CVE-2008-5377 – CUPS < 1.3.8-4 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-5377
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. pstopdf de CUPS v1.3.8 , permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico en el fichero temporal /tmp/pstopdf.log. Se trata de una vulnerabilidad diferente de CVE-2001-1333. • https://www.exploit-db.com/exploits/7550 http://lists.debian.org/debian-devel/2008/08/msg00347.html http://uvw.ru/report.sid.txt • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-5286 – cups: Incomplete fix for CVE-2008-1722
https://notcve.org/view.php?id=CVE-2008-5286
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. Un desbordamiento de entero en la función _cupsImageReadPNG en CUPS 1.1.17 hasta 1.3.9 permite a atacantes remotos ejecutar código arbitrario a través de una imagen PNG con un gran valor de altura, lo cual impide una correcta comprobación de validación y ocasiona un desbordamiento de búfer. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32962 http://secunia.com/advisories/33101 http://secunia.com/advisories/33111 http://secunia.com/advisories/33568 http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt http://www.cups.org/str.php?L2974 http://www.debian.org/security/2008/dsa-1677 http://www.gentoo.org/security/en/glsa/glsa-200812-01.xml http://www.gentoo.org/security/en/glsa/glsa-200812-11 • CWE-189: Numeric Errors •
CVE-2008-5183 – CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash
https://notcve.org/view.php?id=CVE-2008-5183
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. cupsd en CUPS versión 1.3.9 y anteriores, permite a los usuarios locales, y posiblemente atacantes remotos, causar una denegación de servicio (bloqueo del demonio) mediante la adición de un gran número de Suscripciones RSS, que desencadena una desreferencia de puntero NULL. NOTA: este problema puede ser desencadenado remotamente mediante el aprovechamiento de CVE-2008-5184. • https://www.exploit-db.com/exploits/7150 http://lab.gnucitizen.org/projects/cups-0day http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/33937 http://secunia.com/advisories/43521 http://support.apple.com/kb/HT3438 http://www.debian.org/security/2011/dsa-2176 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups http://www.mandriva.com/security/adviso • CWE-476: NULL Pointer Dereference •
CVE-2008-5184
https://notcve.org/view.php?id=CVE-2008-5184
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. La interfaz web (cgi-bin/admin.c) en CUPS antes de v1.3.8 utiliza un nombre de usuario de invitado cuando un usuario no esta conectado al servidor web, lo cual facilita a atacantes remotos evitar la política y conducir un ataque CSRF a través de las funciones (1) add y (2) cancel suscripciones RSS. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://www.cups.org/str.php?L2774 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 http://www.openwall.com/lists/oss-security/2008/11/19/3 • CWE-255: Credentials Management Errors •
CVE-2008-3640 – CUPS: texttops integer overflow
https://notcve.org/view.php?id=CVE-2008-3640
Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. Desbordamiento de entero en la función WriteProlog de texttops en CUPS antes de 1.3.9 permite a atacantes remotos ejecutar código de su elección mediante un archivo PostScript manipulado que dispara un desbordamiento de búfer basado en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=752 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://secunia.com/advisories/32084 http://secunia.com/advisories/32226 http://secunia.com/advisories/32284 http://secunia.com/advisories/32292 http://secunia.com/advisories/32316 http://secunia.com/advisories/32331 http://secunia.com/advisories/33085 http://secunia.com/advisories/33111 http://sunsolve.sun.com/search/document.do?assetkey=1& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •