CUPS < 1.3.6 process_browse_data() Function Double Free DoS

Low Nessus Plugin ID 31131

Synopsis

The remote printer service is prone to a denial of service attack.

Description

According to its banner, the version of CUPS installed on the remote host contains a double free error in its 'process_browse_data' function when deleting the mime type entry for a remote printer that is being polled. An attacker may be able to leverage this issue to crash the affected service by deleting a printer under his control and then recreating it as a class.

Third-party researchers suggest this vulnerability can be used to execute arbitrary code.

Solution

Upgrade to CUPS version 1.3.6 or later.

See Also

http://www.cups.org/str.php?L2656

http://www.cups.org/articles.php?L529

Plugin Details

Severity: Low

ID: 31131

File Name: cups_1_3_6.nasl

Version: 1.18

Type: remote

Family: Misc.

Published: 2008/02/21

Updated: 2018/07/06

Dependencies: 10107, 29727

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-0882

BID: 27906

Secunia: 28994

CWE: 119