CUPS < 1.3.6 process_browse_data() Function Double Free DoS

low Nessus Plugin ID 31131

Synopsis

The remote printer service is prone to a denial of service attack.

Description

According to its banner, the version of CUPS installed on the remote host contains a double free error in its 'process_browse_data' function when deleting the mime type entry for a remote printer that is being polled. An attacker may be able to leverage this issue to crash the affected service by deleting a printer under his control and then recreating it as a class.

Third-party researchers suggest this vulnerability can be used to execute arbitrary code.

Solution

Upgrade to CUPS version 1.3.6 or later.

See Also

http://www.cups.org/str.php?L2656

http://www.cups.org/articles.php?L529

Plugin Details

Severity: Low

ID: 31131

File Name: cups_1_3_6.nasl

Version: 1.18

Type: remote

Family: Misc.

Published: 2/21/2008

Updated: 7/6/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: Settings/ParanoidReport, www/cups

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-0882

BID: 27906

CWE: 119

Secunia: 28994