Denial of Service : CUPS 1.3.x, 1.4.x < 1.4.4 DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800487

Categoría: Denial of Service

Título: CUPS 1.3.x, 1.4.x < 1.4.4 DoS Vulnerability

Resumen: CUPS (Common UNIX Printing System) service is prone to a denial; of service (DoS) vulnerability.

Descripción: Summary:
CUPS (Common UNIX Printing System) service is prone to a denial
of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is due to an use-after-free error within the
'cupsdDoSelect()' function in 'scheduler/select.c' when kqueue or epoll is used, allows remote
attackers to crash or hang the daemon via a client disconnection during listing of a large number
of print jobs.

Vulnerability Impact:
Successful exploitation allows remote attackers to execute
arbitrary code and can cause denial of service.

Affected Software/OS:
CUPS versions 1.3.x and 1.4.x prior to 1.4.x.

Solution:
Update to version 1.4.4 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0302
1024124
http://www.securitytracker.com/id?1024124
38510
http://www.securityfocus.com/bid/38510
38785
http://secunia.com/advisories/38785
38927
http://secunia.com/advisories/38927
38979
http://secunia.com/advisories/38979
40220
http://secunia.com/advisories/40220
ADV-2010-1481
http://www.vupen.com/english/advisories/2010/1481
APPLE-SA-2010-06-15-1
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
FEDORA-2010-2743
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html
GLSA-201207-10
http://security.gentoo.org/glsa/glsa-201207-10.xml
MDVSA-2010:073
http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
RHSA-2010:0129
https://rhn.redhat.com/errata/RHSA-2010-0129.html
USN-906-1
http://www.ubuntu.com/usn/USN-906-1
http://cups.org/articles.php?L596
http://cups.org/str.php?L3490
http://support.apple.com/kb/HT4188
https://bugzilla.redhat.com/show_bug.cgi?id=557775
oval:org.mitre.oval:def:11216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800487
Categoría:	Denial of Service
Título:	CUPS 1.3.x, 1.4.x < 1.4.4 DoS Vulnerability
Resumen:	CUPS (Common UNIX Printing System) service is prone to a denial; of service (DoS) vulnerability.
Descripción:	Summary: CUPS (Common UNIX Printing System) service is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an use-after-free error within the 'cupsdDoSelect()' function in 'scheduler/select.c' when kqueue or epoll is used, allows remote attackers to crash or hang the daemon via a client disconnection during listing of a large number of print jobs. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code and can cause denial of service. Affected Software/OS: CUPS versions 1.3.x and 1.4.x prior to 1.4.x. Solution: Update to version 1.4.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0302 1024124 http://www.securitytracker.com/id?1024124 38510 http://www.securityfocus.com/bid/38510 38785 http://secunia.com/advisories/38785 38927 http://secunia.com/advisories/38927 38979 http://secunia.com/advisories/38979 40220 http://secunia.com/advisories/40220 ADV-2010-1481 http://www.vupen.com/english/advisories/2010/1481 APPLE-SA-2010-06-15-1 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html FEDORA-2010-2743 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html GLSA-201207-10 http://security.gentoo.org/glsa/glsa-201207-10.xml MDVSA-2010:073 http://www.mandriva.com/security/advisories?name=MDVSA-2010:073 RHSA-2010:0129 https://rhn.redhat.com/errata/RHSA-2010-0129.html USN-906-1 http://www.ubuntu.com/usn/USN-906-1 http://cups.org/articles.php?L596 http://cups.org/str.php?L3490 http://support.apple.com/kb/HT4188 https://bugzilla.redhat.com/show_bug.cgi?id=557775 oval:org.mitre.oval:def:11216 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216
Copyright	Copyright (C) 2010 Greenbone AG