SynopsisThe remote printer service is affected by multiple vulnerabilities.
DescriptionAccording to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities :
- The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302)
- The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540)
- An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user.
(STR #3510) (CVE-2010-2431)
- The CUPS daemon is vulnerable to a heap corruption attack as the 'textops' filter does not verify the results of memory allocations. It is possible this may lead to arbitrary code execution. (STR #3516) (CVE-2010-0542)
- The CUPS daemon is vulnerable to a denial of service attack if compiled without HAVE_GSSAPI. (STR #3518) (CVE-2010-2432)
- The CUPS daemon is vulnerable to an information disclosure attack as an attacker can view portions of uninitialized memory by a specially crafted URL.
(STR #3577) (CVE-2010-1748)
SolutionUpgrade to CUPS version 1.4.4 or later.
File Name: cups_1_4_4.nasl
Configuration: Enable paranoid mode
Required KB Items: Settings/ParanoidReport, www/cups
Exploit Ease: Exploits are available
Patch Publication Date: 6/17/2010
Vulnerability Publication Date: 2/3/2010
CVE: CVE-2010-0302, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432
BID: 41131, 40889, 40897, 38510, 40943, 41126