Vulnerabilities > CVE-2009-3553 - Use After Free vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Apple
2
OS
Apple
122
OS
Fedoraproject
1
OS
Canonical
5
OS
Debian
1
OS
Redhat
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3693.NASL
    descriptionThis update fixes a denial of service security issue (CVE-2010-0302). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47324
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47324
    titleFedora 13 : cups-1.4.2-34.fc13 (2010-3693)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-3693.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47324);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:32");
    
      script_cve_id("CVE-2009-3553", "CVE-2010-0302");
      script_bugtraq_id(37048, 38510);
      script_xref(name:"FEDORA", value:"2010-3693");
    
      script_name(english:"Fedora 13 : cups-1.4.2-34.fc13 (2010-3693)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a denial of service security issue (CVE-2010-0302).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=557775"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037027.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b7805199"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"cups-1.4.2-34.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2176.NASL
    descriptionSeveral vulnerabilities have been discovered in the Common UNIX Printing System : - CVE-2008-5183 A NULL pointer dereference in RSS job completion notifications could lead to denial of service. - CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. - CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. - CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. - CVE-2010-1748 Information disclosure in the web interface. - CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. - CVE-2010-2432 Denial of service in the authentication code. - CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code.
    last seen2020-03-17
    modified2011-03-02
    plugin id52484
    published2011-03-02
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52484
    titleDebian DSA-2176-1 : cups - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2176. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52484);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2008-5183", "CVE-2009-3553", "CVE-2010-0540", "CVE-2010-0542", "CVE-2010-1748", "CVE-2010-2431", "CVE-2010-2432", "CVE-2010-2941");
      script_bugtraq_id(32419, 37048, 40889, 40897, 40943, 41126, 41131, 44530);
      script_xref(name:"DSA", value:"2176");
    
      script_name(english:"Debian DSA-2176-1 : cups - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Common UNIX
    Printing System :
    
      - CVE-2008-5183
        A NULL pointer dereference in RSS job completion
        notifications could lead to denial of service.
    
      - CVE-2009-3553
        It was discovered that incorrect file descriptor
        handling could lead to denial of service.
    
      - CVE-2010-0540
        A cross-site request forgery vulnerability was
        discovered in the web interface.
    
      - CVE-2010-0542
        Incorrect memory management in the filter subsystem
        could lead to denial of service.
    
      - CVE-2010-1748
        Information disclosure in the web interface.
    
      - CVE-2010-2431
        Emmanuel Bouillon discovered a symlink vulnerability in
        handling of cache files.
    
      - CVE-2010-2432
        Denial of service in the authentication code.
    
      - CVE-2010-2941
        Incorrect memory management in the IPP code could lead
        to denial of service or the execution of arbitrary code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-5183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-3553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-0540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-0542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-1748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-2431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-2432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-2941"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2011/dsa-2176"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the cups packages.
    
    For the oldstable distribution (lenny), this problem has been fixed in
    version 1.3.8-1+lenny9.
    
    The stable distribution (squeeze) and the unstable distribution (sid)
    had already been fixed prior to the initial Squeeze release."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"5.0", prefix:"cups", reference:"1.3.8-1+lenny9")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idCUPS_1_4_4.NASL
    descriptionAccording to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities : - The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302) - The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540) - An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user. (STR #3510) (CVE-2010-2431) - The CUPS daemon is vulnerable to a heap corruption attack as the
    last seen2020-06-01
    modified2020-06-02
    plugin id47683
    published2010-07-08
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47683
    titleCUPS < 1.4.4 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47683);
      script_version("1.12");
      script_cvs_date("Date: 2018/07/06 11:26:07");
    
      script_cve_id(
        "CVE-2010-0302",
        "CVE-2010-0540",
        "CVE-2010-0542",
        "CVE-2010-1748",
        "CVE-2010-2431",
        "CVE-2010-2432"
      );
      script_bugtraq_id(38510, 40889, 40897, 40943, 41126, 41131);
      script_xref(name:"Secunia", value:"40165");
    
      script_name(english:"CUPS < 1.4.4 Multiple Vulnerabilities");
      script_summary(english:"Checks CUPS server version");
    
      script_set_attribute(attribute:"synopsis", value:"The remote printer service is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of CUPS installed on the remote
    host is earlier than 1.4.4. Such versions are affected by several
    vulnerabilities :
    
      - The patch for STR #3200 / CVE-2009-3553 was not
        complete. A remote client can cause a denial of service
        by causing the CUPS server to reference an already
        freed resource. (STR #3490) (CVE-2010-0302)
    
      - The CUPS daemon may be vulnerable to certain cross-site
        request forgery (CSRF) attacks, e.g., malicious IFRAME
        attacks. (STR #3498) (CVE-2010-0540)
    
      - An unprivileged process may be able to cause the CUPS
        server to overwrite arbitrary files as the root user.
        (STR #3510) (CVE-2010-2431)
    
      - The CUPS daemon is vulnerable to a heap corruption
        attack as the 'textops' filter does not verify the
        results of memory allocations. It is possible this
        may lead to arbitrary code execution. (STR #3516)
        (CVE-2010-0542)
    
      - The CUPS daemon is vulnerable to a denial of service
        attack if compiled without HAVE_GSSAPI. (STR #3518)
        (CVE-2010-2432)
    
      - The CUPS daemon is vulnerable to an information
        disclosure attack as an attacker can view portions of
        uninitialized memory by a specially crafted URL.
        (STR #3577) (CVE-2010-1748)");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3490");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3498");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3510");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3516");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3518");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3577");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/articles.php?L596");
      script_set_attribute(attribute:"solution", value:"Upgrade to CUPS version 1.4.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/08");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:cups");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("http_version.nasl", "cups_1_3_5.nasl");
      script_require_keys("www/cups", "Settings/ParanoidReport");
      script_require_ports("Services/www", 631);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:631, embedded:TRUE);
    get_kb_item_or_exit("www/"+port+"/cups/running");
    
    version = get_kb_item_or_exit("cups/"+port+"/version");
    source  = get_kb_item_or_exit("cups/"+port+"/source");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    if (
      version =~ "^1\.([0-3]|4\.[0-3])($|[^0-9])" ||
      version =~ "^1\.4(rc|b)"
    )
    {
      set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : 1.4.4\n';
    
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else if (version =~ "^(1|1\.4)($|[^0-9.])") audit(AUDIT_VER_NOT_GRANULAR, "CUPS", port, version);
    else audit(AUDIT_LISTEN_NOT_VULN, "CUPS", port, version);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_CUPS-091210.NASL
    descriptionA use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553).
    last seen2020-06-01
    modified2020-06-02
    plugin id43600
    published2009-12-27
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43600
    titleopenSUSE Security Update : cups (cups-1671)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update cups-1671.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43600);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2009-3553");
    
      script_name(english:"openSUSE Security Update : cups (cups-1671)");
      script_summary(english:"Check for the cups-1671 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A use-after-free problem in cupsd allowed remote attackers to crash
    the cups server (CVE-2009-3553)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=554861"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"cups-1.3.7-25.14") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"cups-client-1.3.7-25.14") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"cups-devel-1.3.7-25.14") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"cups-libs-1.3.7-25.14") ) flag++;
    if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"cups-libs-32bit-1.3.7-25.14") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2010-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-001 applied. This security update contains fixes for the following products : - CoreAudio - CUPS - Flash Player plug-in - ImageIO - Image RAW - OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id44095
    published2010-01-20
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44095
    titleMac OS X Multiple Vulnerabilities (Security Update 2010-001)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(44095);
      script_version("1.12");
    
      script_cve_id(
        "CVE-2009-2285",
        "CVE-2009-3553",
        "CVE-2009-3555",
        "CVE-2009-3794",
        "CVE-2009-3796",
        "CVE-2009-3797",
        "CVE-2009-3798",
        "CVE-2009-3799",
        "CVE-2009-3800",
        "CVE-2009-3951",
        "CVE-2010-0036",
        "CVE-2010-0037"
      );
      script_bugtraq_id(37868, 37869);
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2010-001)");
      script_summary(english:"Check for the presence of Security Update 2010-001");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.6 or 10.5 that
    does not have Security Update 2010-001 applied.
    
    This security update contains fixes for the following products :
    
      - CoreAudio
      - CUPS
      - Flash Player plug-in
      - ImageIO
      - Image RAW
      - OpenSSL"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT4004"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.securityfocus.com/advisories/18831"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2010-001 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(94, 119, 189, 200, 310, 399);
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/20");
     script_cvs_date("Date: 2018/07/14  1:59:35");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
    
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$";
    if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+").");
    
    
    darwin = ereg_replace(pattern:pat, replace:"\1", string:uname);
    if (ereg(pattern:"^(9\.[0-8]\.|10\.[0-2]\.)", string:darwin))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2010\.00[1-9]|201[1-9]\.[0-9]+)(\.snowleopard)?\.bom", string:packages)) 
        exit(0, "The host has Security Update 2010-001 or later installed and therefore is not affected.");
      else 
        security_hole(0);
    }
    else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_CUPS-091204.NASL
    descriptionThe cups web interface was prone to Cross-Site Scripting (XSS) problems (CVE-2009-2820). A use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553).
    last seen2020-06-01
    modified2020-06-02
    plugin id43107
    published2009-12-11
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43107
    titleopenSUSE Security Update : cups (cups-1650)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update cups-1650.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43107);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:35");
    
      script_cve_id("CVE-2009-2820", "CVE-2009-3553");
    
      script_name(english:"openSUSE Security Update : cups (cups-1650)");
      script_summary(english:"Check for the cups-1650 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The cups web interface was prone to Cross-Site Scripting (XSS)
    problems (CVE-2009-2820).
    
    A use-after-free problem in cupsd allowed remote attackers to crash
    the cups server (CVE-2009-3553)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=548317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=554861"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(79, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"cups-1.3.11-4.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"cups-client-1.3.11-4.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"cups-devel-1.3.11-4.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"cups-libs-1.3.11-4.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"cups-libs-32bit-1.3.11-4.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-client / cups-devel / cups-libs / cups-libs-32bit");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100303_CUPS_ON_SL5_X.NASL
    descriptionCVE-2010-0302 cups Incomplete fix for CVE-2009-3553 It was discovered that the cups 1.3.7-11.el5_4.4 security update did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id60743
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60743
    titleScientific Linux Security Update : cups on SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-2743.NASL
    descriptionThis update addresses a denial of service security issue (CVE-2010-0302) as well as fixing several other small problems: * classes.conf is now updated when a class member is deleted. * the usermode dependency has been removed. * the udev rules are now installed in the correct location. * cups-config now has no multilib conflict. * the ipp backend now clears the printer status on completion. * cupsGetNamedDest() is no longer confused by old configuration files. * the scheduler no longer treats SIGPIPE as a filter error. * the gcrypt threading patch has been reverted. * the package no longer owns filesystem-owned directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47293
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47293
    titleFedora 11 : cups-1.4.2-26.fc11 (2010-2743)
  • NASL familyMisc.
    NASL idCUPS_1_4_3.NASL
    descriptionAccording to its banner, the version of CUPS installed on the remote host is earlier than 1.4.3. Such versions are affected by several vulnerabilities : - A pointer use-after-free vulnerability exists in the abstract file descriptor handling code in the
    last seen2020-06-01
    modified2020-06-02
    plugin id45554
    published2010-04-16
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45554
    titleCUPS < 1.4.3 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-10891.NASL
    descriptionUpdated to 1.4.2 including XSS security fix (CVE-2009-2820). Fixed improper reference counting in abstract file descriptors handling interface (CVE-2009-3553). Fixed admin.cgi crash when modifying a class. Fix cups-lpd to create unique temporary data files. Pass through serial parameters correctly in web interface. Set the PRINTER_IS_SHARED variable for admin.cgi Fix removing files with lprm. Fixed German translation. Fixed PostScript errors with number-up handling. Fixed lspp-patch to avoid memory leak. Upstream fix for GNU TLS error handling bug. Reset SIGPIPE handler for child processes. Fixed typo in admin web template. Fixed incorrect handling of out-of-memory when loading jobs. Fixed wrong driver reported in web interface. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42935
    published2009-12-01
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42935
    titleFedora 11 : cups-1.4.2-7.fc11 (2009-10891)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1595.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id67076
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67076
    titleCentOS 5 : cups (CESA-2009:1595)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0129.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id44973
    published2010-03-04
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44973
    titleRHEL 5 : cups (RHSA-2010:0129)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-12652.NASL
    descriptionThis update include a fix for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553), and for a memory leak in the LSPP support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43009
    published2009-12-07
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43009
    titleFedora 10 : cups-1.3.11-4.fc10 (2009-12652)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3761.NASL
    descriptionThis update addresses a denial of service security issue (CVE-2010-0302) as well as fixing several other small problems: * classes.conf is now updated when a class member is deleted. * the usermode dependency has been removed. * the udev rules are now installed in the correct location. * cups-config now has no multilib conflict. * the ipp backend now clears the printer status on completion. * cupsGetNamedDest() is no longer confused by old configuration files. * the scheduler no longer treats SIGPIPE as a filter error. * the gcrypt threading patch has been reverted. * the package no longer owns filesystem-owned directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47327
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47327
    titleFedora 12 : cups-1.4.2-28.fc12 (2010-3761)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-906-1.NASL
    descriptionIt was discovered that the CUPS scheduler did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2009-3553, CVE-2010-0302) Ronald Volgers discovered that the CUPS lppasswd tool could be made to load localized message strings from arbitrary files by setting an environment variable. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. The default compiler options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to a denial of service. (CVE-2010-0393). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id44985
    published2010-03-04
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44985
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : cups, cupsys vulnerabilities (USN-906-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_CUPS-100210.NASL
    descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings. (CVE-2010-0393) The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete. (CVE-2010-0302)
    last seen2020-06-01
    modified2020-06-02
    plugin id45105
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45105
    titleSuSE 11 Security Update : CUPS (SAT Patch Number 2108)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_CUPS-100210.NASL
    descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302).
    last seen2020-06-01
    modified2020-06-02
    plugin id45099
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45099
    titleopenSUSE Security Update : cups (cups-2102)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_CUPS-100305.NASL
    descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302).
    last seen2020-06-01
    modified2020-06-02
    plugin id45102
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45102
    titleopenSUSE Security Update : cups (cups-2102)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1595.NASL
    descriptionFrom Red Hat Security Advisory 2009:1595 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id67961
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67961
    titleOracle Linux 5 : cups (ELSA-2009-1595)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0129.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id45053
    published2010-03-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45053
    titleCentOS 5 : cups (CESA-2010:0129)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0129.NASL
    descriptionFrom Red Hat Security Advisory 2010:0129 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68006
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68006
    titleOracle Linux 5 : cups (ELSA-2010-0129)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-073.NASL
    descriptionMultiple vulnerabilities has been found and corrected in cups : CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product
    last seen2020-06-01
    modified2020-06-02
    plugin id45530
    published2010-04-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45530
    titleMandriva Linux Security Advisory : cups (MDVSA-2010:073-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_CUPS-100210.NASL
    descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302).
    last seen2020-06-01
    modified2020-06-02
    plugin id45096
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45096
    titleopenSUSE Security Update : cups (cups-2102)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1595.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id42850
    published2009-11-19
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42850
    titleRHEL 5 : cups (RHSA-2009:1595)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-11314.NASL
    descriptionNew release, including fix for XSS vulnerability in web interface (CVE-2009-2820) and for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42936
    published2009-12-01
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42936
    titleFedora 12 : cups-1.4.2-7.fc12 (2009-11314)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_CUPS-091210.NASL
    descriptionA use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553).
    last seen2020-06-01
    modified2020-06-02
    plugin id43601
    published2009-12-27
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43601
    titleopenSUSE Security Update : cups (cups-1671)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201207-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201207-10 (CUPS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59902
    published2012-07-10
    reporterThis script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59902
    titleGLSA-201207-10 : CUPS: Multiple vulnerabilities

Oval

accepted2013-04-29T04:12:08.204-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionUse-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
familyunix
idoval:org.mitre.oval:def:11183
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUse-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
version18

Redhat

advisories
bugzilla
id530111
titleCVE-2009-3553 cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentcups-devel is earlier than 1:1.3.7-11.el5_4.4
          ovaloval:com.redhat.rhsa:tst:20091595001
        • commentcups-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070123011
      • AND
        • commentcups-libs is earlier than 1:1.3.7-11.el5_4.4
          ovaloval:com.redhat.rhsa:tst:20091595003
        • commentcups-libs is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070123013
      • AND
        • commentcups-lpd is earlier than 1:1.3.7-11.el5_4.4
          ovaloval:com.redhat.rhsa:tst:20091595005
        • commentcups-lpd is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070123015
      • AND
        • commentcups is earlier than 1:1.3.7-11.el5_4.4
          ovaloval:com.redhat.rhsa:tst:20091595007
        • commentcups is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070123009
rhsa
idRHSA-2009:1595
released2010-01-12
severityModerate
titleRHSA-2009:1595: cups security update (Moderate)
rpms
  • cups-1:1.3.7-11.el5_4.4
  • cups-debuginfo-1:1.3.7-11.el5_4.4
  • cups-devel-1:1.3.7-11.el5_4.4
  • cups-libs-1:1.3.7-11.el5_4.4
  • cups-lpd-1:1.3.7-11.el5_4.4

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 37048 CVE ID: CVE-2009-3553 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS的scheduler/select.c文件中的cupsdDoSelect()函数在处理其文件描述符处理接口中引用的方式存在释放后使用错误,远程攻击者可以通过以特殊方式查询特定打印机的当前打印任务列表导致cupsd崩溃。 Easy Software Products CUPS 1.3.7 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1595-01)以及相应补丁: RHSA-2009:1595-01:Moderate: cups security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1595.html
idSSV:12665
last seen2017-11-19
modified2009-11-19
published2009-11-19
reporterRoot
titleCUPS文件描述符处理远程拒绝服务漏洞

References