Summary
This host is running CUPS (Common UNIX Printing System) Service, which is prone to Buffer Overflow and Integer Overflow Vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code or compromise a vulnerable system.
Impact Level: System
Solution
Upgrade to CUPS version 1.3.9
http://www.cups.org/software.php
Insight
The flaws are due to
- an error in the implementation of the HP-GL/2 filter and can be exploited to cause buffer overflows with HP-GL/2 files containing overly large pen numbers.
- an error within the read_rle8() and read_rle16() functions when parsing malformed Run Length Encoded(RLE) data within Silicon Graphics Image(SGI) files and can exploited to cause heap-based buffer overflow with a specially crafted SGI file.
- an error within the WriteProlog() function included in the texttops utility and can be exploited to cause a heap-based buffer overflow with specially crafted file.
Affected
CUPS versions prior to 1.3.9
References
Severity
Classification
-
CVE CVE-2008-3639, CVE-2008-3640, CVE-2008-3641 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
- 7T Interactive Graphical SCADA System 'dc.exe' Command Injection Vulnerability
- Apple QuickTime Multiple Vulnerabilities - Jan09 (Win)
- Apache APR-Utils XML Parser Denial of Service Vulnerability
- Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)