CVE-2008-0882 – cups: double free vulnerability in process_browse_data()
https://notcve.org/view.php?id=CVE-2008-0882
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de doble liberación en la función process_browse_data en CUPS versión 1.3.5, permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) y posiblemente ejecutar código arbitrario por medio de paquetes Browse UDP diseñados hacia el puerto cupsd (631/udp), relacionado con una manipulación no especificada de una impresora remota. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html http://secunia.com/advisories/28994 http://secunia.com/advisories/29067 http://secunia.com/advisories/29120 http://secunia.com/advisories/29132 http://secunia.com/advisories/29251 http://secunia.com/advisories/29420 http://secunia.com/advisories/29485 http://secunia.com/advisories/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5849 – Common UNIX Printing System 1.2/1.3 SNMP - 'asn1_get_string()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5849
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. Un subdesbordamiento de enteros en la función asn1_get_string en el back end de SNMP (backend/snmp.c) para CUPS versiones 1.2 hasta 1.3.4, permite a los atacantes remotos ejecutar código arbitrario por medio de una respuesta SNMP especialmente diseñada que desencadena un desbordamiento de búfer en la región stack de la memoria. • https://www.exploit-db.com/exploits/30898 http://bugs.gentoo.org/show_bug.cgi?id=201570 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html http://secunia.com/advisories/28113 http://secunia.com/advisories/28129 http://secunia.com/advisories/28136 http://secunia.com/advisories/28200 http://secunia.com/advisories/28386 http:// • CWE-189: Numeric Errors •
CVE-2007-4351 – cups boundary error
https://notcve.org/view.php?id=CVE-2007-4351
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. Error de superación de límite (off-by-one) en la función ippReadIO de cup/ipp.c de CUPS 1.3.3 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una etiqueta (1) textWithLanguage o (2) nameWithLanguage Internet Printing Protocol (IPP) manipuladas, llevando a un desbordamiento de búfer basado en pila. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/27233 http://secunia.com/advisories/27410 http://secunia.com/advisories/27445 http://secunia.com/advisories/27447 http://secunia.com/advisories/27474 http://secunia.com/advisories/27494 http://secunia.com/advisories/27499 http://secunia.com/advisories/27540 http://secunia.com/advisories/27577 http://secunia.com/advisories • CWE-189: Numeric Errors •
CVE-2007-3387 – xpdf integer overflow
https://notcve.org/view.php?id=CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. Un desbordamiento de enteros en la función StreamPredictor::StreamPredictor en xpdf versión 3.02, tal como es usado en (1) poppler anterior a versión 0.5.91, (2) gpdf anterior a versión 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, ( 6) PDFedit, y otros productos, podrían permitir que los atacantes remotos ejecuten código arbitrario por medio de un archivo PDF creado que causa un desbordamiento del búfer en la región stack de la memoria, en la función StreamPredictor::getNextLine. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=187139 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 http://osvdb.org/40127 http://secunia.com/advisories/26188 http://secunia.com/advisories/26251 http://secunia.com/advisories/26254 http://secunia.com/advisories/26255 http://secunia.com/advisories/26257 http://secunia.com/advisories/26278 • CWE-190: Integer Overflow or Wraparound •
CVE-2007-4045 – Incomplete fix for CVE-2007-0720 CUPS denial of service
https://notcve.org/view.php?id=CVE-2007-4045
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. El servicio CUPS, tal y como es usado en SUSE Linux versiones anteriores a 20070720 y otras distribuciones de Linux, permite a atacantes remotos causar una denegación de servicio por medio de vectores no especificados relacionados con una corrección incompleta para CVE-2007-0720 que introdujo un problema diferente de denegación de servicio en la negociación SSL. • http://bugs.gentoo.org/show_bug.cgi?id=199195 http://secunia.com/advisories/27577 http://secunia.com/advisories/27615 http://secunia.com/advisories/28113 http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:036 http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.redhat.com/support/errata/RHSA-2007-1022.html http://www& •