CUPS < 1.3.10 Multiple Vulnerabilities

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.

Synopsis :

The remote printer service is affected by multiple vulnerabilities.

Description :

According to its banner, the version of CUPS installed on the remote
host is earlier than 1.3.10. Such versions are affected by several
issues :

- A potential integer overflow in the PNG image validation
code in '_cupsImageReadPNG()' could allow an attacker to
crash the affected service or possibly execute arbitrary
code. (STR #2974)

- A heap-based integer overflow exists in
'_cupsImageReadTIFF()' due to a failure to properly
validate the image height of a specially crafted TIFF
file, which can be leveraged to execute arbitrary code.
(STR #3031)

- The web interface may be vulnerable to DNS rebinding
attacks due to a failure to validate the HTTP Host
header in incoming requests. (STR #3118)

- A heap-based buffer overflow in pdftops allows remote
attackers to execute arbitrary code via a PDF file with
crafted JBIG2 symbol dictionary segments.

- Flawed 'ip' structure initialization in the function
'ippReadIO()' could allow an anonymous remote attacker
to crash the application via a malicious IPP request
packet with two consecutives IPP_TAG_UNSUPPORTED tags.

See also :

Solution :

Upgrade to CUPS version 1.3.10 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 36183 (cups_1_3_10.nasl)

Bugtraq ID: 32518

CVE ID: CVE-2008-5286