Denial of Service : CUPS IPP < 1.4.5 Use After Free DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800182

Categoría: Denial of Service

Título: CUPS IPP < 1.4.5 Use After Free DoS Vulnerability

Resumen: CUPS is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
CUPS is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is caused by improper allocation of memory for attribute
values with invalid string data type.

Vulnerability Impact:
Successful exploitation will let the remote unauthenticated
attackers to cause a denial of service (use-after-free and application crash) or possibly execute
arbitrary code via a crafted IPP request.

Affected Software/OS:
CUPS version 1.4.4 and prior.

Solution:
Update to version 1.4.5 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2941
1024662
http://securitytracker.com/id?1024662
42287
http://secunia.com/advisories/42287
42867
http://secunia.com/advisories/42867
43521
http://secunia.com/advisories/43521
44530
http://www.securityfocus.com/bid/44530
68951
http://www.osvdb.org/68951
ADV-2010-2856
http://www.vupen.com/english/advisories/2010/2856
ADV-2010-3042
http://www.vupen.com/english/advisories/2010/3042
ADV-2010-3088
http://www.vupen.com/english/advisories/2010/3088
ADV-2011-0061
http://www.vupen.com/english/advisories/2011/0061
ADV-2011-0535
http://www.vupen.com/english/advisories/2011/0535
APPLE-SA-2010-11-10-1
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
DSA-2176
http://www.debian.org/security/2011/dsa-2176
FEDORA-2010-17615
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html
FEDORA-2010-17627
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html
FEDORA-2010-17641
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html
GLSA-201207-10
http://security.gentoo.org/glsa/glsa-201207-10.xml
MDVSA-2010:232
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
MDVSA-2010:233
http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
MDVSA-2010:234
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
RHSA-2010:0811
http://rhn.redhat.com/errata/RHSA-2010-0811.html
RHSA-2010:0866
http://www.redhat.com/support/errata/RHSA-2010-0866.html
SSA:2010-333-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323
SUSE-SR:2010:023
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
USN-1012-1
http://www.ubuntu.com/usn/USN-1012-1
cups-cupsd-code-execution(62882)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62882
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://support.apple.com/kb/HT4435
https://bugzilla.redhat.com/show_bug.cgi?id=624438

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800182
Categoría:	Denial of Service
Título:	CUPS IPP < 1.4.5 Use After Free DoS Vulnerability
Resumen:	CUPS is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: CUPS is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is caused by improper allocation of memory for attribute values with invalid string data type. Vulnerability Impact: Successful exploitation will let the remote unauthenticated attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. Affected Software/OS: CUPS version 1.4.4 and prior. Solution: Update to version 1.4.5 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2941 1024662 http://securitytracker.com/id?1024662 42287 http://secunia.com/advisories/42287 42867 http://secunia.com/advisories/42867 43521 http://secunia.com/advisories/43521 44530 http://www.securityfocus.com/bid/44530 68951 http://www.osvdb.org/68951 ADV-2010-2856 http://www.vupen.com/english/advisories/2010/2856 ADV-2010-3042 http://www.vupen.com/english/advisories/2010/3042 ADV-2010-3088 http://www.vupen.com/english/advisories/2010/3088 ADV-2011-0061 http://www.vupen.com/english/advisories/2011/0061 ADV-2011-0535 http://www.vupen.com/english/advisories/2011/0535 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html DSA-2176 http://www.debian.org/security/2011/dsa-2176 FEDORA-2010-17615 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html FEDORA-2010-17627 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html FEDORA-2010-17641 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html GLSA-201207-10 http://security.gentoo.org/glsa/glsa-201207-10.xml MDVSA-2010:232 http://www.mandriva.com/security/advisories?name=MDVSA-2010:232 MDVSA-2010:233 http://www.mandriva.com/security/advisories?name=MDVSA-2010:233 MDVSA-2010:234 http://www.mandriva.com/security/advisories?name=MDVSA-2010:234 RHSA-2010:0811 http://rhn.redhat.com/errata/RHSA-2010-0811.html RHSA-2010:0866 http://www.redhat.com/support/errata/RHSA-2010-0866.html SSA:2010-333-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323 SUSE-SR:2010:023 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html USN-1012-1 http://www.ubuntu.com/usn/USN-1012-1 cups-cupsd-code-execution(62882) https://exchange.xforce.ibmcloud.com/vulnerabilities/62882 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=624438
Copyright	Copyright (C) 2010 Greenbone AG