Vulnerabilities > CVE-2008-1374 - Integer Overflow OR Wraparound vulnerability in Apple Cups

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
apple
CWE-190
nessus

Summary

Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080401_CUPS_ON_SL3_X.NASL
    descriptionSL5 Only: A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id60378
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60378
    titleScientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0206.NASL
    descriptionFrom Red Hat Security Advisory 2008:0206 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id67674
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67674
    titleOracle Linux 3 / 4 : cups (ELSA-2008-0206)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0206.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id31756
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31756
    titleRHEL 3 / 4 : cups (RHSA-2008:0206)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0206.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id31741
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31741
    titleCentOS 3 / 4 : cups (CESA-2008:0206)

Oval

accepted2013-04-29T04:20:55.408-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionInteger overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
familyunix
idoval:org.mitre.oval:def:9636
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
version26

Redhat

advisories
bugzilla
id438336
titleCVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentcups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
          ovaloval:com.redhat.rhsa:tst:20080206001
        • commentcups is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060163006
      • AND
        • commentcups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
          ovaloval:com.redhat.rhsa:tst:20080206003
        • commentcups-libs is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060163004
      • AND
        • commentcups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6
          ovaloval:com.redhat.rhsa:tst:20080206005
        • commentcups-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060163002
rhsa
idRHSA-2008:0206
released2008-04-01
severityModerate
titleRHSA-2008:0206: cups security update (Moderate)
rpms
  • cups-1:1.1.17-13.3.52
  • cups-1:1.1.22-0.rc1.9.20.2.el4_6.6
  • cups-debuginfo-1:1.1.17-13.3.52
  • cups-debuginfo-1:1.1.22-0.rc1.9.20.2.el4_6.6
  • cups-devel-1:1.1.17-13.3.52
  • cups-devel-1:1.1.22-0.rc1.9.20.2.el4_6.6
  • cups-libs-1:1.1.17-13.3.52
  • cups-libs-1:1.1.22-0.rc1.9.20.2.el4_6.6