Showing 1 - 7 of 7

CVE-2009-0949

Status Candidate

Overview

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

Related Files

Mandriva Linux Security Advisory 2009-282: Posted Dec 8, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-282 - Multiple integer overflow, code execution, and denial of service issues have been addressed in cups. This update corrects the problems. Packages for 2008.0 are being provided due to extended support for Corporate products.; tags | advisory, denial of service, overflow, code execution; systems | linux, mandriva; advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0165, CVE-2009-0166, CVE-2009-0195, CVE-2009-0791, CVE-2009-0799, CVE-2009-0800, CVE-2009-0949, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-3608, CVE-2009-3609; SHA-256 | 2ed7fd3e64b4d52cac44cf24c4a2e78258c45c2068922e4925cc949de7e1b07a; Download | Favorite | View

Mandriva Linux Security Advisory 2009-283: Posted Oct 21, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-283 - cups suffers from denial of service, integer overflow, and buffer overflow vulnerabilities. This update corrects the problems.; tags | advisory, denial of service, overflow, vulnerability; systems | linux, mandriva; advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0166, CVE-2009-0195, CVE-2009-0791, CVE-2009-0799, CVE-2009-0800, CVE-2009-0949, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1196, CVE-2009-3608, CVE-2009-3609; SHA-256 | 6a986cbe02b428640424c30a7a68682178e6cab0da2aafa9fc12a51bfb358d7e; Download | Favorite | View

Mandriva Linux Security Advisory 2009-282: Posted Oct 21, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-282 - Multiple integer, heap, and buffer overflows exist in cups. This update corrects the problems.; tags | advisory, overflow; systems | linux, mandriva; advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0165, CVE-2009-0166, CVE-2009-0195, CVE-2009-0791, CVE-2009-0799, CVE-2009-0800, CVE-2009-0949, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-3608, CVE-2009-3609; SHA-256 | 894087aa72d5132ae4eaa82907f81fb6b4b5b4bc92b2685ec5a5b710fa25d155; Download | Favorite | View

Mandriva Linux Security Advisory 2009-281: Posted Oct 21, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-281 - cups suffers from multiple integer overflow and denial of service vulnerabilities. This update corrects the problems.; tags | advisory, denial of service, overflow, vulnerability; systems | linux, mandriva; advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0165, CVE-2009-0166, CVE-2009-0791, CVE-2009-0949, CVE-2009-3608, CVE-2009-3609; SHA-256 | 70b330e06ed183e1d579b9f88c26bf0a69cb7fdc044fab15f618e408b8f63a91; Download | Favorite | View

Ubuntu Security Notice 780-1: Posted Jun 4, 2009; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-780-1 - Anibal Sacco discovered that CUPS did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2009-0949; SHA-256 | 5ed9ac751e35b04551ce6bc0ee95dbc2274f8e92c18f6df536d88f1d108fb5c0; Download | Favorite | View

Core Security Technologies Advisory 2009.0420: Posted Jun 3, 2009; Authored by Core Security Technologies | Site coresecurity.com; Core Security Technologies Advisory - CUPS versions 1.3.9 and below suffer from a handling flaw of the IPP_TAG_UNSUPPORTED tag that allows attackers to cause a remote pre-authentication denial of service.; tags | exploit, remote, denial of service; advisories | CVE-2009-0949; SHA-256 | c015aeb8f199c04414df0ffabb0edc2e28089f8b3418871e171f578104ffebe6; Download | Favorite | View

Debian Linux Security Advisory 1810-1: Posted Jun 3, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1810-1 - Anibal Sacco discovered that cups, a general printing system for UNIX systems, suffers from null pointer dereference because of its handling of two consecutive IPP packets with certain tag attributes that are treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers to perform denial of service attacks by crashing the cups daemon.; tags | advisory, denial of service; systems | linux, unix, debian; advisories | CVE-2009-0949; SHA-256 | 1bd16047f6f2688935a4db4002019a5bca9dee9d10b9673b7d868bce30d1c98d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

CVE-2009-0949

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems