ID CVE-2007-4351
Summary Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:cups:cups:1.3.3
    cpe:2.3:a:cups:cups:1.3.3
CVSS
Base: 10.0 (as of 01-11-2007 - 22:28)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1023.NASL
    description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27836
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27836
    title RHEL 3 : cups (RHSA-2007:1023)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1023.NASL
    description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37449
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37449
    title CentOS 3 : cups (CESA-2007:1023)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071107_CUPS_ON_SL4_X.NASL
    description Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60286
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60286
    title Scientific Linux Security Update : cups on SL4.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1023.NASL
    description From Red Hat Security Advisory 2007:1023 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67600
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67600
    title Oracle Linux 3 : cups (ELSA-2007-1023)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1022.NASL
    description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 36860
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36860
    title RHEL 4 : cups (RHSA-2007:1022)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-009.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 29723
    published 2007-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29723
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-009)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2982.NASL
    description This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler, as well as several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 27822
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27822
    title Fedora 8 : cups-1.3.4-2.fc8 (2007-2982)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1022.NASL
    description From Red Hat Security Advisory 2007:1022 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67599
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67599
    title Oracle Linux 4 : cups (ELSA-2007-1022)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1022.NASL
    description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37428
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37428
    title CentOS 4 : cups (CESA-2007:1022)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CUPS-4598.NASL
    description A missing length check in the IPP implementation of cups could lead to a buffer overflow. Attackers could exploit that to potentially execute arbitrary code with root privileges (CVE-2007-4351).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 27605
    published 2007-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27605
    title openSUSE 10 Security Update : cups (cups-4598)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-539-1.NASL
    description Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28146
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28146
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerability (USN-539-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071031_CUPS_ON_SL5_X.NASL
    description A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) In addition, the following bugs were fixed : - the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. - the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. - a bug has been fixed in the handling of the If-Modified-Since: HTTP header. - in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. - an access check in the LSPP configuration has been made more secure. - the cups-lpd service no longer ignores the '-odocument-format=...' option. - a memory allocation bug has been fixed in cupsd. - support for UNIX domain sockets authentication without passwords has been added. - in the LSPP configuration, a problem that could lead to cupsd crashing has been fixed. - the error handling in the initscript has been improved. - The job-originating-host-name attribute was not correctly set for jobs submitted via the cups-lpd service. This has been fixed. - a problem with parsing IPv6 addresses in the configuration file has been fixed. - a problem that could lead to cupsd crashing when it failed to open a 'file:' URI has been fixed.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60279
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60279
    title Scientific Linux Security Update : cups on SL5.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1407.NASL
    description Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code. The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 28253
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28253
    title Debian DSA-1407-1 : cupsys - buffer overflow
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1020.NASL
    description Updated CUPS packages that fix a security issue in the Internet Printing Protocol (IPP) handling and correct some bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) Red Hat would like to thank Alin Rad Pop for reporting this issue. All CUPS users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. In addition, the following bugs were fixed : * the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. * the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. * a bug has been fixed in the handling of the If-Modified-Since: HTTP header. * in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. * an access check in the LSPP configuration has been made more secure. * the cups-lpd service no longer ignores the '-odocument-format=...' option. * a memory allocation bug has been fixed in cupsd. * support for UNIX domain sockets authentication without passwords has been added. * in the LSPP configuration, a problem that could lead to cupsd crashing has been fixed. * the error handling in the initscript has been improved. * The job-originating-host-name attribute was not correctly set for jobs submitted via the cups-lpd service. This has been fixed. * a problem with parsing IPv6 addresses in the configuration file has been fixed. * a problem that could lead to cupsd crashing when it failed to open a 'file:' URI has been fixed.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43660
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43660
    title CentOS 5 : cups (CESA-2007:1020)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-204.NASL
    description Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS that can be exploited by malicious individuals to execute arbitrary code. This flaw is due to a boundary error when processing IPP (Internet Printing Protocol) tags. Update : Due to incorrect build requirements/conflicts, the cups-config in Mandriva Linux 2008.0 was displaying the full CFLAGS and libs instead of just the libraries when 'cups-config --libs' was invoked. This update corrects the cups-config behaviour.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27615
    published 2007-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27615
    title Mandrake Linux Security Advisory : cups (MDKSA-2007:204-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-16 (CUPS: Memory corruption) Alin Rad Pop (Secunia Research) discovered an off-by-one error in the ippReadIO() function when handling Internet Printing Protocol (IPP) tags that might allow to overwrite one byte on the stack. Impact : A local attacker could send a specially crafted IPP request containing 'textWithLanguage' or 'nameWithLanguage' tags, leading to a Denial of Service or the execution of arbitrary code with the privileges of the 'lp' user. If CUPS is configured to allow network printing, this vulnerability might be remotely exploitable. Workaround : To avoid remote exploitation, network access to CUPS servers on port 631/udp should be restricted. In order to do this, update the 'Listen' setting in cupsd.conf to 'Listen localhost:631' or add a rule to the system's firewall. However, this will not avoid local users from exploiting this vulnerability.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 28199
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28199
    title GLSA-200711-16 : CUPS: Memory corruption
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8DD9722C8E9711DCB8F6001C2514716C.NASL
    description Secunia reports : Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the 'ippReadIO()' function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags. This can be exploited to overwrite one byte on the stack with a zero by sending an IPP request containing specially crafted 'textWithLanguage' or 'nameWithLanguage' tags. Successful exploitation allows execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 27845
    published 2007-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27845
    title FreeBSD : cups -- off-by-one buffer overflow (8dd9722c-8e97-11dc-b8f6-001c2514716c)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2715.NASL
    description This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27797
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27797
    title Fedora 7 : cups-1.2.12-6.fc7 (2007-2715)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1020.NASL
    description From Red Hat Security Advisory 2007:1020 : Updated CUPS packages that fix a security issue in the Internet Printing Protocol (IPP) handling and correct some bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) Red Hat would like to thank Alin Rad Pop for reporting this issue. All CUPS users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. In addition, the following bugs were fixed : * the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. * the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. * a bug has been fixed in the handling of the If-Modified-Since: HTTP header. * in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. * an access check in the LSPP configuration has been made more secure. * the cups-lpd service no longer ignores the '-odocument-format=...' option. * a memory allocation bug has been fixed in cupsd. * support for UNIX domain sockets authentication without passwords has been added. * in the LSPP configuration, a problem that could lead to cupsd crashing has been fixed. * the error handling in the initscript has been improved. * The job-originating-host-name attribute was not correctly set for jobs submitted via the cups-lpd service. This has been fixed. * a problem with parsing IPv6 addresses in the configuration file has been fixed. * a problem that could lead to cupsd crashing when it failed to open a 'file:' URI has been fixed.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67598
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67598
    title Oracle Linux 5 : cups (ELSA-2007-1020)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-305-01.NASL
    description CUPS was found to contain errors in ipp.c which could allow a remote attacker to crash CUPS, resulting in a denial of service. If you use CUPS, it is recommended to update to the latest package for your version of Slackware. The latest cups package is available for Slackware -current, and patched packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 that fix the problems.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 27609
    published 2007-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27609
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : cups (SSA:2007-305-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1020.NASL
    description Updated CUPS packages that fix a security issue in the Internet Printing Protocol (IPP) handling and correct some bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) Red Hat would like to thank Alin Rad Pop for reporting this issue. All CUPS users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. In addition, the following bugs were fixed : * the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. * the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. * a bug has been fixed in the handling of the If-Modified-Since: HTTP header. * in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. * an access check in the LSPP configuration has been made more secure. * the cups-lpd service no longer ignores the '-odocument-format=...' option. * a memory allocation bug has been fixed in cupsd. * support for UNIX domain sockets authentication without passwords has been added. * in the LSPP configuration, a problem that could lead to cupsd crashing has been fixed. * the error handling in the initscript has been improved. * The job-originating-host-name attribute was not correctly set for jobs submitted via the cups-lpd service. This has been fixed. * a problem with parsing IPv6 addresses in the configuration file has been fixed. * a problem that could lead to cupsd crashing when it failed to open a 'file:' URI has been fixed.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27602
    published 2007-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27602
    title RHEL 5 : cups (RHSA-2007:1020)
  • NASL family Misc.
    NASL id CUPS_IPP_TAG_OVERFLOW.NASL
    description According to its banner, the version of CUPS installed on the remote host fails to check the text-length field in the 'ippReadIO()' function in 'cups/ipp.c'. Using a specially crafted request with an IPP (Internet Printing Protocol) tag such as 'textWithLanguage' or 'nameWithLanguage' and an overly large text-length value, a remote attacker may be able to leverage this issue to execute arbitrary code on the affected system.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 27608
    published 2007-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27608
    title CUPS cups/ipp.c ippReadIO Function IPP Tag Handling Overflow
oval via4
accepted 2013-04-29T04:07:02.297-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
family unix
id oval:org.mitre.oval:def:10604
status accepted
submitted 2010-07-09T03:56:16-04:00
title Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
version 24
redhat via4
advisories
  • bugzilla
    id 345091
    title CVE-2007-4351 cups boundary error
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment cups is earlier than 1:1.2.4-11.14.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071020002
        • comment cups is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123014
      • AND
        • comment cups-devel is earlier than 1:1.2.4-11.14.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071020008
        • comment cups-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123020
      • AND
        • comment cups-libs is earlier than 1:1.2.4-11.14.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071020004
        • comment cups-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123018
      • AND
        • comment cups-lpd is earlier than 1:1.2.4-11.14.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071020006
        • comment cups-lpd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123016
    rhsa
    id RHSA-2007:1020
    released 2007-10-31
    severity Important
    title RHSA-2007:1020: cups security and bug fix update (Important)
  • rhsa
    id RHSA-2007:1022
  • rhsa
    id RHSA-2007:1023
rpms
  • cups-1:1.2.4-11.14.el5_1.1
  • cups-devel-1:1.2.4-11.14.el5_1.1
  • cups-libs-1:1.2.4-11.14.el5_1.1
  • cups-lpd-1:1.2.4-11.14.el5_1.1
  • cups-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-devel-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-libs-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-1:1.1.17-13.3.46
  • cups-devel-1:1.1.17-13.3.46
  • cups-libs-1:1.1.17-13.3.46
refmap via4
apple APPLE-SA-2007-12-17
bid 26268
cert TA07-352A
cert-vn VU#446897
cisco 20080625 Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability
confirm
debian DSA-1407
fedora FEDORA-2007-2715
gentoo GLSA-200711-16
mandriva MDKSA-2007:204
misc http://secunia.com/secunia_research/2007-76/advisory/
sectrack 1018879
secunia
  • 27233
  • 27410
  • 27445
  • 27447
  • 27474
  • 27494
  • 27499
  • 27540
  • 27577
  • 27604
  • 27712
  • 28136
  • 30847
slackware SSA:2007-305-01
suse SUSE-SA:2007:058
ubuntu USN-539-1
vupen
  • ADV-2007-3681
  • ADV-2007-4238
  • ADV-2008-1934
xf cups-ippreadio-bo(38190)
statements via4
contributor Mark J Cox
lastmodified 2007-11-09
organization Red Hat
statement Vulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5. This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Updates are available from https://rhn.redhat.com/cve/CVE-2007-4351.html
Last major update 07-03-2011 - 21:58
Published 31-10-2007 - 18:46
Last modified 03-10-2018 - 17:47
Back to Top