CUPS < 1.4.4 Multiple Vulnerabilities

high Nessus Plugin ID 47683

Synopsis

The remote printer service is affected by multiple vulnerabilities.

Description

According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities :

- The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302)

- The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540)

- An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user.
(STR #3510) (CVE-2010-2431)

- The CUPS daemon is vulnerable to a heap corruption attack as the 'textops' filter does not verify the results of memory allocations. It is possible this may lead to arbitrary code execution. (STR #3516) (CVE-2010-0542)

- The CUPS daemon is vulnerable to a denial of service attack if compiled without HAVE_GSSAPI. (STR #3518) (CVE-2010-2432)

- The CUPS daemon is vulnerable to an information disclosure attack as an attacker can view portions of uninitialized memory by a specially crafted URL.
(STR #3577) (CVE-2010-1748)

Solution

Upgrade to CUPS version 1.4.4 or later.

See Also

http://www.cups.org/str.php?L3490

http://www.cups.org/str.php?L3498

http://www.cups.org/str.php?L3510

http://www.cups.org/str.php?L3516

http://www.cups.org/str.php?L3518

http://www.cups.org/str.php?L3577

http://www.cups.org/articles.php?L596

Plugin Details

Severity: High

ID: 47683

File Name: cups_1_4_4.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 7/8/2010

Updated: 7/6/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: Settings/ParanoidReport, www/cups

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/17/2010

Vulnerability Publication Date: 2/3/2010

Reference Information

CVE: CVE-2010-0302, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432

BID: 38510, 40889, 40897, 40943, 41126, 41131

CWE: 399

Secunia: 40165