ID CVE-2010-2941
Summary ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
References
Vulnerable Configurations
  • Apple CUPS 1.4 B1
    cpe:2.3:a:apple:cups:1.4:b1
  • Apple CUPS 1.4 B2
    cpe:2.3:a:apple:cups:1.4:b2
  • Apple CUPS 1.4 B3
    cpe:2.3:a:apple:cups:1.4:b3
  • Apple CUPS 1.4 release candidate 1
    cpe:2.3:a:apple:cups:1.4:rc1
  • Apple CUPS 1.4.0
    cpe:2.3:a:apple:cups:1.4.0
  • Apple CUPS 1.4.1
    cpe:2.3:a:apple:cups:1.4.1
  • Apple CUPS 1.4.2
    cpe:2.3:a:apple:cups:1.4.2
  • Apple CUPS 1.4.3
    cpe:2.3:a:apple:cups:1.4.3
  • Apple CUPS 1.4.4
    cpe:2.3:a:apple:cups:1.4.4
  • Apple CUPS 1.3.6
    cpe:2.3:a:apple:cups:1.3.6
  • Apple CUPS 1.1
    cpe:2.3:a:apple:cups:1.1
  • Apple CUPS 1.1.1
    cpe:2.3:a:apple:cups:1.1.1
  • Apple CUPS 1.1.5-1
    cpe:2.3:a:apple:cups:1.1.5-1
  • Apple CUPS 1.1.5-2
    cpe:2.3:a:apple:cups:1.1.5-2
  • Apple CUPS 1.1.6
    cpe:2.3:a:apple:cups:1.1.6
  • Apple CUPS 1.1.6-1
    cpe:2.3:a:apple:cups:1.1.6-1
  • Apple CUPS 1.1.2
    cpe:2.3:a:apple:cups:1.1.2
  • Apple CUPS 1.1.3
    cpe:2.3:a:apple:cups:1.1.3
  • Apple CUPS 1.1.4
    cpe:2.3:a:apple:cups:1.1.4
  • Apple CUPS 1.1.5
    cpe:2.3:a:apple:cups:1.1.5
  • Apple CUPS 1.1.9
    cpe:2.3:a:apple:cups:1.1.9
  • Apple CUPS 1.1.9-1
    cpe:2.3:a:apple:cups:1.1.9-1
  • Apple CUPS 1.1.10-1
    cpe:2.3:a:apple:cups:1.1.10-1
  • Apple CUPS 1.1.10
    cpe:2.3:a:apple:cups:1.1.10
  • Apple CUPS 1.1.6-3
    cpe:2.3:a:apple:cups:1.1.6-3
  • Apple CUPS 1.1.6-2
    cpe:2.3:a:apple:cups:1.1.6-2
  • Apple CUPS 1.1.8
    cpe:2.3:a:apple:cups:1.1.8
  • Apple CUPS 1.1.7
    cpe:2.3:a:apple:cups:1.1.7
  • Apple CUPS 1.1.16
    cpe:2.3:a:apple:cups:1.1.16
  • Apple CUPS 1.1.15
    cpe:2.3:a:apple:cups:1.1.15
  • Apple CUPS 1.18
    cpe:2.3:a:apple:cups:1.1.18
  • Apple CUPS 1.1.17
    cpe:2.3:a:apple:cups:1.1.17
  • Apple CUPS 1.1.12
    cpe:2.3:a:apple:cups:1.1.12
  • Apple CUPS 1.1.11
    cpe:2.3:a:apple:cups:1.1.11
  • Apple CUPS 1.1.14
    cpe:2.3:a:apple:cups:1.1.14
  • Apple CUPS 1.1.13
    cpe:2.3:a:apple:cups:1.1.13
  • Apple CUPS 1.1.19 release candidate 2
    cpe:2.3:a:apple:cups:1.1.19:rc2
  • Apple CUPS 1.1.19 release candidate 3
    cpe:2.3:a:apple:cups:1.1.19:rc3
  • Apple CUPS 1.1.19
    cpe:2.3:a:apple:cups:1.1.19
  • Apple CUPS 1.1.19 release candidate 1
    cpe:2.3:a:apple:cups:1.1.19:rc1
  • Apple CUPS 1.1.20
    cpe:2.3:a:apple:cups:1.1.20
  • Apple CUPS 1.1.20 release candidate 1
    cpe:2.3:a:apple:cups:1.1.20:rc1
  • Apple CUPS 1.1.19 release candidate 4
    cpe:2.3:a:apple:cups:1.1.19:rc4
  • Apple CUPS 1.1.19 release candidate 5
    cpe:2.3:a:apple:cups:1.1.19:rc5
  • Apple CUPS 1.1.20 release candidate 4
    cpe:2.3:a:apple:cups:1.1.20:rc4
  • Apple CUPS 1.1.20 release candidate 5
    cpe:2.3:a:apple:cups:1.1.20:rc5
  • Apple CUPS 1.1.20 release candidate 2
    cpe:2.3:a:apple:cups:1.1.20:rc2
  • Apple CUPS 1.1.20 release candidate 3
    cpe:2.3:a:apple:cups:1.1.20:rc3
  • Apple CUPS 1.1.21 release candidate 1
    cpe:2.3:a:apple:cups:1.1.21:rc1
  • Apple CUPS 1.1.21
    cpe:2.3:a:apple:cups:1.1.21
  • Apple CUPS 1.1.20 release candidate 6
    cpe:2.3:a:apple:cups:1.1.20:rc6
  • Apple CUPS 1.1.21 release candidate 2
    cpe:2.3:a:apple:cups:1.1.21:rc2
  • Apple CUPS 1.1.23 release candidate 1
    cpe:2.3:a:apple:cups:1.1.23:rc1
  • Apple CUPS 1.1.22
    cpe:2.3:a:apple:cups:1.1.22
  • Apple CUPS 1.1.22 release candidate 2
    cpe:2.3:a:apple:cups:1.1.22:rc2
  • Apple CUPS 1.1.22 release candidate 1
    cpe:2.3:a:apple:cups:1.1.22:rc1
  • Apple CUPS 1.2 release candidate 1
    cpe:2.3:a:apple:cups:1.2:rc1
  • Apple CUPS 1.2 b2
    cpe:2.3:a:apple:cups:1.2:b2
  • Apple CUPS 1.2 b1
    cpe:2.3:a:apple:cups:1.2:b1
  • Apple CUPS 1.1.23
    cpe:2.3:a:apple:cups:1.1.23
  • Apple CUPS 1.2.1
    cpe:2.3:a:apple:cups:1.2.1
  • Apple CUPS 1.2.0
    cpe:2.3:a:apple:cups:1.2.0
  • Apple CUPS 1.2 release candidate 3
    cpe:2.3:a:apple:cups:1.2:rc3
  • Apple CUPS 1.2 release candidate 2
    cpe:2.3:a:apple:cups:1.2:rc2
  • Apple CUPS 1.2.5
    cpe:2.3:a:apple:cups:1.2.5
  • Apple CUPS 1.2.4
    cpe:2.3:a:apple:cups:1.2.4
  • Apple CUPS 1.2.3
    cpe:2.3:a:apple:cups:1.2.3
  • Apple CUPS 1.2.2
    cpe:2.3:a:apple:cups:1.2.2
  • Apple CUPS 1.2.6
    cpe:2.3:a:apple:cups:1.2.6
  • Apple CUPS 1.3.9
    cpe:2.3:a:apple:cups:1.3.9
  • Apple CUPS 1.2.7
    cpe:2.3:a:apple:cups:1.2.7
  • Apple CUPS 1.2.8
    cpe:2.3:a:apple:cups:1.2.8
  • Apple CUPS 1.2.9
    cpe:2.3:a:apple:cups:1.2.9
  • Apple CUPS 1.2.10
    cpe:2.3:a:apple:cups:1.2.10
  • Apple CUPS 1.2.11
    cpe:2.3:a:apple:cups:1.2.11
  • Apple CUPS 1.2.12
    cpe:2.3:a:apple:cups:1.2.12
  • Apple CUPS 1.3 b1
    cpe:2.3:a:apple:cups:1.3:b1
  • Apple CUPS 1.3 release candidate 1
    cpe:2.3:a:apple:cups:1.3:rc1
  • Apple CUPS 1.3 release candidate 2
    cpe:2.3:a:apple:cups:1.3:rc2
  • Apple CUPS 1.3.0
    cpe:2.3:a:apple:cups:1.3.0
  • Apple CUPS 1.3.1
    cpe:2.3:a:apple:cups:1.3.1
  • Apple CUPS 1.3.11
    cpe:2.3:a:apple:cups:1.3.11
  • Apple CUPS 1.3.2
    cpe:2.3:a:apple:cups:1.3.2
  • Apple CUPS 1.3.3
    cpe:2.3:a:apple:cups:1.3.3
  • Apple CUPS 1.3.4
    cpe:2.3:a:apple:cups:1.3.4
  • Apple CUPS 1.3.5
    cpe:2.3:a:apple:cups:1.3.5
  • Apple CUPS 1.3.8
    cpe:2.3:a:apple:cups:1.3.8
  • Apple CUPS 1.3.7
    cpe:2.3:a:apple:cups:1.3.7
  • Apple CUPS 1.3.10
    cpe:2.3:a:apple:cups:1.3.10
CVSS
Base: 7.9 (as of 05-11-2010 - 15:17)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0811.NASL
    description From Red Hat Security Advisory 2010:0811 : Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the 'lp' user (such as a compromised external filter program spawned by the CUPS server) could trick the CUPS server into overwriting arbitrary files as the root user. (CVE-2010-2431) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting the CVE-2010-2941 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68130
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68130
    title Oracle Linux 5 : cups (ELSA-2010-0811)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_5.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 50548
    published 2010-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50548
    title Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-17641.NASL
    description This update fixes a cupsd memory corruption vulnerability (CVE-2010-2941), as well as fixing a crash when the MIME database cannot be loaded for any reason. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 50618
    published 2010-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50618
    title Fedora 14 : cups-1.4.4-11.fc14 (2010-17641)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-232.NASL
    description Multiple vulnerabilities were discovered and corrected in cups : Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file (CVE-2010-0542). The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors (CVE-2010-1748). The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file (CVE-2010-2431). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 50606
    published 2010-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50606
    title Mandriva Linux Security Advisory : cups (MDVSA-2010:232)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_CUPS-101124.NASL
    description This updates fix several bugs, but only the security fixes are listed here : - CVE-2010-2941: CVSS v2 Base Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P): CWE-399 Special IPP requests allow to crashcupsd remotely. - CVE-2010-0542: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): CWE-264 A NULL pointer dereference exists in the _WriteProlog() function of the texttops image filter. - CVE-2010-1748: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N): CWE-119 An attacker with access to the web-interface may be able to read some bytes of uninitialized memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53654
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53654
    title openSUSE Security Update : cups (openSUSE-SU-2010:1018-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101110_CUPS_ON_SL6_X.NASL
    description An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server. (CVE-2010-2941) After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60888
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60888
    title Scientific Linux Security Update : cups on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0866.NASL
    description Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server. (CVE-2010-2941) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50638
    published 2010-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50638
    title RHEL 6 : cups (RHSA-2010:0866)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-233.NASL
    description Multiple vulnerabilities were discovered and corrected in cups : Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 50607
    published 2010-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50607
    title Mandriva Linux Security Advisory : cups (MDVSA-2010:233)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0811.NASL
    description Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the 'lp' user (such as a compromised external filter program spawned by the CUPS server) could trick the CUPS server into overwriting arbitrary files as the root user. (CVE-2010-2431) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting the CVE-2010-2941 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 50802
    published 2010-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50802
    title CentOS 5 : cups (CESA-2010:0811)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2010-007.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 50549
    published 2010-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50549
    title Mac OS X Multiple Vulnerabilities (Security Update 2010-007)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2176.NASL
    description Several vulnerabilities have been discovered in the Common UNIX Printing System : - CVE-2008-5183 A NULL pointer dereference in RSS job completion notifications could lead to denial of service. - CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. - CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. - CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. - CVE-2010-1748 Information disclosure in the web interface. - CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. - CVE-2010-2432 Denial of service in the authentication code. - CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 52484
    published 2011-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52484
    title Debian DSA-2176-1 : cups - several vulnerabilities
  • NASL family Misc.
    NASL id CUPS_1_4_5.NASL
    description According to its banner, the version of CUPS installed on the remote host is prior to 1.4.5. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists due to improper allocation of memory for attribute values with invalid string data types. A remote attacker can exploit this, via a crafted IPP request, to cause a denial of service condition or the execution of arbitrary code. (CVE-2010-2941) - An overflow condition exists in the PPD compiler due to improper validation of user-supplied input. A remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 50844
    published 2010-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50844
    title CUPS < 1.4.5 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1012-1.NASL
    description Emmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol (IPP) packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by the CUPS AppArmor profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 50490
    published 2010-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50490
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : cups, cupsys vulnerability (USN-1012-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-17615.NASL
    description This update fixes a cupsd memory corruption vulnerability (CVE-2010-2941), as well as fixing a crash when the MIME database cannot be loaded for any reason. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 50684
    published 2010-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50684
    title Fedora 13 : cups-1.4.4-11.fc13 (2010-17615)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2010-333-01.NASL
    description New cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2016-05-12
    plugin id 50832
    published 2010-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50832
    title Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : cups (SSA:2010-333-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_CUPS-101124.NASL
    description This updates fix several bugs, but only the security fixes are listed here : - CVE-2010-2941: CVSS v2 Base Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P): CWE-399 Special IPP requests allow to crashcupsd remotely. - CVE-2010-0542: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): CWE-264 A NULL pointer dereference exists in the _WriteProlog() function of the texttops image filter. - CVE-2010-1748: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N): CWE-119 An attacker with access to the web-interface may be able to read some bytes of uninitialized memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53703
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53703
    title openSUSE Security Update : cups (openSUSE-SU-2010:1018-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201207-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201207-10 (CUPS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 59902
    published 2012-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59902
    title GLSA-201207-10 : CUPS: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_CUPS-101124.NASL
    description This updates fix several bugs, but only the security fixes are listed here : - CVE-2010-2941: CVSS v2 Base Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P): CWE-399 Special IPP requests allow to crashcupsd remotely. - CVE-2010-0542: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): CWE-264 A NULL pointer dereference exists in the _WriteProlog() function of the texttops image filter. - CVE-2010-1748: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N): CWE-119 An attacker with access to the web-interface may be able to read some bytes of uninitialized memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75456
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75456
    title openSUSE Security Update : cups (openSUSE-SU-2010:1018-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-17627.NASL
    description This update fixes a cupsd memory corruption vulnerability (CVE-2010-2941). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 50685
    published 2010-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50685
    title Fedora 12 : cups-1.4.4-11.fc12 (2010-17627)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0866.NASL
    description From Red Hat Security Advisory 2010:0866 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server. (CVE-2010-2941) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 68140
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68140
    title Oracle Linux 6 : cups (ELSA-2010-0866)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0811.NASL
    description Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the 'lp' user (such as a compromised external filter program spawned by the CUPS server) could trick the CUPS server into overwriting arbitrary files as the root user. (CVE-2010-2431) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting the CVE-2010-2941 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50407
    published 2010-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50407
    title RHEL 5 : cups (RHSA-2010:0811)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101028_CUPS_ON_SL5_X.NASL
    description A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the 'lp' user (such as a compromised external filter program spawned by the CUPS server) could trick the CUPS server into overwriting arbitrary files as the root user. (CVE-2010-2431) After installing this update, the cupsd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60881
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60881
    title Scientific Linux Security Update : cups on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CUPS-101119.NASL
    description This updates fix several bugs, but only the security fixes are listed here : - Special IPP requests allow to crash cupsd remotely. (CVE-2010-2941: CVSS v2 Base Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P): CWE-399) - A NULL pointer dereference exists in the _WriteProlog() function of the texttops image filter. (CVE-2010-0542: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): CWE-264) - An attacker with access to the web-interface may be able to read some bytes of uninitialized memory. (CVE-2010-1748: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N): CWE-119)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 50983
    published 2010-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50983
    title SuSE 11 / 11.1 Security Update : CUPS (SAT Patch Numbers 3575 / 3576)
redhat via4
advisories
  • bugzilla
    id 624438
    title CVE-2010-2941 cups: cupsd memory corruption vulnerability
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment cups is earlier than 1:1.3.7-18.el5_5.8
          oval oval:com.redhat.rhsa:tst:20100811002
        • comment cups is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123014
      • AND
        • comment cups-devel is earlier than 1:1.3.7-18.el5_5.8
          oval oval:com.redhat.rhsa:tst:20100811004
        • comment cups-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123020
      • AND
        • comment cups-libs is earlier than 1:1.3.7-18.el5_5.8
          oval oval:com.redhat.rhsa:tst:20100811006
        • comment cups-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123018
      • AND
        • comment cups-lpd is earlier than 1:1.3.7-18.el5_5.8
          oval oval:com.redhat.rhsa:tst:20100811008
        • comment cups-lpd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123016
    rhsa
    id RHSA-2010:0811
    released 2010-10-28
    severity Important
    title RHSA-2010:0811: cups security update (Important)
  • bugzilla
    id 624438
    title CVE-2010-2941 cups: cupsd memory corruption vulnerability
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment cups is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866005
        • comment cups is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150386006
      • AND
        • comment cups-devel is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866007
        • comment cups-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150386014
      • AND
        • comment cups-libs is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866013
        • comment cups-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150386008
      • AND
        • comment cups-lpd is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866009
        • comment cups-lpd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150386012
      • AND
        • comment cups-php is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866011
        • comment cups-php is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100866012
    rhsa
    id RHSA-2010:0866
    released 2010-11-10
    severity Important
    title RHSA-2010:0866: cups security update (Important)
rpms
  • cups-1:1.3.7-18.el5_5.8
  • cups-devel-1:1.3.7-18.el5_5.8
  • cups-libs-1:1.3.7-18.el5_5.8
  • cups-lpd-1:1.3.7-18.el5_5.8
  • cups-1:1.4.2-35.el6_0.1
  • cups-devel-1:1.4.2-35.el6_0.1
  • cups-libs-1:1.4.2-35.el6_0.1
  • cups-lpd-1:1.4.2-35.el6_0.1
  • cups-php-1:1.4.2-35.el6_0.1
refmap via4
apple APPLE-SA-2010-11-10-1
bid 44530
confirm
debian DSA-2176
fedora
  • FEDORA-2010-17615
  • FEDORA-2010-17627
  • FEDORA-2010-17641
gentoo GLSA-201207-10
mandriva
  • MDVSA-2010:232
  • MDVSA-2010:233
  • MDVSA-2010:234
osvdb 68951
sectrack 1024662
secunia
  • 42287
  • 42867
  • 43521
slackware SSA:2010-333-01
suse SUSE-SR:2010:023
ubuntu USN-1012-1
vupen
  • ADV-2010-2856
  • ADV-2010-3042
  • ADV-2010-3088
  • ADV-2011-0061
  • ADV-2011-0535
xf cups-cupsd-code-execution(62882)
Last major update 14-05-2013 - 23:11
Published 05-11-2010 - 13:00
Last modified 16-08-2017 - 21:32
Back to Top