CUPS < 1.3.6 process_browse_data() Function Double Free DoS

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote printer service is prone to a denial of service attack.

Description :

According to its banner, the version of CUPS installed on the remote
host contains a double free error in its 'process_browse_data'
function when deleting the mime type entry for a remote printer that
is being polled. An attacker may be able to leverage this issue to
crash the affected service by deleting a printer under his control and
then recreating it as a class.

Third-party researchers suggest this vulnerability can be used to
execute arbitrary code.

See also :

http://www.cups.org/str.php?L2656
http://www.cups.org/articles.php?L529

Solution :

Upgrade to CUPS version 1.3.6 or later.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 31131 (cups_1_3_6.nasl)

Bugtraq ID: 27906

CVE ID: CVE-2008-0882