Vulnerabilities > CVE-2010-2941 - Use After Free vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

Vulnerable Configurations

Part Description Count
Application
Apple
90
OS
Apple
126
OS
Fedoraproject
3
OS
Canonical
5
OS
Debian
1
OS
Opensuse
3
OS
Suse
4
OS
Redhat
5

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2010-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id50549
    published2010-11-10
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50549
    titleMac OS X Multiple Vulnerabilities (Security Update 2010-007)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(50549);
      script_version("1.48");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2008-4546",
        "CVE-2009-0796",
        "CVE-2009-0946",
        "CVE-2009-2624",
        "CVE-2009-3793",
        "CVE-2009-4134",
        "CVE-2010-0105",
        "CVE-2010-0205",
        "CVE-2010-0209",
        "CVE-2010-0397",
        "CVE-2010-1205",
        "CVE-2010-1297",
        "CVE-2010-1449",
        "CVE-2010-1450",
        "CVE-2010-1752",
        "CVE-2010-1811",
        "CVE-2010-1828",
        "CVE-2010-1829",
        "CVE-2010-1830",
        "CVE-2010-1831",
        "CVE-2010-1832",
        "CVE-2010-1836",
        "CVE-2010-1837",
        "CVE-2010-1838",
        "CVE-2010-1840",
        "CVE-2010-1841",
        "CVE-2010-1845",
        "CVE-2010-1846",
        "CVE-2010-1848",
        "CVE-2010-1849",
        "CVE-2010-1850",
        "CVE-2010-2160",
        "CVE-2010-2161",
        "CVE-2010-2162",
        "CVE-2010-2163",
        "CVE-2010-2164",
        "CVE-2010-2165",
        "CVE-2010-2166",
        "CVE-2010-2167",
        "CVE-2010-2169",
        "CVE-2010-2170",
        "CVE-2010-2171",
        "CVE-2010-2172",
        "CVE-2010-2173",
        "CVE-2010-2174",
        "CVE-2010-2175",
        "CVE-2010-2176",
        "CVE-2010-2177",
        "CVE-2010-2178",
        "CVE-2010-2179",
        "CVE-2010-2180",
        "CVE-2010-2181",
        "CVE-2010-2182",
        "CVE-2010-2183",
        "CVE-2010-2184",
        "CVE-2010-2185",
        "CVE-2010-2186",
        "CVE-2010-2187",
        "CVE-2010-2188",
        "CVE-2010-2189",
        "CVE-2010-2213",
        "CVE-2010-2214",
        "CVE-2010-2215",
        "CVE-2010-2216",
        "CVE-2010-2249",
        "CVE-2010-2484",
        "CVE-2010-2497",
        "CVE-2010-2498",
        "CVE-2010-2499",
        "CVE-2010-2500",
        "CVE-2010-2519",
        "CVE-2010-2520",
        "CVE-2010-2531",
        "CVE-2010-2805",
        "CVE-2010-2806",
        "CVE-2010-2807",
        "CVE-2010-2808",
        "CVE-2010-2884",
        "CVE-2010-2941",
        "CVE-2010-3053",
        "CVE-2010-3054",
        "CVE-2010-3636",
        "CVE-2010-3638",
        "CVE-2010-3639",
        "CVE-2010-3640",
        "CVE-2010-3641",
        "CVE-2010-3642",
        "CVE-2010-3643",
        "CVE-2010-3644",
        "CVE-2010-3645",
        "CVE-2010-3646",
        "CVE-2010-3647",
        "CVE-2010-3648",
        "CVE-2010-3649",
        "CVE-2010-3650",
        "CVE-2010-3652",
        "CVE-2010-3654",
        "CVE-2010-3783",
        "CVE-2010-3784",
        "CVE-2010-3785",
        "CVE-2010-3796",
        "CVE-2010-3797",
        "CVE-2010-3976",
        "CVE-2010-4010"
      );
      script_bugtraq_id(
        31537,
        34383,
        34550,
        38478,
        39658,
        40361,
        40363,
        40365,
        40586,
        40779,
        40780,
        40781,
        40782,
        40783,
        40784,
        40785,
        40786,
        40787,
        40788,
        40789,
        40790,
        40791,
        40792,
        40793,
        40794,
        40795,
        40796,
        40797,
        40798,
        40799,
        40800,
        40801,
        40802,
        40803,
        40805,
        40806,
        40807,
        40808,
        40809,
        41049,
        41174,
        42285,
        42621,
        42624,
        44504,
        44530,
        44671,
        44729,
        44800,
        44802,
        44804,
        44806,
        44807,
        44808,
        44812,
        44814,
        44815,
        44816,
        44817,
        44819,
        44822,
        44829,
        44832,
        44833,
        44835,
        99999
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2010-007)");
      script_summary(english:"Check for the presence of Security Update 2010-007");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes security
    issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.5 that does not
    have Security Update 2010-007 applied. 
    
    This security update contains fixes for the following products :
    
      - AFP Server
      - Apache mod_perl
      - ATS
      - CFNetwork
      - CoreGraphics
      - CoreText
      - CUPS
      - Directory Services
      - diskdev_cmds
      - Disk Images
      - Flash Player plug-in
      - gzip
      - ImageIO
      - Image RAW
      - MySQL
      - Password Server
      - PHP
      - Printing
      - python
      - QuickLook
      - Safari RSS
      - Wiki Server
      - X11"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT4435"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2010-007 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploithub_sku", value:"EH-11-164");
      script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player "Button" Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 79, 189, 399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
    
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(0, "The 'Host/uname' KB item is missing.");
    
    pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$";
    if (!ereg(pattern:pat, string:uname)) exit(0, "Can't identify the Darwin kernel version from the uname output ("+uname+").");
    
    
    darwin = ereg_replace(pattern:pat, replace:"\1", string:uname);
    if (ereg(pattern:"^9\.[0-8]\.", string:darwin))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2010\.00[7-9]|201[1-9]\.[0-9]+)(\.leopard)?\.bom", string:packages)) 
        exit(0, "The host has Security Update 2010-007 or later installed and therefore is not affected.");
      else 
        security_hole(0);
    }
    else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2176.NASL
    descriptionSeveral vulnerabilities have been discovered in the Common UNIX Printing System : - CVE-2008-5183 A NULL pointer dereference in RSS job completion notifications could lead to denial of service. - CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. - CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. - CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. - CVE-2010-1748 Information disclosure in the web interface. - CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. - CVE-2010-2432 Denial of service in the authentication code. - CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code.
    last seen2020-03-17
    modified2011-03-02
    plugin id52484
    published2011-03-02
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52484
    titleDebian DSA-2176-1 : cups - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2176. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52484);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2008-5183", "CVE-2009-3553", "CVE-2010-0540", "CVE-2010-0542", "CVE-2010-1748", "CVE-2010-2431", "CVE-2010-2432", "CVE-2010-2941");
      script_bugtraq_id(32419, 37048, 40889, 40897, 40943, 41126, 41131, 44530);
      script_xref(name:"DSA", value:"2176");
    
      script_name(english:"Debian DSA-2176-1 : cups - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Common UNIX
    Printing System :
    
      - CVE-2008-5183
        A NULL pointer dereference in RSS job completion
        notifications could lead to denial of service.
    
      - CVE-2009-3553
        It was discovered that incorrect file descriptor
        handling could lead to denial of service.
    
      - CVE-2010-0540
        A cross-site request forgery vulnerability was
        discovered in the web interface.
    
      - CVE-2010-0542
        Incorrect memory management in the filter subsystem
        could lead to denial of service.
    
      - CVE-2010-1748
        Information disclosure in the web interface.
    
      - CVE-2010-2431
        Emmanuel Bouillon discovered a symlink vulnerability in
        handling of cache files.
    
      - CVE-2010-2432
        Denial of service in the authentication code.
    
      - CVE-2010-2941
        Incorrect memory management in the IPP code could lead
        to denial of service or the execution of arbitrary code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-5183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-3553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-0540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-0542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-1748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-2431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-2432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-2941"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2011/dsa-2176"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the cups packages.
    
    For the oldstable distribution (lenny), this problem has been fixed in
    version 1.3.8-1+lenny9.
    
    The stable distribution (squeeze) and the unstable distribution (sid)
    had already been fixed prior to the initial Squeeze release."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cups");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"5.0", prefix:"cups", reference:"1.3.8-1+lenny9")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0811.NASL
    descriptionUpdated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the
    last seen2020-06-01
    modified2020-06-02
    plugin id50802
    published2010-11-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50802
    titleCentOS 5 : cups (CESA-2010:0811)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0811 and 
    # CentOS Errata and Security Advisory 2010:0811 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50802);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:05");
    
      script_cve_id("CVE-2010-2431", "CVE-2010-2941");
      script_bugtraq_id(41131);
      script_xref(name:"RHSA", value:"2010:0811");
    
      script_name(english:"CentOS 5 : cups (CESA-2010:0811)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix two security issues are now available
    for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The Common UNIX Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems.
    
    A use-after-free flaw was found in the way the CUPS server parsed
    Internet Printing Protocol (IPP) packets. A malicious user able to
    send IPP requests to the CUPS server could use this flaw to crash the
    CUPS server or, potentially, execute arbitrary code with the
    privileges of the CUPS server. (CVE-2010-2941)
    
    A possible privilege escalation flaw was found in CUPS. An
    unprivileged process running as the 'lp' user (such as a compromised
    external filter program spawned by the CUPS server) could trick the
    CUPS server into overwriting arbitrary files as the root user.
    (CVE-2010-2431)
    
    Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for
    reporting the CVE-2010-2941 issue.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2010-November/017135.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d5306d6c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2010-November/017136.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?829fb63c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-lpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/11/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"cups-1.3.7-18.el5_5.8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"cups-devel-1.3.7-18.el5_5.8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"cups-libs-1.3.7-18.el5_5.8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"cups-lpd-1.3.7-18.el5_5.8")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar
    last seen2020-06-01
    modified2020-06-02
    plugin id50548
    published2010-11-10
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50548
    titleMac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(50548);
      script_version("1.52");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2008-4546",
        "CVE-2009-0796",
        "CVE-2009-0946",
        "CVE-2009-2473",
        "CVE-2009-2474",
        "CVE-2009-2624",
        "CVE-2009-3793",
        "CVE-2009-4134",
        "CVE-2010-0001",
        "CVE-2010-0105",
        "CVE-2010-0205",
        "CVE-2010-0209",
        "CVE-2010-0211",
        "CVE-2010-0212",
        "CVE-2010-0397",
        "CVE-2010-0408",
        "CVE-2010-0434",
        "CVE-2010-1205",
        "CVE-2010-1297",
        "CVE-2010-1378",
        "CVE-2010-1449",
        "CVE-2010-1450",
        "CVE-2010-1752",
        "CVE-2010-1803",
        "CVE-2010-1811",
        "CVE-2010-1828",
        "CVE-2010-1829",
        "CVE-2010-1830",
        "CVE-2010-1831",
        "CVE-2010-1832",
        "CVE-2010-1833",
        "CVE-2010-1834",
        "CVE-2010-1836",
        "CVE-2010-1837",
        "CVE-2010-1838",
        "CVE-2010-1840",
        "CVE-2010-1841",
        "CVE-2010-1842",
        "CVE-2010-1843",
        "CVE-2010-1844",
        "CVE-2010-1845",
        "CVE-2010-1846",
        "CVE-2010-1847",
        "CVE-2010-1848",
        "CVE-2010-1849",
        "CVE-2010-1850",
        "CVE-2010-2160",
        "CVE-2010-2161",
        "CVE-2010-2162",
        "CVE-2010-2163",
        "CVE-2010-2164",
        "CVE-2010-2165",
        "CVE-2010-2166",
        "CVE-2010-2167",
        "CVE-2010-2169",
        "CVE-2010-2170",
        "CVE-2010-2171",
        "CVE-2010-2172",
        "CVE-2010-2173",
        "CVE-2010-2174",
        "CVE-2010-2175",
        "CVE-2010-2176",
        "CVE-2010-2177",
        "CVE-2010-2178",
        "CVE-2010-2179",
        "CVE-2010-2180",
        "CVE-2010-2181",
        "CVE-2010-2182",
        "CVE-2010-2183",
        "CVE-2010-2184",
        "CVE-2010-2185",
        "CVE-2010-2186",
        "CVE-2010-2187",
        "CVE-2010-2188",
        "CVE-2010-2189",
        "CVE-2010-2213",
        "CVE-2010-2214",
        "CVE-2010-2215",
        "CVE-2010-2216",
        "CVE-2010-2249",
        "CVE-2010-2497",
        "CVE-2010-2498",
        "CVE-2010-2499",
        "CVE-2010-2500",
        "CVE-2010-2519",
        "CVE-2010-2520",
        "CVE-2010-2531",
        "CVE-2010-2805",
        "CVE-2010-2806",
        "CVE-2010-2807",
        "CVE-2010-2808",
        "CVE-2010-2884",
        "CVE-2010-2941",
        "CVE-2010-3053",
        "CVE-2010-3054",
        "CVE-2010-3636",
        "CVE-2010-3638",
        "CVE-2010-3639",
        "CVE-2010-3640",
        "CVE-2010-3641",
        "CVE-2010-3642",
        "CVE-2010-3643",
        "CVE-2010-3644",
        "CVE-2010-3645",
        "CVE-2010-3646",
        "CVE-2010-3647",
        "CVE-2010-3648",
        "CVE-2010-3649",
        "CVE-2010-3650",
        "CVE-2010-3652",
        "CVE-2010-3654",
        "CVE-2010-3783",
        "CVE-2010-3784",
        "CVE-2010-3785",
        "CVE-2010-3786",
        "CVE-2010-3787",
        "CVE-2010-3788",
        "CVE-2010-3789",
        "CVE-2010-3790",
        "CVE-2010-3791",
        "CVE-2010-3792",
        "CVE-2010-3793",
        "CVE-2010-3794",
        "CVE-2010-3795",
        "CVE-2010-3796",
        "CVE-2010-3797",
        "CVE-2010-3798",
        "CVE-2010-3976"
      );
      script_bugtraq_id(
        31537,
        34383,
        34550,
        36079,
        38478,
        38491,
        38494,
        38708,
        39658,
        40361,
        40363,
        40365,
        40586,
        40779,
        40780,
        40781,
        40782,
        40783,
        40784,
        40785,
        40786,
        40787,
        40788,
        40789,
        40790,
        40791,
        40792,
        40793,
        40794,
        40795,
        40796,
        40797,
        40798,
        40799,
        40800,
        40801,
        40802,
        40803,
        40805,
        40806,
        40807,
        40808,
        40809,
        41049,
        41174,
        41770,
        42285,
        42621,
        42624,
        44504,
        44530,
        44671,
        44784,
        44785,
        44787,
        44789,
        44790,
        44792,
        44794,
        44795,
        44796,
        44798,
        44799,
        44800,
        44802,
        44803,
        44804,
        44805,
        44806,
        44807,
        44808,
        44811,
        44812,
        44813,
        44814,
        44815,
        44816,
        44817,
        44819,
        44822,
        44828,
        44829,
        44831,
        44832,
        44833,
        44834,
        44835,
        44840
      );
    
      script_name(english:"Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities");
      script_summary(english:"Check the version of Mac OS X");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.6.x that is prior
    to 10.6.5.
    
    Mac OS X 10.6.5 contains security fixes for the following products :
    
      - AFP Server
      - Apache mod_perl
      - Apache
      - AppKit
      - ATS
      - CFNetwork
      - CoreGraphics
      - CoreText
      - CUPS
      - Directory Services
      - diskdev_cmds
      - Disk Images
      - Flash Player plug-in
      - gzip
      - Image Capture
      - ImageIO
      - Image RAW
      - Kernel
      - MySQL
      - neon
      - Networking
      - OpenLDAP
      - OpenSSL
      - Password Server
      - PHP
      - Printing
      - python
      - QuickLook
      - QuickTime
      - Safari RSS
      - Time Machine
      - Wiki Server
      - X11
      - xar"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT4435"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade to Mac OS X 10.6.5 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploithub_sku", value:"EH-11-164");
      script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player "Button" Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 79, 189, 200, 310, 399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/10");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
     
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
    
     exit(0);
    }
    
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item("Host/OS");
      if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing.");
      if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X.");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) exit(0, "The host does not appear to be running Mac OS X.");
    
    
    if (ereg(pattern:"Mac OS X 10\.6($|\.[0-4]([^0-9]|$))", string:os)) security_hole(0);
    else exit(0, "The host is not affected as it is running "+os+".");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_CUPS-101124.NASL
    descriptionThis updates fix several bugs, but only the security fixes are listed here : - CVE-2010-2941: CVSS v2 Base Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P): CWE-399 Special IPP requests allow to crashcupsd remotely. - CVE-2010-0542: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): CWE-264 A NULL pointer dereference exists in the _WriteProlog() function of the texttops image filter. - CVE-2010-1748: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N): CWE-119 An attacker with access to the web-interface may be able to read some bytes of uninitialized memory.
    last seen2020-06-01
    modified2020-06-02
    plugin id53654
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53654
    titleopenSUSE Security Update : cups (openSUSE-SU-2010:1018-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-17641.NASL
    descriptionThis update fixes a cupsd memory corruption vulnerability (CVE-2010-2941), as well as fixing a crash when the MIME database cannot be loaded for any reason. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50618
    published2010-11-17
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50618
    titleFedora 14 : cups-1.4.4-11.fc14 (2010-17641)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101110_CUPS_ON_SL6_X.NASL
    descriptionAn invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server. (CVE-2010-2941) After installing this update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id60888
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60888
    titleScientific Linux Security Update : cups on SL6.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0811.NASL
    descriptionUpdated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the
    last seen2020-06-01
    modified2020-06-02
    plugin id50407
    published2010-10-29
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50407
    titleRHEL 5 : cups (RHSA-2010:0811)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0811.NASL
    descriptionFrom Red Hat Security Advisory 2010:0811 : Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the
    last seen2020-06-01
    modified2020-06-02
    plugin id68130
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68130
    titleOracle Linux 5 : cups (ELSA-2010-0811)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0866.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server. (CVE-2010-2941) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id50638
    published2010-11-18
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50638
    titleRHEL 6 : cups (RHSA-2010:0866)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101028_CUPS_ON_SL5_X.NASL
    descriptionA use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the
    last seen2020-06-01
    modified2020-06-02
    plugin id60881
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60881
    titleScientific Linux Security Update : cups on SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-232.NASL
    descriptionMultiple vulnerabilities were discovered and corrected in cups : Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file (CVE-2010-0542). The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors (CVE-2010-1748). The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file (CVE-2010-2431). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50606
    published2010-11-16
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50606
    titleMandriva Linux Security Advisory : cups (MDVSA-2010:232)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-17615.NASL
    descriptionThis update fixes a cupsd memory corruption vulnerability (CVE-2010-2941), as well as fixing a crash when the MIME database cannot be loaded for any reason. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50684
    published2010-11-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50684
    titleFedora 13 : cups-1.4.4-11.fc13 (2010-17615)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_CUPS-101119.NASL
    descriptionThis updates fix several bugs, but only the security fixes are listed here : - Special IPP requests allow to crash cupsd remotely. (CVE-2010-2941: CVSS v2 Base Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P): CWE-399) - A NULL pointer dereference exists in the _WriteProlog() function of the texttops image filter. (CVE-2010-0542: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): CWE-264) - An attacker with access to the web-interface may be able to read some bytes of uninitialized memory. (CVE-2010-1748: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N): CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id50983
    published2010-12-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50983
    titleSuSE 11 / 11.1 Security Update : CUPS (SAT Patch Numbers 3575 / 3576)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_CUPS-101124.NASL
    descriptionThis updates fix several bugs, but only the security fixes are listed here : - CVE-2010-2941: CVSS v2 Base Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P): CWE-399 Special IPP requests allow to crashcupsd remotely. - CVE-2010-0542: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): CWE-264 A NULL pointer dereference exists in the _WriteProlog() function of the texttops image filter. - CVE-2010-1748: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N): CWE-119 An attacker with access to the web-interface may be able to read some bytes of uninitialized memory.
    last seen2020-06-01
    modified2020-06-02
    plugin id53703
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53703
    titleopenSUSE Security Update : cups (openSUSE-SU-2010:1018-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-333-01.NASL
    descriptionNew cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50832
    published2010-11-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50832
    titleSlackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : cups (SSA:2010-333-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1012-1.NASL
    descriptionEmmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol (IPP) packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by the CUPS AppArmor profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50490
    published2010-11-05
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50490
    titleUbuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : cups, cupsys vulnerability (USN-1012-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0866.NASL
    descriptionFrom Red Hat Security Advisory 2010:0866 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server. (CVE-2010-2941) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68140
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68140
    titleOracle Linux 6 : cups (ELSA-2010-0866)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-17627.NASL
    descriptionThis update fixes a cupsd memory corruption vulnerability (CVE-2010-2941). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50685
    published2010-11-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50685
    titleFedora 12 : cups-1.4.4-11.fc12 (2010-17627)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_CUPS-101124.NASL
    descriptionThis updates fix several bugs, but only the security fixes are listed here : - CVE-2010-2941: CVSS v2 Base Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P): CWE-399 Special IPP requests allow to crashcupsd remotely. - CVE-2010-0542: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): CWE-264 A NULL pointer dereference exists in the _WriteProlog() function of the texttops image filter. - CVE-2010-1748: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N): CWE-119 An attacker with access to the web-interface may be able to read some bytes of uninitialized memory.
    last seen2020-06-01
    modified2020-06-02
    plugin id75456
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75456
    titleopenSUSE Security Update : cups (openSUSE-SU-2010:1018-1)
  • NASL familyMisc.
    NASL idCUPS_1_4_5.NASL
    descriptionAccording to its banner, the version of CUPS installed on the remote host is prior to 1.4.5. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists due to improper allocation of memory for attribute values with invalid string data types. A remote attacker can exploit this, via a crafted IPP request, to cause a denial of service condition or the execution of arbitrary code. (CVE-2010-2941) - An overflow condition exists in the PPD compiler due to improper validation of user-supplied input. A remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id50844
    published2010-11-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50844
    titleCUPS < 1.4.5 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-233.NASL
    descriptionMultiple vulnerabilities were discovered and corrected in cups : Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50607
    published2010-11-16
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50607
    titleMandriva Linux Security Advisory : cups (MDVSA-2010:233)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201207-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201207-10 (CUPS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59902
    published2012-07-10
    reporterThis script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59902
    titleGLSA-201207-10 : CUPS: Multiple vulnerabilities

Redhat

advisories
  • bugzilla
    id624438
    titleCVE-2010-2941 cups: cupsd memory corruption vulnerability
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentcups-libs is earlier than 1:1.3.7-18.el5_5.8
            ovaloval:com.redhat.rhsa:tst:20100811001
          • commentcups-libs is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123013
        • AND
          • commentcups is earlier than 1:1.3.7-18.el5_5.8
            ovaloval:com.redhat.rhsa:tst:20100811003
          • commentcups is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123009
        • AND
          • commentcups-lpd is earlier than 1:1.3.7-18.el5_5.8
            ovaloval:com.redhat.rhsa:tst:20100811005
          • commentcups-lpd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123015
        • AND
          • commentcups-devel is earlier than 1:1.3.7-18.el5_5.8
            ovaloval:com.redhat.rhsa:tst:20100811007
          • commentcups-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123011
    rhsa
    idRHSA-2010:0811
    released2010-10-28
    severityImportant
    titleRHSA-2010:0811: cups security update (Important)
  • bugzilla
    id624438
    titleCVE-2010-2941 cups: cupsd memory corruption vulnerability
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentcups-devel is earlier than 1:1.4.2-35.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100866001
          • commentcups-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150386012
        • AND
          • commentcups-php is earlier than 1:1.4.2-35.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100866003
          • commentcups-php is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100866004
        • AND
          • commentcups-libs is earlier than 1:1.4.2-35.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100866005
          • commentcups-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150386006
        • AND
          • commentcups-lpd is earlier than 1:1.4.2-35.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100866007
          • commentcups-lpd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150386008
        • AND
          • commentcups is earlier than 1:1.4.2-35.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100866009
          • commentcups is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150386004
    rhsa
    idRHSA-2010:0866
    released2010-11-09
    severityImportant
    titleRHSA-2010:0866: cups security update (Important)
rpms
  • cups-1:1.3.7-18.el5_5.8
  • cups-debuginfo-1:1.3.7-18.el5_5.8
  • cups-devel-1:1.3.7-18.el5_5.8
  • cups-libs-1:1.3.7-18.el5_5.8
  • cups-lpd-1:1.3.7-18.el5_5.8
  • cups-1:1.4.2-35.el6_0.1
  • cups-debuginfo-1:1.4.2-35.el6_0.1
  • cups-devel-1:1.4.2-35.el6_0.1
  • cups-libs-1:1.4.2-35.el6_0.1
  • cups-lpd-1:1.4.2-35.el6_0.1
  • cups-php-1:1.4.2-35.el6_0.1

References