exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2010-0393

Status Candidate

Overview

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.

Related Files

Gentoo Linux Security Advisory 201207-10
Posted Jul 10, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201207-10 - Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Versions less than 1.4.8-r1 are affected.

tags | advisory, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3553, CVE-2010-0302, CVE-2010-0393, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432, CVE-2010-2941, CVE-2011-3170
SHA-256 | ac1a9fddc193fe58d21d0ca7c54126b91d2ff39c64167361020f526fdbf282f1
Mandriva Linux Security Advisory 2010-073
Posted Apr 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues. Packages for Mandriva Linux 2010.0 was missing with MDVSA-2010:073. This advisory provides packages for 2010.0 as well.

tags | advisory, remote, web, denial of service, local, xss
systems | linux, mandriva
advisories | CVE-2009-2820, CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
SHA-256 | 8bc79655fa60e411cb4fc6c4176a462670c99e50077d17a036d4c694df5c95cf
Mandriva Linux Security Advisory 2010-073
Posted Apr 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service, local, xss
systems | linux, mandriva
advisories | CVE-2009-2820, CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
SHA-256 | 04b880873291bf9e96e7792410acaf5e20d102688c675e803a6b526a4a5279cd
Mandriva Linux Security Advisory 2010-072
Posted Apr 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-072 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, local, xss
systems | linux, mandriva
advisories | CVE-2009-2820, CVE-2010-0393
SHA-256 | 87a1b81e834c7351f9b23a53bf106959914ab7a068d03785563229a2e13f2d5f
Debian Linux Security Advisory 2007-1
Posted Mar 5, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2007-1 - Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions.

tags | advisory, arbitrary
systems | linux, unix, debian
advisories | CVE-2010-0393
SHA-256 | a35a24df791b66debd2d29b4aab39f8a82030daf160f0b4952edd924f7715ef0
Ubuntu Security Notice 906-1
Posted Mar 3, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 906-1 - It was discovered that the CUPS scheduler did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. Ronald Volgers discovered that the CUPS lppasswd tool could be made to load localized message strings from arbitrary files by setting an environment variable. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. The default compiler options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to a denial of service.

tags | advisory, remote, denial of service, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
SHA-256 | 783975e6aa85cde70e4595b4adf640e8da102064338a4cfbdd88092e933eebb3
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close