Synopsis
The remote printer service is affected by multiple vulnerabilities.
Description
According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.4. Such versions are affected by several vulnerabilities :
- The patch for STR #3200 / CVE-2009-3553 was not complete. A remote client can cause a denial of service by causing the CUPS server to reference an already freed resource. (STR #3490) (CVE-2010-0302)
- The CUPS daemon may be vulnerable to certain cross-site request forgery (CSRF) attacks, e.g., malicious IFRAME attacks. (STR #3498) (CVE-2010-0540)
- An unprivileged process may be able to cause the CUPS server to overwrite arbitrary files as the root user.
(STR #3510) (CVE-2010-2431)
- The CUPS daemon is vulnerable to a heap corruption attack as the 'textops' filter does not verify the results of memory allocations. It is possible this may lead to arbitrary code execution. (STR #3516) (CVE-2010-0542)
- The CUPS daemon is vulnerable to a denial of service attack if compiled without HAVE_GSSAPI. (STR #3518) (CVE-2010-2432)
- The CUPS daemon is vulnerable to an information disclosure attack as an attacker can view portions of uninitialized memory by a specially crafted URL.
(STR #3577) (CVE-2010-1748)
Solution
Upgrade to CUPS version 1.4.4 or later.
Plugin Details
File Name: cups_1_4_4.nasl
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:apple:cups
Required KB Items: www/cups, Settings/ParanoidReport
Exploit Ease: Exploits are available
Patch Publication Date: 6/17/2010
Vulnerability Publication Date: 2/3/2010
Reference Information
CVE: CVE-2010-0302, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432
BID: 38510, 40889, 40897, 40943, 41126, 41131