This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote printer service is affected by multiple vulnerabilities.
According to its banner, the version of CUPS installed on the remote
host is earlier than 1.4.4. Such versions are affected by several
- The patch for STR #3200 / CVE-2009-3553 was not
complete. A remote client can cause a denial of service
by causing the CUPS server to reference an already
freed resource. (STR #3490) (CVE-2010-0302)
- The CUPS daemon may be vulnerable to certain cross-site
request forgery (CSRF) attacks, e.g., malicious IFRAME
attacks. (STR #3498) (CVE-2010-0540)
- An unprivileged process may be able to cause the CUPS
server to overwrite arbitrary files as the root user.
(STR #3510) (CVE-2010-2431)
- The CUPS daemon is vulnerable to a heap corruption
attack as the 'textops' filter does not verify the
results of memory allocations. It is possible this
may lead to arbitrary code execution. (STR #3516)
- The CUPS daemon is vulnerable to a denial of service
attack if compiled without HAVE_GSSAPI. (STR #3518)
- The CUPS daemon is vulnerable to an information
disclosure attack as an attacker can view portions of
uninitialized memory by a specially crafted URL.
(STR #3577) (CVE-2010-1748)
See also :
Upgrade to CUPS version 1.4.4 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Nessus Plugin ID: 47683 (cups_1_4_4.nasl)
Bugtraq ID: 385104088940897409434112641131
CVE ID: CVE-2010-0302CVE-2010-0540CVE-2010-0542CVE-2010-1748CVE-2010-2431CVE-2010-2432
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.