Vulnerabilities > CVE-2010-0302 - Use After Free vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
apple
fedoraproject
canonical
redhat
CWE-416
nessus

Summary

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Vulnerable Configurations

Part Description Count
OS
Apple
126
OS
Fedoraproject
1
OS
Canonical
5
OS
Redhat
5
Application
Apple
90

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3693.NASL
    descriptionThis update fixes a denial of service security issue (CVE-2010-0302). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47324
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47324
    titleFedora 13 : cups-1.4.2-34.fc13 (2010-3693)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-3693.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47324);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:32");
    
      script_cve_id("CVE-2009-3553", "CVE-2010-0302");
      script_bugtraq_id(37048, 38510);
      script_xref(name:"FEDORA", value:"2010-3693");
    
      script_name(english:"Fedora 13 : cups-1.4.2-34.fc13 (2010-3693)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a denial of service security issue (CVE-2010-0302).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=557775"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037027.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b7805199"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"cups-1.4.2-34.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups");
    }
    
  • NASL familyMisc.
    NASL idCUPS_1_4_4.NASL
    descriptionAccording to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities : - The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302) - The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540) - An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user. (STR #3510) (CVE-2010-2431) - The CUPS daemon is vulnerable to a heap corruption attack as the
    last seen2020-06-01
    modified2020-06-02
    plugin id47683
    published2010-07-08
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47683
    titleCUPS < 1.4.4 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47683);
      script_version("1.12");
      script_cvs_date("Date: 2018/07/06 11:26:07");
    
      script_cve_id(
        "CVE-2010-0302",
        "CVE-2010-0540",
        "CVE-2010-0542",
        "CVE-2010-1748",
        "CVE-2010-2431",
        "CVE-2010-2432"
      );
      script_bugtraq_id(38510, 40889, 40897, 40943, 41126, 41131);
      script_xref(name:"Secunia", value:"40165");
    
      script_name(english:"CUPS < 1.4.4 Multiple Vulnerabilities");
      script_summary(english:"Checks CUPS server version");
    
      script_set_attribute(attribute:"synopsis", value:"The remote printer service is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of CUPS installed on the remote
    host is earlier than 1.4.4. Such versions are affected by several
    vulnerabilities :
    
      - The patch for STR #3200 / CVE-2009-3553 was not
        complete. A remote client can cause a denial of service
        by causing the CUPS server to reference an already
        freed resource. (STR #3490) (CVE-2010-0302)
    
      - The CUPS daemon may be vulnerable to certain cross-site
        request forgery (CSRF) attacks, e.g., malicious IFRAME
        attacks. (STR #3498) (CVE-2010-0540)
    
      - An unprivileged process may be able to cause the CUPS
        server to overwrite arbitrary files as the root user.
        (STR #3510) (CVE-2010-2431)
    
      - The CUPS daemon is vulnerable to a heap corruption
        attack as the 'textops' filter does not verify the
        results of memory allocations. It is possible this
        may lead to arbitrary code execution. (STR #3516)
        (CVE-2010-0542)
    
      - The CUPS daemon is vulnerable to a denial of service
        attack if compiled without HAVE_GSSAPI. (STR #3518)
        (CVE-2010-2432)
    
      - The CUPS daemon is vulnerable to an information
        disclosure attack as an attacker can view portions of
        uninitialized memory by a specially crafted URL.
        (STR #3577) (CVE-2010-1748)");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3490");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3498");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3510");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3516");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3518");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3577");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/articles.php?L596");
      script_set_attribute(attribute:"solution", value:"Upgrade to CUPS version 1.4.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/08");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:cups");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("http_version.nasl", "cups_1_3_5.nasl");
      script_require_keys("www/cups", "Settings/ParanoidReport");
      script_require_ports("Services/www", 631);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:631, embedded:TRUE);
    get_kb_item_or_exit("www/"+port+"/cups/running");
    
    version = get_kb_item_or_exit("cups/"+port+"/version");
    source  = get_kb_item_or_exit("cups/"+port+"/source");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    if (
      version =~ "^1\.([0-3]|4\.[0-3])($|[^0-9])" ||
      version =~ "^1\.4(rc|b)"
    )
    {
      set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : 1.4.4\n';
    
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else if (version =~ "^(1|1\.4)($|[^0-9.])") audit(AUDIT_VER_NOT_GRANULAR, "CUPS", port, version);
    else audit(AUDIT_LISTEN_NOT_VULN, "CUPS", port, version);
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100303_CUPS_ON_SL5_X.NASL
    descriptionCVE-2010-0302 cups Incomplete fix for CVE-2009-3553 It was discovered that the cups 1.3.7-11.el5_4.4 security update did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id60743
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60743
    titleScientific Linux Security Update : cups on SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-2743.NASL
    descriptionThis update addresses a denial of service security issue (CVE-2010-0302) as well as fixing several other small problems: * classes.conf is now updated when a class member is deleted. * the usermode dependency has been removed. * the udev rules are now installed in the correct location. * cups-config now has no multilib conflict. * the ipp backend now clears the printer status on completion. * cupsGetNamedDest() is no longer confused by old configuration files. * the scheduler no longer treats SIGPIPE as a filter error. * the gcrypt threading patch has been reverted. * the package no longer owns filesystem-owned directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47293
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47293
    titleFedora 11 : cups-1.4.2-26.fc11 (2010-2743)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1595.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id67076
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67076
    titleCentOS 5 : cups (CESA-2009:1595)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0129.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id44973
    published2010-03-04
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44973
    titleRHEL 5 : cups (RHSA-2010:0129)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3761.NASL
    descriptionThis update addresses a denial of service security issue (CVE-2010-0302) as well as fixing several other small problems: * classes.conf is now updated when a class member is deleted. * the usermode dependency has been removed. * the udev rules are now installed in the correct location. * cups-config now has no multilib conflict. * the ipp backend now clears the printer status on completion. * cupsGetNamedDest() is no longer confused by old configuration files. * the scheduler no longer treats SIGPIPE as a filter error. * the gcrypt threading patch has been reverted. * the package no longer owns filesystem-owned directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47327
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47327
    titleFedora 12 : cups-1.4.2-28.fc12 (2010-3761)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_4.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.4. Mac OS X 10.6.4 contains security fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - Help Viewer - iChat - ImageIO - Kerberos - Kernel - libcurl - Network Authorization - Open Directory - Printer Setup - Printing - Ruby - SMB File Server - SquirrelMail - Wiki Server
    last seen2020-06-01
    modified2020-06-02
    plugin id47023
    published2010-06-15
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47023
    titleMac OS X 10.6.x < 10.6.4 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-906-1.NASL
    descriptionIt was discovered that the CUPS scheduler did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2009-3553, CVE-2010-0302) Ronald Volgers discovered that the CUPS lppasswd tool could be made to load localized message strings from arbitrary files by setting an environment variable. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. The default compiler options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to a denial of service. (CVE-2010-0393). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id44985
    published2010-03-04
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44985
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : cups, cupsys vulnerabilities (USN-906-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_CUPS-100210.NASL
    descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings. (CVE-2010-0393) The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete. (CVE-2010-0302)
    last seen2020-06-01
    modified2020-06-02
    plugin id45105
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45105
    titleSuSE 11 Security Update : CUPS (SAT Patch Number 2108)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_CUPS-100210.NASL
    descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302).
    last seen2020-06-01
    modified2020-06-02
    plugin id45099
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45099
    titleopenSUSE Security Update : cups (cups-2102)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_CUPS-100305.NASL
    descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302).
    last seen2020-06-01
    modified2020-06-02
    plugin id45102
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45102
    titleopenSUSE Security Update : cups (cups-2102)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1595.NASL
    descriptionFrom Red Hat Security Advisory 2009:1595 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id67961
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67961
    titleOracle Linux 5 : cups (ELSA-2009-1595)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0129.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id45053
    published2010-03-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45053
    titleCentOS 5 : cups (CESA-2010:0129)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0129.NASL
    descriptionFrom Red Hat Security Advisory 2010:0129 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68006
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68006
    titleOracle Linux 5 : cups (ELSA-2010-0129)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-073.NASL
    descriptionMultiple vulnerabilities has been found and corrected in cups : CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product
    last seen2020-06-01
    modified2020-06-02
    plugin id45530
    published2010-04-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45530
    titleMandriva Linux Security Advisory : cups (MDVSA-2010:073-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_CUPS-100210.NASL
    descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302).
    last seen2020-06-01
    modified2020-06-02
    plugin id45096
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45096
    titleopenSUSE Security Update : cups (cups-2102)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1595.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 12th January 2010] The packages list in this erratum has been updated to include missing i386 packages for Red Hat Enterprise Linux Desktop and RHEL Desktop Workstation. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id42850
    published2009-11-19
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42850
    titleRHEL 5 : cups (RHSA-2009:1595)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2010-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-004 applied. This security update contains fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - iChat - ImageIO - Kerberos - Kernel - libcurl - Network Authorization - Ruby - SMB File Server - SquirrelMail - Wiki Server
    last seen2020-06-01
    modified2020-06-02
    plugin id47024
    published2010-06-15
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47024
    titleMac OS X Multiple Vulnerabilities (Security Update 2010-004)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201207-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201207-10 (CUPS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59902
    published2012-07-10
    reporterThis script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59902
    titleGLSA-201207-10 : CUPS: Multiple vulnerabilities

Oval

accepted2013-04-29T04:12:25.705-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionUse-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.
familyunix
idoval:org.mitre.oval:def:11216
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUse-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.
version18

Redhat

advisories
bugzilla
id557775
titleCVE-2010-0302 cups Incomplete fix for CVE-2009-3553
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentcups-devel is earlier than 1:1.3.7-11.el5_4.6
          ovaloval:com.redhat.rhsa:tst:20100129001
        • commentcups-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070123011
      • AND
        • commentcups-libs is earlier than 1:1.3.7-11.el5_4.6
          ovaloval:com.redhat.rhsa:tst:20100129003
        • commentcups-libs is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070123013
      • AND
        • commentcups-lpd is earlier than 1:1.3.7-11.el5_4.6
          ovaloval:com.redhat.rhsa:tst:20100129005
        • commentcups-lpd is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070123015
      • AND
        • commentcups is earlier than 1:1.3.7-11.el5_4.6
          ovaloval:com.redhat.rhsa:tst:20100129007
        • commentcups is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070123009
rhsa
idRHSA-2010:0129
released2010-03-03
severityModerate
titleRHSA-2010:0129: cups security update (Moderate)
rpms
  • cups-1:1.3.7-11.el5_4.6
  • cups-debuginfo-1:1.3.7-11.el5_4.6
  • cups-devel-1:1.3.7-11.el5_4.6
  • cups-libs-1:1.3.7-11.el5_4.6
  • cups-lpd-1:1.3.7-11.el5_4.6

References