CUPS < 1.4.4 Multiple Vulnerabilities

High Nessus Plugin ID 47683


The remote printer service is affected by multiple vulnerabilities.


According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities :

- The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302)

- The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540)

- An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user.
(STR #3510) (CVE-2010-2431)

- The CUPS daemon is vulnerable to a heap corruption attack as the 'textops' filter does not verify the results of memory allocations. It is possible this may lead to arbitrary code execution. (STR #3516) (CVE-2010-0542)

- The CUPS daemon is vulnerable to a denial of service attack if compiled without HAVE_GSSAPI. (STR #3518) (CVE-2010-2432)

- The CUPS daemon is vulnerable to an information disclosure attack as an attacker can view portions of uninitialized memory by a specially crafted URL.
(STR #3577) (CVE-2010-1748)


Upgrade to CUPS version 1.4.4 or later.

See Also

Plugin Details

Severity: High

ID: 47683

File Name: cups_1_4_4.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 2010/07/08

Updated: 2018/07/06

Dependencies: 10107, 29727

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/06/17

Vulnerability Publication Date: 2010/02/03

Reference Information

CVE: CVE-2010-0302, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432

BID: 38510, 40889, 40897, 40943, 41126, 41131

Secunia: 40165

CWE: 399