Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2009:1595
HistoryNov 24, 2009 - 4:44 p.m.

cups security update

2009-11-2416:44:53
CentOS Project
lists.centos.org
43

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.084 Low

EPSS

Percentile

94.3%

JSON

CentOS Errata and Security Advisory CESA-2009:1595

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX operating systems.

A use-after-free flaw was found in the way CUPS handled references in its
file descriptors-handling interface. A remote attacker could, in a
specially-crafted way, query for the list of current print jobs for a
specific printer, leading to a denial of service (cupsd crash).
(CVE-2009-3553)

Several cross-site scripting (XSS) flaws were found in the way the CUPS web
server interface processed HTML form content. If a remote attacker could
trick a local user who is logged into the CUPS web interface into visiting
a specially-crafted HTML page, the attacker could retrieve and potentially
modify confidential CUPS administration data. (CVE-2009-2820)

Red Hat would like to thank Aaron Sigel of Apple Product Security for
responsibly reporting the CVE-2009-2820 issue.

Users of cups are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
update, the cupsd daemon will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-November/078494.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078495.html

Affected packages:
cups
cups-devel
cups-libs
cups-lpd

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1595

Related

oraclelinux 2
nessus 37
openvas 54
redhat 1
fedora 10
debiancve 3
ubuntu 2
debian 2
seebug 5
veracode 2
ubuntucve 3
prion 3
cve 3
exploitdb 1
checkpoint_advisories 1
threatpost 1
osv 1
gentoo 1
oraclelinux
oraclelinux
cups security update
2009-11-18 00:00:00
cups security update
2010-03-03 00:00:00
nessus
nessus
Fedora 12 : cups-1.4.2-7.fc12 (2009-11314)
2009-12-01 00:00:00
Fedora 11 : cups-1.4.2-7.fc11 (2009-10891)
2009-12-01 00:00:00
openSUSE Security Update : cups (cups-1650)
2009-12-11 00:00:00
openvas
openvas
CentOS Update for cups CESA-2009:1595 centos5 i386
2011-08-09 00:00:00
Fedora Core 12 FEDORA-2009-11314 (cups)
2009-12-10 00:00:00
CentOS Update for cups CESA-2009:1595 centos5 i386
2011-08-09 00:00:00
redhat
redhat
(RHSA-2009:1595) Moderate: cups security update
2009-11-18 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: cups-1.4.2-7.fc12
2009-12-01 04:34:10
[SECURITY] Fedora 11 Update: cups-1.4.2-7.fc11
2009-12-01 04:19:25
[SECURITY] Fedora 10 Update: cups-1.3.11-4.fc10
2009-12-04 23:49:33
debiancve
debiancve
CVE-2009-2820
2009-11-10 19:30:00
CVE-2009-3553
2009-11-20 02:30:00
CVE-2010-0302
2010-03-05 19:30:00
ubuntu
ubuntu
CUPS vulnerability
2009-11-10 00:00:00
CUPS vulnerabilities
2010-03-03 00:00:00
debian
debian
[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting
2009-11-10 02:41:26
[SECURITY] [DSA 2176-1] cups security update
2011-03-01 23:31:10
seebug
seebug
CUPS kerberos参数跨站脚本漏洞
2009-11-18 00:00:00
CUPS vulnerability
2009-11-11 00:00:00
New cups packages fix cross-site scripting
2009-11-11 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:39:44
Denial Of Service (DoS)
2020-04-10 00:39:44
ubuntucve
ubuntucve
CVE-2009-2820
2009-11-09 00:00:00
CVE-2009-3553
2009-11-19 00:00:00
CVE-2010-0302
2010-03-03 00:00:00
prion
prion
Cross site scripting
2009-11-10 19:30:00
Design/Logic Flaw
2009-11-20 02:30:00
Design/Logic Flaw
2010-03-05 19:30:00
cve
cve
CVE-2009-2820
2009-11-10 19:30:00
CVE-2009-3553
2009-11-20 02:30:00
CVE-2010-0302
2010-03-05 19:30:00
exploitdb
exploitdb
CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability
2009-11-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple CUPS cupsdDoSelect Remote Code Execution attack - Ver2 (CVE-2009-3553)
2014-12-28 00:00:00
threatpost
threatpost
Apple Patches 12 Serious Mac OS X Flaws
2010-01-19 21:27:36
osv
osv
cups - several
2011-03-02 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2012-07-09 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.084 Low

EPSS

Percentile

94.3%

JSON
Related for CESA-2009:1595
oraclelinux2nessus37openvas54redhat1fedora10debiancve3ubuntu2debian2seebug5veracode2ubuntucve3prion3cve3exploitdb1checkpoint_advisories1threatpost1osv1gentoo1