ID CVE-2008-0597
Summary Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:desktop:3.0
    cpe:2.3:o:redhat:desktop:3.0
  • cpe:2.3:o:redhat:desktop:4.0
    cpe:2.3:o:redhat:desktop:4.0
  • cpe:2.3:o:redhat:enterprise_linux:as_3
    cpe:2.3:o:redhat:enterprise_linux:as_3
  • cpe:2.3:o:redhat:enterprise_linux:as_4
    cpe:2.3:o:redhat:enterprise_linux:as_4
  • cpe:2.3:o:redhat:enterprise_linux:es_3
    cpe:2.3:o:redhat:enterprise_linux:es_3
  • cpe:2.3:o:redhat:enterprise_linux:es_4
    cpe:2.3:o:redhat:enterprise_linux:es_4
  • cpe:2.3:o:redhat:enterprise_linux:ws_3
    cpe:2.3:o:redhat:enterprise_linux:ws_3
  • cpe:2.3:o:redhat:enterprise_linux:ws_4
    cpe:2.3:o:redhat:enterprise_linux:ws_4
  • cpe:2.3:a:easy_software_products:cups:1.1.17
    cpe:2.3:a:easy_software_products:cups:1.1.17
  • cpe:2.3:a:easy_software_products:cups:1.1.22
    cpe:2.3:a:easy_software_products:cups:1.1.22
CVSS
Base: 5.0 (as of 26-02-2008 - 11:19)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0161.NASL
    description Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31293
    published 2008-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31293
    title CentOS 4 : cups (CESA-2008:0161)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CUPS-5063.NASL
    description This update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too. (CVE-2008-0596 / CVE-2008-0597)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 31393
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31393
    title SuSE 10 Security Update : cups (ZYPP Patch Number 5063)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12099.NASL
    description This update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too. (CVE-2008-0596, CVE-2008-0597)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41201
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41201
    title SuSE9 Security Update : cups (YOU Patch Number 12099)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0153.NASL
    description Updated cups packages that fixes two security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 3. Note that the default configuration of CUPS on Red Hat Enterprise Linux 3 allow requests of this type only from the local subnet. In addition, these updated cups packages fix a bug that occurred when using the CUPS polling daemon. Excessive debugging log information was saved to the error_log file regardless of the LogLevel setting, which filled up disk space rapidly. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31168
    published 2008-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31168
    title CentOS 3 / 4 : cups (CESA-2008:0153)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-051.NASL
    description A flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37194
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37194
    title Mandriva Linux Security Advisory : cups (MDVSA-2008:051)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080225_CUPS_ON_SL3_X.NASL
    description SL 3 and SL 4 only A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) SL 5 only A flaw was found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash. (CVE-2008-0882)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60364
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60364
    title Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CUPS-5064.NASL
    description This update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too (CVE-2008-0596, CVE-2008-0597).
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 31394
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31394
    title openSUSE 10 Security Update : cups (cups-5064)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0161.NASL
    description Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 31186
    published 2008-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31186
    title RHEL 4 : cups (RHSA-2008:0161)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0161.NASL
    description From Red Hat Security Advisory 2008:0161 : Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67663
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67663
    title Oracle Linux 4 : cups (ELSA-2008-0161)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0153.NASL
    description Updated cups packages that fixes two security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 3. Note that the default configuration of CUPS on Red Hat Enterprise Linux 3 allow requests of this type only from the local subnet. In addition, these updated cups packages fix a bug that occurred when using the CUPS polling daemon. Excessive debugging log information was saved to the error_log file regardless of the LogLevel setting, which filled up disk space rapidly. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 31185
    published 2008-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31185
    title RHEL 3 : cups (RHSA-2008:0153)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0153.NASL
    description From Red Hat Security Advisory 2008:0153 : Updated cups packages that fixes two security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 3. Note that the default configuration of CUPS on Red Hat Enterprise Linux 3 allow requests of this type only from the local subnet. In addition, these updated cups packages fix a bug that occurred when using the CUPS polling daemon. Excessive debugging log information was saved to the error_log file regardless of the LogLevel setting, which filled up disk space rapidly. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67658
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67658
    title Oracle Linux 3 : cups (ELSA-2008-0153)
oval via4
accepted 2013-04-29T04:19:45.174-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
family unix
id oval:org.mitre.oval:def:9492
status accepted
submitted 2010-07-09T03:56:16-04:00
title Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
version 24
redhat via4
advisories
  • bugzilla
    id 433847
    title CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment cups is earlier than 1:1.1.17-13.3.51
          oval oval:com.redhat.rhsa:tst:20080153002
        • comment cups is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070123003
      • AND
        • comment cups-devel is earlier than 1:1.1.17-13.3.51
          oval oval:com.redhat.rhsa:tst:20080153004
        • comment cups-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070123007
      • AND
        • comment cups-libs is earlier than 1:1.1.17-13.3.51
          oval oval:com.redhat.rhsa:tst:20080153006
        • comment cups-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070123005
    rhsa
    id RHSA-2008:0153
    released 2008-02-25
    severity Important
    title RHSA-2008:0153: cups security update (Important)
  • bugzilla
    id 433847
    title CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment cups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080161002
        • comment cups is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070123003
      • AND
        • comment cups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080161004
        • comment cups-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070123007
      • AND
        • comment cups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080161006
        • comment cups-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070123005
    rhsa
    id RHSA-2008:0161
    released 2008-02-25
    severity Important
    title RHSA-2008:0161: cups security update (Important)
rpms
  • cups-1:1.1.17-13.3.51
  • cups-devel-1:1.1.17-13.3.51
  • cups-libs-1:1.1.17-13.3.51
  • cups-1:1.1.22-0.rc1.9.20.2.el4_6.5
  • cups-devel-1:1.1.22-0.rc1.9.20.2.el4_6.5
  • cups-libs-1:1.1.22-0.rc1.9.20.2.el4_6.5
refmap via4
bid 27988
bugtraq 20080229 rPSA-2008-0091-1 cups
confirm
mandriva MDVSA-2008:050
sectrack 1019497
secunia
  • 29087
  • 29189
  • 29251
suse SUSE-SA:2008:012
xf cups-ippbrowse-useafterfree-dos(40845)
Last major update 21-08-2010 - 01:16
Published 25-02-2008 - 19:44
Last modified 15-10-2018 - 18:01
Back to Top