exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2010-0542

Status Candidate

Overview

The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.

Related Files

Gentoo Linux Security Advisory 201207-10
Posted Jul 10, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201207-10 - Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Versions less than 1.4.8-r1 are affected.

tags | advisory, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3553, CVE-2010-0302, CVE-2010-0393, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432, CVE-2010-2941, CVE-2011-3170
SHA-256 | ac1a9fddc193fe58d21d0ca7c54126b91d2ff39c64167361020f526fdbf282f1
Debian Security Advisory 2176-1
Posted Mar 2, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2176-1 - Several vulnerabilities have been discovered in the Common UNIX Printing System. A null pointer dereference in RSS job completion notifications could lead to denial of service. It was discovered that incorrect file descriptor handling could lead to denial of service. A cross-site request forgery vulnerability was discovered in the web interface. Incorrect memory management in the filter subsystem could lead to denial of service. Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. Various other issues were also addressed.

tags | advisory, web, denial of service, vulnerability, csrf
systems | linux, unix, debian
advisories | CVE-2008-5183, CVE-2009-3553, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432, CVE-2010-2941
SHA-256 | 21901e6c776cf699416e364a1c536e8ae21ddbb297893d90aec7aef45ed8caff
Mandriva Linux Security Advisory 2010-234
Posted Nov 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-234 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file. The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors. The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/job.cache file. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. The updated packages have been upgraded to cups 1.3.10 and patched to correct these issues.

tags | advisory, remote, web, denial of service, arbitrary, local, csrf
systems | linux, mandriva
advisories | CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2941
SHA-256 | 0dab4ef60a555b01565c5907cb2d99a63df8c8d71c529e3b72fcfb550aa56f4c
Mandriva Linux Security Advisory 2010-232
Posted Nov 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-232 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file. The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors. The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/job.cache file. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

tags | advisory, remote, web, denial of service, arbitrary, local, csrf
systems | linux, mandriva
advisories | CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2941
SHA-256 | 04e93c19aeb95affc703012416b9a127b061954e7f95f0664a38bba985b44c89
Ubuntu Security Notice 952-1
Posted Jun 23, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 952-1 - Adrian Pastor and Tim Starling discovered that the CUPS web interface incorrectly protected against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. It was discovered that CUPS did not properly handle memory allocations in the texttops filter. If a user or automated system were tricked into printing a crafted text file, a remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the CUPS user (lp). Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. A remote attacker who had access to the CUPS web interface could use this flaw to read a limited amount of memory from the cupsd process and possibly obtain confidential data.

tags | advisory, remote, web, denial of service, arbitrary, csrf
systems | linux, ubuntu
advisories | CVE-2010-0540, CVE-2010-0542, CVE-2010-1748
SHA-256 | d6b0dd56c3037c879f67bee3d005df81cfa31ae5a24b1282c543cddedbbda89f
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close