CUPS Denial Of Service Vulnerability - Jun09 Network Vulnerability

Summary

This host is running CUPS (Common UNIX Printing System) Service,which is prone to Denial of Service vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code and can cause denial of service. Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaws are due to - A use-after-free error within the directory-services functionality in the scheduler. - Integer overflow errors within the 'pdftops' filter while processing specially crafted PDF file.

Affected

CUPS versions prior to 1.2.0 and 1.3.7 on Linux

References

http://rhn.redhat.com/errata/RHSA-2009-1083.html
http://secunia.com/advisories/35340
http://securitytracker.com/alerts/2009/Jun/1022327.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0791, CVE-2009-1196
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)
ClamAV Prior to 0.96.5 Multiple Vulnerabilities
Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
Compaq Web SSI DoS

CUPS Denial of Service Vulnerability - Jun09

Take action and discover your vulnerabilities