ID CVE-2010-2941
Summary ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4:b1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4:b1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4:b2:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4:b2:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4:b3:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4:b3:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*
CVSS
Base: 7.9 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:A/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 624438
    title CVE-2010-2941 cups: cupsd memory corruption vulnerability
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment cups is earlier than 1:1.3.7-18.el5_5.8
          oval oval:com.redhat.rhsa:tst:20100811002
        • comment cups is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123014
      • AND
        • comment cups-devel is earlier than 1:1.3.7-18.el5_5.8
          oval oval:com.redhat.rhsa:tst:20100811004
        • comment cups-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123020
      • AND
        • comment cups-libs is earlier than 1:1.3.7-18.el5_5.8
          oval oval:com.redhat.rhsa:tst:20100811006
        • comment cups-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123018
      • AND
        • comment cups-lpd is earlier than 1:1.3.7-18.el5_5.8
          oval oval:com.redhat.rhsa:tst:20100811008
        • comment cups-lpd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070123016
    rhsa
    id RHSA-2010:0811
    released 2010-10-28
    severity Important
    title RHSA-2010:0811: cups security update (Important)
  • bugzilla
    id 624438
    title CVE-2010-2941 cups: cupsd memory corruption vulnerability
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment cups is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866005
        • comment cups is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150386006
      • AND
        • comment cups-devel is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866007
        • comment cups-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150386014
      • AND
        • comment cups-libs is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866013
        • comment cups-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150386008
      • AND
        • comment cups-lpd is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866009
        • comment cups-lpd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150386012
      • AND
        • comment cups-php is earlier than 1:1.4.2-35.el6_0.1
          oval oval:com.redhat.rhsa:tst:20100866011
        • comment cups-php is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100866012
    rhsa
    id RHSA-2010:0866
    released 2010-11-10
    severity Important
    title RHSA-2010:0866: cups security update (Important)
rpms
  • cups-1:1.3.7-18.el5_5.8
  • cups-devel-1:1.3.7-18.el5_5.8
  • cups-libs-1:1.3.7-18.el5_5.8
  • cups-lpd-1:1.3.7-18.el5_5.8
  • cups-1:1.4.2-35.el6_0.1
  • cups-devel-1:1.4.2-35.el6_0.1
  • cups-libs-1:1.4.2-35.el6_0.1
  • cups-lpd-1:1.4.2-35.el6_0.1
  • cups-php-1:1.4.2-35.el6_0.1
refmap via4
apple APPLE-SA-2010-11-10-1
bid 44530
confirm
debian DSA-2176
fedora
  • FEDORA-2010-17615
  • FEDORA-2010-17627
  • FEDORA-2010-17641
gentoo GLSA-201207-10
mandriva
  • MDVSA-2010:232
  • MDVSA-2010:233
  • MDVSA-2010:234
osvdb 68951
sectrack 1024662
secunia
  • 42287
  • 42867
  • 43521
slackware SSA:2010-333-01
suse SUSE-SR:2010:023
ubuntu USN-1012-1
vupen
  • ADV-2010-2856
  • ADV-2010-3042
  • ADV-2010-3088
  • ADV-2011-0061
  • ADV-2011-0535
xf cups-cupsd-code-execution(62882)
Last major update 17-08-2017 - 01:32
Published 05-11-2010 - 17:00
Back to Top