CUPS 'scheduler/select.c' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running CUPS (Common UNIX Printing System) Service, which is prone to Denial of Service vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code and can cause denial of service. Impact Level: Application

Solution

Upgrade to version 1.5 or later, For updates refer to http://www.cups.org/software.php ***** NOTE: Please ignore this warning if the patch is applied. *****

Insight

The flaw is due to an use-after-free error within the 'cupsdDoSelect()' function in 'scheduler/select.c' when kqueue or epoll is used, allows remote attackers to crash or hang the daemon via a client disconnection during listing of a large number of print jobs.

Affected

CUPS versions 1.3.x, 1.4.x on Linux.

References

http://www.ubuntu.com/usn/USN-906-1
https://bugzilla.redhat.com/show_bug.cgi?id=557775
https://rhn.redhat.com/errata/RHSA-2010-0129.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0302
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)
Comodo Internet Security Denial of Service Vulnerability-04
CUPS Empty UDP Datagram DoS Vulnerability
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities