CVE-2010-0302

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

References

http://cups.org/articles.php?L596

http://cups.org/str.php?L3490

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html

http://secunia.com/advisories/38785

http://secunia.com/advisories/38927

http://secunia.com/advisories/38979

http://secunia.com/advisories/40220

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://support.apple.com/kb/HT4188

http://www.mandriva.com/security/advisories?name=MDVSA-2010:073

http://www.securityfocus.com/bid/38510

http://www.securitytracker.com/id?1024124

http://www.ubuntu.com/usn/USN-906-1

http://www.vupen.com/english/advisories/2010/1481

https://bugzilla.redhat.com/show_bug.cgi?id=557775

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216

https://rhn.redhat.com/errata/RHSA-2010-0129.html

Details

Source: MITRE

Published: 2010-03-05

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
68006Oracle Linux 5 : cups (ELSA-2010-0129)NessusOracle Linux Local Security Checks
medium
67961Oracle Linux 5 : cups (ELSA-2009-1595)NessusOracle Linux Local Security Checks
medium
67076CentOS 5 : cups (CESA-2009:1595)NessusCentOS Local Security Checks
medium
60743Scientific Linux Security Update : cups on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
59902GLSA-201207-10 : CUPS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
47683CUPS < 1.4.4 Multiple VulnerabilitiesNessusMisc.
high
47327Fedora 12 : cups-1.4.2-28.fc12 (2010-3761)NessusFedora Local Security Checks
medium
47324Fedora 13 : cups-1.4.2-34.fc13 (2010-3693)NessusFedora Local Security Checks
medium
47293Fedora 11 : cups-1.4.2-26.fc11 (2010-2743)NessusFedora Local Security Checks
medium
800793Mac OS X 10.6 < 10.6.4 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5571Mac OS X 10.6 < 10.6.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
47024Mac OS X Multiple Vulnerabilities (Security Update 2010-004)NessusMacOS X Local Security Checks
high
47023Mac OS X 10.6.x < 10.6.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
45530Mandriva Linux Security Advisory : cups (MDVSA-2010:073-1)NessusMandriva Local Security Checks
medium
45105SuSE 11 Security Update : CUPS (SAT Patch Number 2108)NessusSuSE Local Security Checks
medium
45102openSUSE Security Update : cups (cups-2102)NessusSuSE Local Security Checks
medium
45099openSUSE Security Update : cups (cups-2102)NessusSuSE Local Security Checks
medium
45096openSUSE Security Update : cups (cups-2102)NessusSuSE Local Security Checks
medium
45053CentOS 5 : cups (CESA-2010:0129)NessusCentOS Local Security Checks
medium
44985Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : cups, cupsys vulnerabilities (USN-906-1)NessusUbuntu Local Security Checks
medium
44973RHEL 5 : cups (RHSA-2010:0129)NessusRed Hat Local Security Checks
medium
42850RHEL 5 : cups (RHSA-2009:1595)NessusRed Hat Local Security Checks
medium