Vulnerabilities > CVE-2009-3553 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-3693.NASL description This update fixes a denial of service security issue (CVE-2010-0302). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47324 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47324 title Fedora 13 : cups-1.4.2-34.fc13 (2010-3693) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-3693. # include("compat.inc"); if (description) { script_id(47324); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_cve_id("CVE-2009-3553", "CVE-2010-0302"); script_bugtraq_id(37048, 38510); script_xref(name:"FEDORA", value:"2010-3693"); script_name(english:"Fedora 13 : cups-1.4.2-34.fc13 (2010-3693)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a denial of service security issue (CVE-2010-0302). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=557775" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037027.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b7805199" ); script_set_attribute(attribute:"solution", value:"Update the affected cups package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"cups-1.4.2-34.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2176.NASL description Several vulnerabilities have been discovered in the Common UNIX Printing System : - CVE-2008-5183 A NULL pointer dereference in RSS job completion notifications could lead to denial of service. - CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. - CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. - CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. - CVE-2010-1748 Information disclosure in the web interface. - CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. - CVE-2010-2432 Denial of service in the authentication code. - CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. last seen 2020-03-17 modified 2011-03-02 plugin id 52484 published 2011-03-02 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52484 title Debian DSA-2176-1 : cups - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2176. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(52484); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2008-5183", "CVE-2009-3553", "CVE-2010-0540", "CVE-2010-0542", "CVE-2010-1748", "CVE-2010-2431", "CVE-2010-2432", "CVE-2010-2941"); script_bugtraq_id(32419, 37048, 40889, 40897, 40943, 41126, 41131, 44530); script_xref(name:"DSA", value:"2176"); script_name(english:"Debian DSA-2176-1 : cups - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Common UNIX Printing System : - CVE-2008-5183 A NULL pointer dereference in RSS job completion notifications could lead to denial of service. - CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. - CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. - CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. - CVE-2010-1748 Information disclosure in the web interface. - CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. - CVE-2010-2432 Denial of service in the authentication code. - CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-5183" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-3553" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0540" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0542" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-1748" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-2431" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-2432" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-2941" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2011/dsa-2176" ); script_set_attribute( attribute:"solution", value: "Upgrade the cups packages. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"cups", reference:"1.3.8-1+lenny9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id CUPS_1_4_4.NASL description According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities : - The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302) - The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540) - An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user. (STR #3510) (CVE-2010-2431) - The CUPS daemon is vulnerable to a heap corruption attack as the last seen 2020-06-01 modified 2020-06-02 plugin id 47683 published 2010-07-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47683 title CUPS < 1.4.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47683); script_version("1.12"); script_cvs_date("Date: 2018/07/06 11:26:07"); script_cve_id( "CVE-2010-0302", "CVE-2010-0540", "CVE-2010-0542", "CVE-2010-1748", "CVE-2010-2431", "CVE-2010-2432" ); script_bugtraq_id(38510, 40889, 40897, 40943, 41126, 41131); script_xref(name:"Secunia", value:"40165"); script_name(english:"CUPS < 1.4.4 Multiple Vulnerabilities"); script_summary(english:"Checks CUPS server version"); script_set_attribute(attribute:"synopsis", value:"The remote printer service is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities : - The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302) - The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540) - An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user. (STR #3510) (CVE-2010-2431) - The CUPS daemon is vulnerable to a heap corruption attack as the 'textops' filter does not verify the results of memory allocations. It is possible this may lead to arbitrary code execution. (STR #3516) (CVE-2010-0542) - The CUPS daemon is vulnerable to a denial of service attack if compiled without HAVE_GSSAPI. (STR #3518) (CVE-2010-2432) - The CUPS daemon is vulnerable to an information disclosure attack as an attacker can view portions of uninitialized memory by a specially crafted URL. (STR #3577) (CVE-2010-1748)"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3490"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3498"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3510"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3516"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3518"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3577"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/articles.php?L596"); script_set_attribute(attribute:"solution", value:"Upgrade to CUPS version 1.4.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/03"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/08"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:cups"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl", "cups_1_3_5.nasl"); script_require_keys("www/cups", "Settings/ParanoidReport"); script_require_ports("Services/www", 631); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:631, embedded:TRUE); get_kb_item_or_exit("www/"+port+"/cups/running"); version = get_kb_item_or_exit("cups/"+port+"/version"); source = get_kb_item_or_exit("cups/"+port+"/source"); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( version =~ "^1\.([0-3]|4\.[0-3])($|[^0-9])" || version =~ "^1\.4(rc|b)" ) { set_kb_item(name:'www/'+port+'/XSRF', value:TRUE); if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 1.4.4\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else if (version =~ "^(1|1\.4)($|[^0-9.])") audit(AUDIT_VER_NOT_GRANULAR, "CUPS", port, version); else audit(AUDIT_LISTEN_NOT_VULN, "CUPS", port, version);NASL family SuSE Local Security Checks NASL id SUSE_11_0_CUPS-091210.NASL description A use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553). last seen 2020-06-01 modified 2020-06-02 plugin id 43600 published 2009-12-27 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43600 title openSUSE Security Update : cups (cups-1671) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update cups-1671. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(43600); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2009-3553"); script_name(english:"openSUSE Security Update : cups (cups-1671)"); script_summary(english:"Check for the cups-1671 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=554861" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"cups-1.3.7-25.14") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"cups-client-1.3.7-25.14") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"cups-devel-1.3.7-25.14") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"cups-libs-1.3.7-25.14") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"cups-libs-32bit-1.3.7-25.14") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-001.NASL description The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-001 applied. This security update contains fixes for the following products : - CoreAudio - CUPS - Flash Player plug-in - ImageIO - Image RAW - OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 44095 published 2010-01-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44095 title Mac OS X Multiple Vulnerabilities (Security Update 2010-001) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(44095); script_version("1.12"); script_cve_id( "CVE-2009-2285", "CVE-2009-3553", "CVE-2009-3555", "CVE-2009-3794", "CVE-2009-3796", "CVE-2009-3797", "CVE-2009-3798", "CVE-2009-3799", "CVE-2009-3800", "CVE-2009-3951", "CVE-2010-0036", "CVE-2010-0037" ); script_bugtraq_id(37868, 37869); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2010-001)"); script_summary(english:"Check for the presence of Security Update 2010-001"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-001 applied. This security update contains fixes for the following products : - CoreAudio - CUPS - Flash Player plug-in - ImageIO - Image RAW - OpenSSL" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4004" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18831" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2010-001 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94, 119, 189, 200, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/19"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/20"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.|10\.[0-2]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2010\.00[1-9]|201[1-9]\.[0-9]+)(\.snowleopard)?\.bom", string:packages)) exit(0, "The host has Security Update 2010-001 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_2_CUPS-091204.NASL description The cups web interface was prone to Cross-Site Scripting (XSS) problems (CVE-2009-2820). A use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553). last seen 2020-06-01 modified 2020-06-02 plugin id 43107 published 2009-12-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43107 title openSUSE Security Update : cups (cups-1650) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update cups-1650. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(43107); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-2820", "CVE-2009-3553"); script_name(english:"openSUSE Security Update : cups (cups-1650)"); script_summary(english:"Check for the cups-1650 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The cups web interface was prone to Cross-Site Scripting (XSS) problems (CVE-2009-2820). A use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=548317" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=554861" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(79, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"cups-1.3.11-4.2.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"cups-client-1.3.11-4.2.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"cups-devel-1.3.11-4.2.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"cups-libs-1.3.11-4.2.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"cups-libs-32bit-1.3.11-4.2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-client / cups-devel / cups-libs / cups-libs-32bit"); }NASL family Scientific Linux Local Security Checks NASL id SL_20100303_CUPS_ON_SL5_X.NASL description CVE-2010-0302 cups Incomplete fix for CVE-2009-3553 It was discovered that the cups 1.3.7-11.el5_4.4 security update did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) After installing the update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60743 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60743 title Scientific Linux Security Update : cups on SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2010-2743.NASL description This update addresses a denial of service security issue (CVE-2010-0302) as well as fixing several other small problems: * classes.conf is now updated when a class member is deleted. * the usermode dependency has been removed. * the udev rules are now installed in the correct location. * cups-config now has no multilib conflict. * the ipp backend now clears the printer status on completion. * cupsGetNamedDest() is no longer confused by old configuration files. * the scheduler no longer treats SIGPIPE as a filter error. * the gcrypt threading patch has been reverted. * the package no longer owns filesystem-owned directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47293 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47293 title Fedora 11 : cups-1.4.2-26.fc11 (2010-2743) NASL family Misc. NASL id CUPS_1_4_3.NASL description According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.3. Such versions are affected by several vulnerabilities : - A pointer use-after-free vulnerability exists in the abstract file descriptor handling code in the last seen 2020-06-01 modified 2020-06-02 plugin id 45554 published 2010-04-16 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45554 title CUPS < 1.4.3 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2009-10891.NASL description Updated to 1.4.2 including XSS security fix (CVE-2009-2820). Fixed improper reference counting in abstract file descriptors handling interface (CVE-2009-3553). Fixed admin.cgi crash when modifying a class. Fix cups-lpd to create unique temporary data files. Pass through serial parameters correctly in web interface. Set the PRINTER_IS_SHARED variable for admin.cgi Fix removing files with lprm. Fixed German translation. Fixed PostScript errors with number-up handling. Fixed lspp-patch to avoid memory leak. Upstream fix for GNU TLS error handling bug. Reset SIGPIPE handler for child processes. Fixed typo in admin web template. Fixed incorrect handling of out-of-memory when loading jobs. Fixed wrong driver reported in web interface. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42935 published 2009-12-01 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42935 title Fedora 11 : cups-1.4.2-7.fc11 (2009-10891) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1595.NASL description Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 67076 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67076 title CentOS 5 : cups (CESA-2009:1595) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0129.NASL description Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 44973 published 2010-03-04 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44973 title RHEL 5 : cups (RHSA-2010:0129) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12652.NASL description This update include a fix for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553), and for a memory leak in the LSPP support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43009 published 2009-12-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43009 title Fedora 10 : cups-1.3.11-4.fc10 (2009-12652) NASL family Fedora Local Security Checks NASL id FEDORA_2010-3761.NASL description This update addresses a denial of service security issue (CVE-2010-0302) as well as fixing several other small problems: * classes.conf is now updated when a class member is deleted. * the usermode dependency has been removed. * the udev rules are now installed in the correct location. * cups-config now has no multilib conflict. * the ipp backend now clears the printer status on completion. * cupsGetNamedDest() is no longer confused by old configuration files. * the scheduler no longer treats SIGPIPE as a filter error. * the gcrypt threading patch has been reverted. * the package no longer owns filesystem-owned directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47327 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47327 title Fedora 12 : cups-1.4.2-28.fc12 (2010-3761) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-906-1.NASL description It was discovered that the CUPS scheduler did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2009-3553, CVE-2010-0302) Ronald Volgers discovered that the CUPS lppasswd tool could be made to load localized message strings from arbitrary files by setting an environment variable. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. The default compiler options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to a denial of service. (CVE-2010-0393). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44985 published 2010-03-04 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44985 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : cups, cupsys vulnerabilities (USN-906-1) NASL family SuSE Local Security Checks NASL id SUSE_11_CUPS-100210.NASL description lppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings. (CVE-2010-0393) The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete. (CVE-2010-0302) last seen 2020-06-01 modified 2020-06-02 plugin id 45105 published 2010-03-19 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45105 title SuSE 11 Security Update : CUPS (SAT Patch Number 2108) NASL family SuSE Local Security Checks NASL id SUSE_11_1_CUPS-100210.NASL description lppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302). last seen 2020-06-01 modified 2020-06-02 plugin id 45099 published 2010-03-19 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45099 title openSUSE Security Update : cups (cups-2102) NASL family SuSE Local Security Checks NASL id SUSE_11_2_CUPS-100305.NASL description lppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302). last seen 2020-06-01 modified 2020-06-02 plugin id 45102 published 2010-03-19 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45102 title openSUSE Security Update : cups (cups-2102) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1595.NASL description From Red Hat Security Advisory 2009:1595 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 67961 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67961 title Oracle Linux 5 : cups (ELSA-2009-1595) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0129.NASL description Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 45053 published 2010-03-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45053 title CentOS 5 : cups (CESA-2010:0129) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0129.NASL description From Red Hat Security Advisory 2010:0129 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68006 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68006 title Oracle Linux 5 : cups (ELSA-2010-0129) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-073.NASL description Multiple vulnerabilities has been found and corrected in cups : CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product last seen 2020-06-01 modified 2020-06-02 plugin id 45530 published 2010-04-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45530 title Mandriva Linux Security Advisory : cups (MDVSA-2010:073-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_CUPS-100210.NASL description lppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302). last seen 2020-06-01 modified 2020-06-02 plugin id 45096 published 2010-03-19 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45096 title openSUSE Security Update : cups (cups-2102) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1595.NASL description Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 42850 published 2009-11-19 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42850 title RHEL 5 : cups (RHSA-2009:1595) NASL family Fedora Local Security Checks NASL id FEDORA_2009-11314.NASL description New release, including fix for XSS vulnerability in web interface (CVE-2009-2820) and for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42936 published 2009-12-01 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42936 title Fedora 12 : cups-1.4.2-7.fc12 (2009-11314) NASL family SuSE Local Security Checks NASL id SUSE_11_1_CUPS-091210.NASL description A use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553). last seen 2020-06-01 modified 2020-06-02 plugin id 43601 published 2009-12-27 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43601 title openSUSE Security Update : cups (cups-1671) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201207-10.NASL description The remote host is affected by the vulnerability described in GLSA-201207-10 (CUPS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59902 published 2012-07-10 reporter This script is Copyright (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59902 title GLSA-201207-10 : CUPS: Multiple vulnerabilities
Oval
| accepted | 2013-04-29T04:12:08.204-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11183 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37048 CVE ID: CVE-2009-3553 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS的scheduler/select.c文件中的cupsdDoSelect()函数在处理其文件描述符处理接口中引用的方式存在释放后使用错误,远程攻击者可以通过以特殊方式查询特定打印机的当前打印任务列表导致cupsd崩溃。 Easy Software Products CUPS 1.3.7 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1595-01)以及相应补丁: RHSA-2009:1595-01:Moderate: cups security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1595.html |
| id | SSV:12665 |
| last seen | 2017-11-19 |
| modified | 2009-11-19 |
| published | 2009-11-19 |
| reporter | Root |
| title | CUPS文件描述符处理远程拒绝服务漏洞 |
References
- http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs
- http://secunia.com/advisories/37360
- http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs
- http://www.redhat.com/support/errata/RHSA-2009-1595.html
- http://secunia.com/advisories/37364
- http://www.cups.org/str.php?L3200
- http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs
- http://www.securityfocus.com/bid/37048
- https://bugzilla.redhat.com/show_bug.cgi?id=530111
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00332.html
- http://support.apple.com/kb/HT4004
- http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
- http://secunia.com/advisories/38241
- http://www.vupen.com/english/advisories/2010/0173
- http://www.ubuntu.com/usn/USN-906-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
- http://www.debian.org/security/2011/dsa-2176
- http://www.vupen.com/english/advisories/2011/0535
- http://secunia.com/advisories/43521
- http://security.gentoo.org/glsa/glsa-201207-10.xml
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11183