Vulnerabilities > CVE-2008-0597 - Resource Management Errors vulnerability in Easy Software products Cups 1.1.17/1.1.22

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
redhat
easy-software-products
CWE-399
nessus

Summary

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0153.NASL
    descriptionFrom Red Hat Security Advisory 2008:0153 : Updated cups packages that fixes two security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 3. Note that the default configuration of CUPS on Red Hat Enterprise Linux 3 allow requests of this type only from the local subnet. In addition, these updated cups packages fix a bug that occurred when using the CUPS polling daemon. Excessive debugging log information was saved to the error_log file regardless of the LogLevel setting, which filled up disk space rapidly. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67658
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67658
    titleOracle Linux 3 : cups (ELSA-2008-0153)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0153 and 
    # Oracle Linux Security Advisory ELSA-2008-0153 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67658);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2008-0596", "CVE-2008-0597");
      script_bugtraq_id(27988);
      script_xref(name:"RHSA", value:"2008:0153");
    
      script_name(english:"Oracle Linux 3 : cups (ELSA-2008-0153)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0153 :
    
    Updated cups packages that fixes two security issues and a bug are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX Printing System (CUPS) provides a portable printing
    layer for UNIX(R) operating systems.
    
    A flaw was found in the way CUPS handled the addition and removal of
    remote shared printers via IPP. A remote attacker could send malicious
    UDP IPP packets causing the CUPS daemon to attempt to dereference
    already freed memory and crash. (CVE-2008-0597)
    
    A memory management flaw was found in the way CUPS handled the
    addition and removal of remote shared printers via IPP. When shared
    printer was removed, allocated memory was not properly freed, leading
    to a memory leak possibly causing CUPS daemon crash after exhausting
    available memory. (CVE-2008-0596)
    
    These issues were found during the investigation of CVE-2008-0882,
    which did not affect Red Hat Enterprise Linux 3.
    
    Note that the default configuration of CUPS on Red Hat Enterprise
    Linux 3 allow requests of this type only from the local subnet.
    
    In addition, these updated cups packages fix a bug that occurred when
    using the CUPS polling daemon. Excessive debugging log information was
    saved to the error_log file regardless of the LogLevel setting, which
    filled up disk space rapidly.
    
    All CUPS users are advised to upgrade to these updated packages, which
    contain backported patches to resolve this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000524.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-1.1.17-13.3.51")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-1.1.17-13.3.51")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-devel-1.1.17-13.3.51")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-devel-1.1.17-13.3.51")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-libs-1.1.17-13.3.51")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-libs-1.1.17-13.3.51")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0161.NASL
    descriptionFrom Red Hat Security Advisory 2008:0161 : Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67663
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67663
    titleOracle Linux 4 : cups (ELSA-2008-0161)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0161 and 
    # Oracle Linux Security Advisory ELSA-2008-0161 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67663);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2008-0596", "CVE-2008-0597");
      script_bugtraq_id(27988);
      script_xref(name:"RHSA", value:"2008:0161");
    
      script_name(english:"Oracle Linux 4 : cups (ELSA-2008-0161)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0161 :
    
    Updated cups packages that fix two security issues are now available
    for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX Printing System (CUPS) provides a portable printing
    layer for UNIX(R) operating systems.
    
    A flaw was found in the way CUPS handled the addition and removal of
    remote shared printers via IPP. A remote attacker could send malicious
    UDP IPP packets causing the CUPS daemon to attempt to dereference
    already freed memory and crash. (CVE-2008-0597)
    
    A memory management flaw was found in the way CUPS handled the
    addition and removal of remote shared printers via IPP. When shared
    printer was removed, allocated memory was not properly freed, leading
    to a memory leak possibly causing CUPS daemon crash after exhausting
    available memory. (CVE-2008-0596)
    
    These issues were found during the investigation of CVE-2008-0882,
    which did not affect Red Hat Enterprise Linux 4.
    
    Note that the default configuration of CUPS on Red Hat Enterprise
    Linux 4 allow requests of this type only from the local subnet.
    
    All CUPS users are advised to upgrade to these updated packages, which
    contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000523.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-1.1.22-0.rc1.9.20.2.el4_6.5")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-1.1.22-0.rc1.9.20.2.el4_6.5")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0153.NASL
    descriptionUpdated cups packages that fixes two security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 3. Note that the default configuration of CUPS on Red Hat Enterprise Linux 3 allow requests of this type only from the local subnet. In addition, these updated cups packages fix a bug that occurred when using the CUPS polling daemon. Excessive debugging log information was saved to the error_log file regardless of the LogLevel setting, which filled up disk space rapidly. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id31185
    published2008-02-26
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31185
    titleRHEL 3 : cups (RHSA-2008:0153)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-5064.NASL
    descriptionThis update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too (CVE-2008-0596, CVE-2008-0597).
    last seen2020-06-01
    modified2020-06-02
    plugin id31394
    published2008-03-07
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31394
    titleopenSUSE 10 Security Update : cups (cups-5064)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0153.NASL
    descriptionUpdated cups packages that fixes two security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 3. Note that the default configuration of CUPS on Red Hat Enterprise Linux 3 allow requests of this type only from the local subnet. In addition, these updated cups packages fix a bug that occurred when using the CUPS polling daemon. Excessive debugging log information was saved to the error_log file regardless of the LogLevel setting, which filled up disk space rapidly. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id31168
    published2008-02-26
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31168
    titleCentOS 3 / 4 : cups (CESA-2008:0153)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-051.NASL
    descriptionA flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37194
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37194
    titleMandriva Linux Security Advisory : cups (MDVSA-2008:051)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-5063.NASL
    descriptionThis update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too. (CVE-2008-0596 / CVE-2008-0597)
    last seen2020-06-01
    modified2020-06-02
    plugin id31393
    published2008-03-07
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31393
    titleSuSE 10 Security Update : cups (ZYPP Patch Number 5063)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0161.NASL
    descriptionUpdated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31186
    published2008-02-26
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31186
    titleRHEL 4 : cups (RHSA-2008:0161)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12099.NASL
    descriptionThis update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too. (CVE-2008-0596, CVE-2008-0597)
    last seen2020-06-01
    modified2020-06-02
    plugin id41201
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41201
    titleSuSE9 Security Update : cups (YOU Patch Number 12099)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0161.NASL
    descriptionUpdated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31293
    published2008-02-27
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31293
    titleCentOS 4 : cups (CESA-2008:0161)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080225_CUPS_ON_SL3_X.NASL
    descriptionSL 3 and SL 4 only A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) SL 5 only A flaw was found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash. (CVE-2008-0882)
    last seen2020-06-01
    modified2020-06-02
    plugin id60364
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60364
    titleScientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64

Oval

accepted2013-04-29T04:19:45.174-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionUse-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
familyunix
idoval:org.mitre.oval:def:9492
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUse-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
version27

Redhat

advisories
  • bugzilla
    id433847
    titleCVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentcups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.5
            ovaloval:com.redhat.rhsa:tst:20080161001
          • commentcups-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163002
        • AND
          • commentcups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.5
            ovaloval:com.redhat.rhsa:tst:20080161003
          • commentcups is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163006
        • AND
          • commentcups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.5
            ovaloval:com.redhat.rhsa:tst:20080161005
          • commentcups-libs is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163004
    rhsa
    idRHSA-2008:0161
    released2008-02-25
    severityImportant
    titleRHSA-2008:0161: cups security update (Important)
  • rhsa
    idRHSA-2008:0153
rpms
  • cups-1:1.1.17-13.3.51
  • cups-debuginfo-1:1.1.17-13.3.51
  • cups-devel-1:1.1.17-13.3.51
  • cups-libs-1:1.1.17-13.3.51
  • cups-1:1.1.22-0.rc1.9.20.2.el4_6.5
  • cups-debuginfo-1:1.1.22-0.rc1.9.20.2.el4_6.5
  • cups-devel-1:1.1.22-0.rc1.9.20.2.el4_6.5
  • cups-libs-1:1.1.22-0.rc1.9.20.2.el4_6.5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 27988 CVE(CAN) ID: CVE-2008-0596,CVE-2008-0597 Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS处理通过IPP添加和删除远程共享打印机的方式存在漏洞,远程攻击者可以发送恶意UDP IPP报文导致CUPS守护程序试图引用已经释放的内存,出现崩溃。 CUPS处理通过IPP添加和删除远程共享打印机的方式存在内存管理漏洞。当删除共享打印机时,没有正确释放已分配的内存,导致内存泄露,CUPS守护程序在耗尽可用内存后可能会崩溃。 Easy Software Products CUPS 1.1.22 Easy Software Products CUPS 1.1.17 厂商补丁: RedHat ------ RedHat已经为此发布了安全公告(RHSA-2008:0161-01、RHSA-2008:0153-01)以及相应补丁: RHSA-2008:0161-01:Important: cups security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0161.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0161.html</a> RHSA-2008:0153-01:Important: cups security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0153.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0153.html</a>
idSSV:2958
last seen2017-11-19
modified2008-02-28
published2008-02-28
reporterRoot
titleCUPS多个远程拒绝服务漏洞