This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote printer service is affected by multiple vulnerabilities.
According to its banner, the version of CUPS installed on the remote
host is earlier than 1.3.9. Such versions are affected by several
- The HP-GL/2 filter does not adequately check the ranges
on the pen width and pen color opcodes that allows an
attacker to overwrite memory addresses with arbitrary
data, which may result in execution of arbitrary code
- There is a heap-based buffer overflow in the SGI file
format parsing module that can be triggered with
malformed Run Length Encoded (RLE) data to execute
arbitrary code (STR #2918).
- There is an integer overflow vulnerability in the
'WriteProlog()' function in the 'texttops'
application that can be triggered when calculating
the page size used for storing PostScript data to
execute arbitrary code (STR #2919).
See also :
Upgrade to CUPS version 1.3.9 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Nessus Plugin ID: 34385 (cups_1_3_9.nasl)
Bugtraq ID: 3168831690
CVE ID: CVE-2008-3639CVE-2008-3640CVE-2008-3641
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.