CUPS < 1.4.4 Multiple Vulnerabilities

high Nessus Plugin ID 47683


The remote printer service is affected by multiple vulnerabilities.


According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities :

- The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302)

- The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540)

- An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user.
(STR #3510) (CVE-2010-2431)

- The CUPS daemon is vulnerable to a heap corruption attack as the 'textops' filter does not verify the results of memory allocations. It is possible this may lead to arbitrary code execution. (STR #3516) (CVE-2010-0542)

- The CUPS daemon is vulnerable to a denial of service attack if compiled without HAVE_GSSAPI. (STR #3518) (CVE-2010-2432)

- The CUPS daemon is vulnerable to an information disclosure attack as an attacker can view portions of uninitialized memory by a specially crafted URL.
(STR #3577) (CVE-2010-1748)


Upgrade to CUPS version 1.4.4 or later.

See Also

Plugin Details

Severity: High

ID: 47683

File Name: cups_1_4_4.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 7/8/2010

Updated: 7/6/2018

Configuration: Enable paranoid mode

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: Settings/ParanoidReport, www/cups

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/17/2010

Vulnerability Publication Date: 2/3/2010

Reference Information

CVE: CVE-2010-0302, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432

BID: 41131, 40889, 40897, 38510, 40943, 41126

CWE: 399

Secunia: 40165