CVE-2007-4045

Incomplete fix for CVE-2007-0720 CUPS denial of service

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.

El servicio CUPS, tal y como es usado en SUSE Linux versiones anteriores a 20070720 y otras distribuciones de Linux, permite a atacantes remotos causar una denegación de servicio por medio de vectores no especificados relacionados con una corrección incompleta para CVE-2007-0720 que introdujo un problema diferente de denegación de servicio en la negociación SSL.

Wei Wang (McAfee AVERT Research) discovered an integer underflow in the asn1_get_string() function of the SNMP backend, leading to a stack-based buffer overflow when handling SNMP responses (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). Versions less than 1.3.5 are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-27 CVE Reserved
2007-07-27 CVE Published
2024-08-07 CVE Updated
2025-07-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (15)

URL	Tag	Source
http://secunia.com/advisories/27577	Third Party Advisory
http://secunia.com/advisories/27615	Third Party Advisory
http://secunia.com/advisories/28113	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm	Third Party Advisory
http://www.securityfocus.com/bid/26524	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9303	Signature

URL	Date	SRC

URL	Date	SRC
http://bugs.gentoo.org/show_bug.cgi?id=199195	2020-12-23
https://bugzilla.redhat.com/show_bug.cgi?id=250161	2007-11-07

URL	Date	SRC
http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml	2020-12-23
http://www.mandriva.com/security/advisories?name=MDVSA-2008:036	2020-12-23
http://www.novell.com/linux/security/advisories/2007_14_sr.html	2020-12-23
http://www.redhat.com/support/errata/RHSA-2007-1022.html	2020-12-23
http://www.redhat.com/support/errata/RHSA-2007-1023.html	2020-12-23
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html	2020-12-23
https://access.redhat.com/security/cve/CVE-2007-4045	2007-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"		Cups Search vendor "Apple" for product "Cups"				< 1.2.0 Search vendor "Apple" for product "Cups" and version " < 1.2.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				7 Search vendor "Fedoraproject" for product "Fedora" and version "7"		-		Affected