| VID |
23211 |
| Severity |
40 |
| Port |
631 |
| Protocol |
TCP |
| Class |
CUPS |
| Detailed Description |
The CUPS server, according to its banner, has a memory corruption vulnerability in the 'process_browse_data' function. Easy Software Products' Common UNIX Printing System (CUPS) is a cross-platform printing solution for UNIX environments that is based on the "Internet Printing Protocol". CUPS has a web-based graphical interface for printer management and is available on most Linux systems. CUPS version 1.3.5 and earlier versions are vulnerable to a double-free memory corruption vulnerability in the process_browse_data() function. By sending a specially-crafted packet to UDP port 631, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the affected service to crash.
* Note: This check solely relied on the banner of the remote CUPS server to assess this vulnerability, so this might be a false positive.
* References:
http://www.cups.org/str.php?L2656
http://www.cups.org/articles.php?L529
http://secunia.com/advisories/28994
* Platforms Affected:
Easy Software Products, CUPS version 1.3.5 and earlier versions
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CUPS (1.3.6 or later), available from the CUPS Software Web site at http://www.cups.org/software.php |
| Related URL |
CVE-2008-0882 (CVE) |
| Related URL |
27906 (SecurityFocus) |
| Related URL |
40718 (ISS) |
|
