Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5183

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5183
Last Modified 17 Mar 2011 10:30:29
Published 20 Nov 2008 09:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5183

Summary

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

Vulnerable Systems

Application

  • Apple Cups 1.1

  • Apple Cups 1.1.1

  • Apple Cups 1.1.10

  • Apple Cups 1.1.10-1

  • Apple Cups 1.1.11

  • Apple Cups 1.1.12

  • Apple Cups 1.1.13

  • Apple Cups 1.1.14

  • Apple Cups 1.1.15

  • Apple Cups 1.1.16

  • Apple Cups 1.1.17

  • Apple Cups 1.1.18

  • Apple Cups 1.1.19

  • Apple Cups 1.1.2

  • Apple Cups 1.1.20

  • Apple Cups 1.1.21

  • Apple Cups 1.1.22

  • Apple Cups 1.1.23

  • Apple Cups 1.1.3

  • Apple Cups 1.1.4

  • Apple Cups 1.1.5

  • Apple Cups 1.1.5-1

  • Apple Cups 1.1.5-2

  • Apple Cups 1.1.6

  • Apple Cups 1.1.6-1

  • Apple Cups 1.1.6-2

  • Apple Cups 1.1.6-3

  • Apple Cups 1.1.7

  • Apple Cups 1.1.8

  • Apple Cups 1.1.9

  • Apple Cups 1.1.9-1

  • Apple Cups 1.2

  • Apple Cups 1.2.0

  • Apple Cups 1.2.1

  • Apple Cups 1.2.10

  • Apple Cups 1.2.11

  • Apple Cups 1.2.12

  • Apple Cups 1.2.2

  • Apple Cups 1.2.3

  • Apple Cups 1.2.4

  • Apple Cups 1.2.5

  • Apple Cups 1.2.6

  • Apple Cups 1.2.7

  • Apple Cups 1.2.8

  • Apple Cups 1.2.9

  • Apple Cups 1.3

  • Apple Cups 1.3.0

  • Apple Cups 1.3.1

  • Apple Cups 1.3.2

  • Apple Cups 1.3.3

  • Apple Cups 1.3.4

  • Apple Cups 1.3.5

  • Apple Cups 1.3.6

  • Apple Cups 1.3.7


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241

XF - cups-rss-dos(46684)

VUPEN - ADV-2011-0535

VUPEN - ADV-2009-0422

SECTRACK - 1021396

BID - 32419

REDHAT - RHSA-2008:1029

MLIST - [oss-security] 20081120 Re: CVE request: CUPS DoS via RSS subscriptions

MLIST - [oss-security] 20081119 Re: CVE request: CUPS DoS via RSS subscriptions

MLIST - [oss-security] 20081119 CVE request: CUPS DoS via RSS subscriptions

MILW0RM - 7150

MANDRIVA - MDVSA-2009:028

MISC - http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/

DEBIAN - DSA-2176

CONFIRM - http://support.apple.com/kb/HT3438

SECUNIA - 43521

SECUNIA - 33937

SUSE - SUSE-SR:2008:026

APPLE - APPLE-SA-2009-02-12

MISC - http://lab.gnucitizen.org/projects/cups-0day


Last Updated: 27 May 2016 10:48:44