterprise Linux 3/4). - Applied upstream patch to fix cupsctl --remote-any (bug #421411, STR #2650). - Thu Jan 3 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-1 - 1.3.5. No longer need str2600, CVE-2007-4352,5392,5393 patches. - Efficiency fix for pstoraster (bug #416871). - Fri Nov 30 2007 Tim Waugh <twaugh at redhat.com> - CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are not moved in array operations, only pointers to them. - Tue Nov 27 2007 Tim Waugh <twaugh at redhat.com> - Updated to improved dnssd backend from Till Kamppeter. - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id32207
    published2008-05-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32207
    titleFedora 8 : cups-1.3.7-2.fc8 (2008-3586)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1023.NASL
    descriptionFrom Red Hat Security Advisory 2007:1023 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67600
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67600
    titleOracle Linux 3 : cups (ELSA-2007-1023)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-036.NASL
    descriptionWei Wang found that the SNMP discovery backend in CUPS did not correctly calculate the length of strings. If a user could be tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code (CVE-2007-5849). As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another denial of service regression within SSL handling (CVE-2007-4045). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37571
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37571
    titleMandriva Linux Security Advisory : cups (MDVSA-2008:036)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3449.NASL
    description - Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-11 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). - Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-10 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). - Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-9 - Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656). - Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-8 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - LSPP fixes (cupsdSetString/ClearString). - Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). - Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661). - Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5 - Use ppdev for parallel port Device ID retrieval (bug #311671). - Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4 - Applied patch to fix CVE-2007-3387 (bug #251518). - Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3 - Better buildroot tag. - Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522). - Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2 - Use kernel support for USB paper-out detection, when available (bug #249213). - Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1 - 1.2.12. No longer need adminutil or str2408 patches. - Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3 - Better paper-out detection patch still (bug #246222). - Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2 - Applied patch to fix group handling in PPDs (bug #186231, STR #2408). - Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1 - Fixed permissions on classes.conf in the file manifest (bug #245748). - 1.2.11. - Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com> - Make the initscript use start priority 56 (bug #213828). - Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12 - Better paper-out detection patch (bug #241589). - Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11 - Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32197
    published2008-05-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32197
    titleFedora 7 : cups-1.2.12-11.fc7 (2008-3449)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1022.NASL
    descriptionUpdated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37428
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37428
    titleCentOS 4 : cups (CESA-2007:1022)

Oval

accepted2013-04-29T04:18:41.482-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionThe CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.
familyunix
idoval:org.mitre.oval:def:9303
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.
version26

Redhat

advisories
  • rhsa
    idRHSA-2007:1022
  • rhsa
    idRHSA-2007:1023
rpms
  • cups-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-debuginfo-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-devel-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-libs-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-1:1.1.17-13.3.46
  • cups-debuginfo-1:1.1.17-13.3.46
  • cups-devel-1:1.1.17-13.3.46
  • cups-libs-1:1.1.17-13.3.46

Statements

contributorMark J Cox
lastmodified2007-11-09
organizationRed Hat
statementThe Red Hat Security Response Team has rated this issue as having low security impact. Updates to correct this are available: https://rhn.redhat.com/cve/CVE-2007-4045.html