CVSS: 4.3EPSS: 1%CPEs: 94EXPL: 1CVE-2010-1748 – CUPS 1.4.2 - Web Interface Information Disclosure
https://notcve.org/view.php?id=CVE-2010-1748
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. La función cgi_initialize_string en el archivo cgi-bin/var.c en la interfaz web en CUPS anterior a versión 1.4.4, tal y como es usado sobre Mac OS X versión 10.5.8, Mac OS X versiones 10.6 anteriores a 10.6.4, de Apple, y otras plataformas, no maneja apropiadamente los parámetros values que contienen un carácter % (porcentaje) sin dos caracteres hexadecimales posteriores, lo que permite a los atacantes dependiendo del contexto obtener información confidencial de la memoria del proceso cupsd por medio de una petición especialmente diseñada, como es demostrado por los URIs (1) /admin?OP=redirect&URL=% y (2) /admin? • https://www.exploit-db.com/exploits/34152 http://cups.org/articles.php?L596 http://cups.org/str.php?L3577 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://secunia.com/advisories/40220 http://secunia.com/advisories/43521 http://security.gentoo.org/glsa/glsa-201207-10.xml http://support.apple.com/kb/HT4188 http://www.debian.org/security/2011/dsa-2176 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2010-0393
https://notcve.org/view.php?id=CVE-2010-0393
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. La funcion _cupsGetlang, tal y como se utiliza en lppasswd.c en lppasswd en CUPS v1.2.2, v1.3.7, v1.3.9, y v1.4.1, cuenta con una situacion variable para determinar el fichero que provee cadenas de localizacion de un mensaje, lo que permite a usuarios locales ganar privilegios a traves de un fichero que contiene datos de localizacion manipulados con ciertos formatos de cadena. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://security.gentoo.org/glsa/glsa-201207-10.xml http://support.apple.com/kb/HT4077 http://www.cups.org/str.php?L3482 http://www.mandriva.com/security/advisories?name=MDVSA-2010:072 http://www.mandriva.com/security/advisories?name=MDVSA-2010:073 http://www.securityfocus.com/bid/38524 http://www.ubuntu.com/usn/USN-906-1 https://bugzilla.redhat.com/show_bug.cgi?id=558460 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 7%CPEs: 16EXPL: 0CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. Vulnerabilidad de uso despues de liberacion en el interfaz de gestion de descriptores de fichero en la funcion cupsdDoSelect en scheduler/select.c en the scheduler en cupsd en CUPS v1.3.7, v1.3.9, v1.3.10, y v1.4.1, cuando se utiliza kqueue o epoll, permite a atacantes remotos producir una denegacion de servicio (caida de demonio o cuelgue) a traves de la desconexion del cliente durante el listado de un gran numero de trabajos de imporesion, relacionados con el inadecuado mantenimiento del numero de referencias. NOTA: Algunos de los detalles fueron obtenidos de terceras partes. • http://cups.org/articles.php?L596 http://cups.org/str.php?L3490 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html http://secunia.com/advisories/38785 http://secunia.com/advisories/38927 http://secunia.com/advisories/38979 http://secunia.com/advisories/40220 http://security.gentoo.org/glsa/glsa-201207-10.xml http://support.apple.com/kb/HT4188 http://www.mandriva.com&# • CWE-416: Use After Free •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 0CVE-2009-0791 – xpdf: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0791
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. Múltiples desbordamientos de entero en el filtro pdftops en CUPS v1.1.17, v1.1.22 y v1.3.7 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección mediante un fichero PDF manipulado que dispara una desbordamiento de búfer basado en memoria dinámica (heap), posiblemente relacionado con (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx y (5) PSOutputDev.cxx en pdftops/. NOTA: el vector JBIG2Stream.cxx podría solapar CVE-2009-1179. • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35340 http://secunia.com/advisories/35685 http://secunia.com/advisories/37023 http://secunia.com/advisories/37028 http://secunia.com/advisories/37037 http://secunia.com/advisories/37043 http://secunia.com/advisories/37077 http://secunia.com/advisories/37079 http://securitytracker.com/id?1022326 http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 http://www.redhat. • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 0CVE-2009-1196 – cups: DoS (stop, crash) by renewing CUPS browse packets
https://notcve.org/view.php?id=CVE-2009-1196
The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." La funcionalidad directory-services en el planificador (scheduler) en CUPS v1.1.17 y v1.1.22 permite a atacantes remotos provocar una denegación de servicio (parada o caída del demonio cupsd) mediante la manipulación de la cadencia de los paquetes de navegación CUPS, en relación con el problema de punteros "uso después de borrado" ("pointer use-after-delete flaw"). • http://secunia.com/advisories/35340 http://securitytracker.com/id?1022327 http://www.redhat.com/support/errata/RHSA-2009-1083.html http://www.securityfocus.com/bid/35194 http://www.vupen.com/english/advisories/2009/1488 https://bugzilla.redhat.com/show_bug.cgi?id=497135 https://exchange.xforce.ibmcloud.com/vulnerabilities/50944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11217 https://access.redhat.com/security/cve/CVE-2009-1196 • CWE-399: Resource Management Errors •