Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2008 Greenbone AGOPENVAS:136141256231090017
HistoryJun 17, 2008 - 12:00 a.m.

CUPS < 1.3.8 Multiple Vulnerabilities

2008-06-1700:00:00
Copyright (C) 2008 Greenbone AG
plugins.openvas.org
38

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.835 High

EPSS

Percentile

98.5%

JSON

CUPS (Common UNIX Printing System) service is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apple:cups";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.90017");
  script_version("2023-08-15T05:05:29+0000");
  script_tag(name:"last_modification", value:"2023-08-15 05:05:29 +0000 (Tue, 15 Aug 2023)");
  script_tag(name:"creation_date", value:"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_cve_id("CVE-2008-1722", "CVE-2008-0047");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("CUPS < 1.3.8 Multiple Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2008 Greenbone AG");
  script_family("Buffer overflow");
  script_dependencies("gb_cups_http_detect.nasl");
  script_mandatory_keys("cups/detected");

  script_tag(name:"summary", value:"CUPS (Common UNIX Printing System) service is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following vulnerabilities exist:

  - CVE-2008-0047: Heap-based buffer overflow in the cgiCompileSearch function, when printer sharing
  is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

  - CVE-2008-1722: Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c
  allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated
  via a crafted PNG image.");

  script_tag(name:"affected", value:"CUPS prior to version 1.3.8.");

  script_tag(name:"solution", value:"Update to version 1.3.8 or later.");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/28781");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( isnull( port = get_app_port( cpe:CPE ) ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port, version_regex:"^[0-9]+\.[0-9]+\.[0-9]+" ) )
  exit( 0 );

if( version_is_less( version:vers, test_version:"1.3.8" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"1.3.8" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

openvas 66
checkpoint_advisories 2
nvd 2
prion 2
oraclelinux 3
nessus 30
redhat 2
suse 1
ubuntucve 2
seebug 2
gentoo 2
securityvulns 6
veracode 2
cvelist 2
cve 2
debiancve 2
cert 1
ubuntu 3
fedora 14
centos 2
debian 3
slackware 1
osv 2
openvas
openvas
Cups < 1.3.8 vulnerability
2008-06-17 00:00:00
SuSE Update for cups SUSE-SA:2008:015
2009-01-23 00:00:00
Gentoo Security Advisory GLSA 200804-23 (cups)
2008-09-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Multiple Vendor CUPS Administration Interface CGI Heap Overflow (CVE-2008-0047)
2010-01-04 00:00:00
Update Protection against Multiple Vendor CUPS Administration Interface CGI Heap Overflow vulnerability
2008-05-09 00:00:00
nvd
nvd
CVE-2008-0047
2008-03-18 23:44:00
CVE-2008-1722
2008-04-10 19:05:00
prion
prion
Heap overflow
2008-03-18 23:44:00
Integer overflow
2008-04-10 19:05:00
oraclelinux
oraclelinux
cups security update
2008-06-04 00:00:00
cups security update
2008-12-15 00:00:00
cups security update
2008-04-01 00:00:00
nessus
nessus
Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
openSUSE 10 Security Update : cups (cups-5076)
2008-03-19 00:00:00
Mandriva Linux Security Advisory : cups (MDVSA-2008:170)
2009-04-23 00:00:00
redhat
redhat
(RHSA-2008:0498) Moderate: cups security update
2008-06-04 00:00:00
(RHSA-2008:0192) Moderate: cups security update
2008-04-01 00:00:00
suse
suse
remote code execution in cups
2008-03-19 10:07:43
ubuntucve
ubuntucve
CVE-2008-0047
2008-03-18 00:00:00
CVE-2008-1722
2008-04-10 00:00:00
seebug
seebug
CUPS CGIζŽ₯ε£θΏœη¨‹ε †ζΊ’ε‡ΊζΌζ΄ž
2008-03-20 00:00:00
CUPS PNGθΏ‡ζ»€ε™¨ε€šδΈͺζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2008-04-17 00:00:00
gentoo
gentoo
CUPS: Integer overflow vulnerability
2008-04-18 00:00:00
CUPS: Multiple vulnerabilities
2008-04-01 00:00:00
securityvulns
securityvulns
[USN-606-1] CUPS vulnerability
2008-05-06 00:00:00
iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability
2008-03-19 00:00:00
CUPS print system buffer overflow
2008-03-19 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:20:33
Denial Of Service (DoS)
2020-04-10 00:29:04
cvelist
cvelist
CVE-2008-0047
2008-03-18 23:00:00
CVE-2008-1722
2008-04-10 19:00:00
cve
cve
CVE-2008-1722
2008-04-10 19:05:00
CVE-2008-0047
2008-03-18 23:44:00
debiancve
debiancve
CVE-2008-0047
2008-03-18 23:44:00
CVE-2008-1722
2008-04-10 19:05:00
cert
cert
CUPS integer overflow vulnerability
2008-04-25 00:00:00
ubuntu
ubuntu
CUPS vulnerability
2008-05-05 00:00:00
CUPS vulnerabilities
2008-04-02 00:00:00
CUPS vulnerabilities
2008-10-15 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: cups-1.3.7-2.fc9
2008-05-13 15:24:59
[SECURITY] Fedora 8 Update: cups-1.3.7-2.fc8
2008-05-10 13:54:12
[SECURITY] Fedora 10 Update: cups-1.3.9-4.fc10
2008-12-09 11:33:13
centos
centos
cups security update
2008-06-04 15:45:37
cups security update
2008-04-02 10:39:09
debian
debian
[SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities
2008-03-25 15:10:49
[SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities
2008-03-25 15:10:49
[SECURITY] [DSA 1625-1] New cupsys packages fix arbitrary code execution
2008-08-01 07:52:06
slackware
slackware
[slackware-security] cups
2008-04-03 07:53:48
osv
osv
cupsys - multiple vulnerabilities
2008-03-25 00:00:00
cupsys - arbitrary code execution
2008-08-01 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.835 High

EPSS

Percentile

98.5%

JSON
Related for OPENVAS:136141256231090017
openvas66checkpoint_advisories2nvd2prion2oraclelinux3nessus30redhat2suse1ubuntucve2seebug2gentoo2securityvulns6veracode2cvelist2cve2debiancve2cert1ubuntu3fedora14centos2debian3slackware1osv2