Vulnerabilities > CVE-2009-1196 - Resource Management Errors vulnerability in Apple Cups 1.1.17/1.1.22

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
apple
CWE-399
nessus

Summary

The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."

Vulnerable Configurations

Part Description Count
Application
Apple
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1083.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id39303
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39303
    titleCentOS 3 / 4 : cups (CESA-2009:1083)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1083 and 
    # CentOS Errata and Security Advisory 2009:1083 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39303);
      script_version("1.20");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196");
      script_bugtraq_id(35169);
      script_xref(name:"RHSA", value:"2009:1083");
    
      script_name(english:"CentOS 3 / 4 : cups (CESA-2009:1083)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX(r) Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The Internet Printing Protocol (IPP)
    allows users to print and manage printing-related tasks over a
    network. The CUPS 'pdftops' filter converts Portable Document Format
    (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS
    imaging library.
    
    A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    A use-after-free flaw was found in the CUPS scheduler directory
    services routine, used to process data about available printers and
    printer classes. An attacker could use this flaw to cause a denial of
    service (cupsd daemon stop or crash). (CVE-2009-1196)
    
    Multiple integer overflows flaws, leading to heap-based buffer
    overflows, were found in the CUPS 'pdftops' filter. An attacker could
    create a malicious PDF file that would cause 'pdftops' to crash or,
    potentially, execute arbitrary code as the 'lp' user if the file was
    printed. (CVE-2009-0791)
    
    Red Hat would like to thank Anibal Sacco from Core Security
    Technologies for reporting the CVE-2009-0949 flaw, and Swen van
    Brussel for reporting the CVE-2009-1196 flaw.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015957.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d3899c64"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015958.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?423f1b34"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015959.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8b1ea8b4"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015960.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7ea3527d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"cups-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-1.1.22-0.rc1.9.32.c4.3")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-devel-1.1.22-0.rc1.9.32.c4.3")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-libs-1.1.22-0.rc1.9.32.c4.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090603_CUPS_ON_SL3_X.NASL
    descriptionA NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id60592
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60592
    titleScientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60592);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196");
    
      script_name(english:"Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    A use-after-free flaw was found in the CUPS scheduler directory
    services routine, used to process data about available printers and
    printer classes. An attacker could use this flaw to cause a denial of
    service (cupsd daemon stop or crash). (CVE-2009-1196)
    
    Multiple integer overflows flaws, leading to heap-based buffer
    overflows, were found in the CUPS 'pdftops' filter. An attacker could
    create a malicious PDF file that would cause 'pdftops' to crash or,
    potentially, execute arbitrary code as the 'lp' user if the file was
    printed. (CVE-2009-0791)
    
    After installing this update, the cupsd daemon will be restarted
    automatically."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0906&L=scientific-linux-errata&T=0&P=75
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ebbe7ff1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", reference:"cups-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"SL3", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"SL3", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    
    if (rpm_check(release:"SL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    if (rpm_check(release:"SL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    if (rpm_check(release:"SL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
    if (rpm_check(release:"SL5", reference:"cups-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"SL5", reference:"cups-devel-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"SL5", reference:"cups-libs-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"SL5", reference:"cups-lpd-1.3.7-8.el5_3.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1083.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id39307
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39307
    titleRHEL 3 / 4 : cups (RHSA-2009:1083)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1083. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39307);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196");
      script_bugtraq_id(35169);
      script_xref(name:"RHSA", value:"2009:1083");
    
      script_name(english:"RHEL 3 / 4 : cups (RHSA-2009:1083)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX(r) Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The Internet Printing Protocol (IPP)
    allows users to print and manage printing-related tasks over a
    network. The CUPS 'pdftops' filter converts Portable Document Format
    (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS
    imaging library.
    
    A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    A use-after-free flaw was found in the CUPS scheduler directory
    services routine, used to process data about available printers and
    printer classes. An attacker could use this flaw to cause a denial of
    service (cupsd daemon stop or crash). (CVE-2009-1196)
    
    Multiple integer overflows flaws, leading to heap-based buffer
    overflows, were found in the CUPS 'pdftops' filter. An attacker could
    create a malicious PDF file that would cause 'pdftops' to crash or,
    potentially, execute arbitrary code as the 'lp' user if the file was
    printed. (CVE-2009-0791)
    
    Red Hat would like to thank Anibal Sacco from Core Security
    Technologies for reporting the CVE-2009-0949 flaw, and Swen van
    Brussel for reporting the CVE-2009-1196 flaw.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0949"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1083"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cups, cups-devel and / or cups-libs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1083";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"cups-1.1.17-13.3.62")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    
    
      if (rpm_check(release:"RHEL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1083.NASL
    descriptionFrom Red Hat Security Advisory 2009:1083 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id67868
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67868
    titleOracle Linux 3 / 4 : cups (ELSA-2009-1083)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1083 and 
    # Oracle Linux Security Advisory ELSA-2009-1083 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67868);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196");
      script_bugtraq_id(35169);
      script_xref(name:"RHSA", value:"2009:1083");
    
      script_name(english:"Oracle Linux 3 / 4 : cups (ELSA-2009-1083)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1083 :
    
    Updated cups packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX(r) Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The Internet Printing Protocol (IPP)
    allows users to print and manage printing-related tasks over a
    network. The CUPS 'pdftops' filter converts Portable Document Format
    (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS
    imaging library.
    
    A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    A use-after-free flaw was found in the CUPS scheduler directory
    services routine, used to process data about available printers and
    printer classes. An attacker could use this flaw to cause a denial of
    service (cupsd daemon stop or crash). (CVE-2009-1196)
    
    Multiple integer overflows flaws, leading to heap-based buffer
    overflows, were found in the CUPS 'pdftops' filter. An attacker could
    create a malicious PDF file that would cause 'pdftops' to crash or,
    potentially, execute arbitrary code as the 'lp' user if the file was
    printed. (CVE-2009-0791)
    
    Red Hat would like to thank Anibal Sacco from Core Security
    Technologies for reporting the CVE-2009-0949 flaw, and Swen van
    Brussel for reporting the CVE-2009-1196 flaw.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-June/001024.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-June/001025.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    
    if (rpm_check(release:"EL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
    }
    

Oval

accepted2013-04-29T04:12:26.079-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionThe directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."
familyunix
idoval:org.mitre.oval:def:11217
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."
version26

Redhat

advisories
bugzilla
id500972
titleCVE-2009-0949 cups: IPP_TAG_UNSUPPORTED handling NULL pointer dereference DoS
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentcups-libs is earlier than 1:1.1.22-0.rc1.9.32.el4_8.3
          ovaloval:com.redhat.rhsa:tst:20091083001
        • commentcups-libs is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060163004
      • AND
        • commentcups is earlier than 1:1.1.22-0.rc1.9.32.el4_8.3
          ovaloval:com.redhat.rhsa:tst:20091083003
        • commentcups is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060163006
      • AND
        • commentcups-devel is earlier than 1:1.1.22-0.rc1.9.32.el4_8.3
          ovaloval:com.redhat.rhsa:tst:20091083005
        • commentcups-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060163002
rhsa
idRHSA-2009:1083
released2009-06-03
severityImportant
titleRHSA-2009:1083: cups security update (Important)
rpms
  • cups-1:1.1.17-13.3.62
  • cups-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-debuginfo-1:1.1.17-13.3.62
  • cups-debuginfo-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-devel-1:1.1.17-13.3.62
  • cups-devel-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-libs-1:1.1.17-13.3.62
  • cups-libs-1:1.1.22-0.rc1.9.32.el4_8.3

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 35194 CVE(CAN) ID: CVE-2009-1196 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 用于处理可用打印机和打印机类的CUPS调度程序目录服务例程中存在释放后使用漏洞,远程攻击者可以首先终止然后在一定的时间间隔后向运行cupsd守护程序的机器再发送CUPS浏览报文导致cupsd守护程序停止或崩溃。 Easy Software Products CUPS 1.1.22 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1083-01)以及相应补丁: RHSA-2009:1083-01:Important: cups security update 链接:<a href="https://www.redhat.com/support/errata/RHSA-2009-1083.html" target="_blank" rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-1083.html</a>
idSSV:11535
last seen2017-11-19
modified2009-06-05
published2009-06-05
reporterRoot
titleCUPS调度程序目录服务远程拒绝服务漏洞