ID CVE-2007-4351
Summary Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:cups:cups:-:*:*:*:*:*:*:*
    cpe:2.3:a:cups:cups:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 03-10-2018 - 21:47)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:07:02.297-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
family unix
id oval:org.mitre.oval:def:10604
status accepted
submitted 2010-07-09T03:56:16-04:00
title Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
version 24
redhat via4
advisories
  • bugzilla
    id 345091
    title CVE-2007-4351 cups boundary error
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment cups is earlier than 1:1.2.4-11.14.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071020002
        • comment cups is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123014
      • AND
        • comment cups-devel is earlier than 1:1.2.4-11.14.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071020008
        • comment cups-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123020
      • AND
        • comment cups-libs is earlier than 1:1.2.4-11.14.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071020004
        • comment cups-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123018
      • AND
        • comment cups-lpd is earlier than 1:1.2.4-11.14.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071020006
        • comment cups-lpd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123016
    rhsa
    id RHSA-2007:1020
    released 2007-10-31
    severity Important
    title RHSA-2007:1020: cups security and bug fix update (Important)
  • rhsa
    id RHSA-2007:1022
  • rhsa
    id RHSA-2007:1023
rpms
  • cups-1:1.2.4-11.14.el5_1.1
  • cups-devel-1:1.2.4-11.14.el5_1.1
  • cups-libs-1:1.2.4-11.14.el5_1.1
  • cups-lpd-1:1.2.4-11.14.el5_1.1
  • cups-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-devel-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-libs-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-1:1.1.17-13.3.46
  • cups-devel-1:1.1.17-13.3.46
  • cups-libs-1:1.1.17-13.3.46
refmap via4
apple APPLE-SA-2007-12-17
bid 26268
cert TA07-352A
cert-vn VU#446897
cisco 20080625 Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability
confirm
debian DSA-1407
fedora FEDORA-2007-2715
gentoo GLSA-200711-16
mandriva MDKSA-2007:204
misc http://secunia.com/secunia_research/2007-76/advisory/
sectrack 1018879
secunia
  • 27233
  • 27410
  • 27445
  • 27447
  • 27474
  • 27494
  • 27499
  • 27540
  • 27577
  • 27604
  • 27712
  • 28136
  • 30847
slackware SSA:2007-305-01
suse SUSE-SA:2007:058
ubuntu USN-539-1
vupen
  • ADV-2007-3681
  • ADV-2007-4238
  • ADV-2008-1934
xf cups-ippreadio-bo(38190)
statements via4
contributor Mark J Cox
lastmodified 2007-11-09
organization Red Hat
statement Vulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5. This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Updates are available from https://rhn.redhat.com/cve/CVE-2007-4351.html
Last major update 03-10-2018 - 21:47
Published 31-10-2007 - 22:46
Back to Top