| ID |
CVE-2015-1158
|
| Summary |
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 10.0 (as of 23-09-2017 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-254 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| redhat
via4
|
| advisories | | | rpms | - cups-1:1.4.2-67.el6_6.1
- cups-1:1.6.3-17.ael7b_1.1
- cups-1:1.6.3-17.el7_1.1
- cups-client-1:1.6.3-17.ael7b_1.1
- cups-client-1:1.6.3-17.el7_1.1
- cups-debuginfo-1:1.4.2-67.el6_6.1
- cups-debuginfo-1:1.6.3-17.ael7b_1.1
- cups-debuginfo-1:1.6.3-17.el7_1.1
- cups-devel-1:1.4.2-67.el6_6.1
- cups-devel-1:1.6.3-17.ael7b_1.1
- cups-devel-1:1.6.3-17.el7_1.1
- cups-filesystem-1:1.6.3-17.ael7b_1.1
- cups-filesystem-1:1.6.3-17.el7_1.1
- cups-ipptool-1:1.6.3-17.ael7b_1.1
- cups-ipptool-1:1.6.3-17.el7_1.1
- cups-libs-1:1.4.2-67.el6_6.1
- cups-libs-1:1.6.3-17.ael7b_1.1
- cups-libs-1:1.6.3-17.el7_1.1
- cups-lpd-1:1.4.2-67.el6_6.1
- cups-lpd-1:1.6.3-17.ael7b_1.1
- cups-lpd-1:1.6.3-17.el7_1.1
- cups-php-1:1.4.2-67.el6_6.1
|
|
| refmap
via4
|
| bid | 75098 | | cert-vn | VU#810572 | | confirm | | | debian | DSA-3283 | | exploit-db | | | gentoo | GLSA-201510-07 | | misc | | | sectrack | 1032556 | | suse | - SUSE-SU-2015:1041
- SUSE-SU-2015:1044
- openSUSE-SU-2015:1056
| | ubuntu | USN-2629-1 |
|
| Last major update |
23-09-2017 - 01:29 |
| Published |
26-06-2015 - 10:59 |
| Last modified |
23-09-2017 - 01:29 |
