13 matches found
openSUSE Security Update : cups (cups-322)
local users could crash cups by adding a large number of RSS subscriptions CVE-2008-5183, CVE-2008-5184. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update cups-322. The text description of this...
openSUSE Security Update : cups (cups-356)
Previous updates for the PNG and HPGL filters were incomplete and are corrected now. Also cups used a guest user account for RSS subscriptions which made it eeasier for attackers to conduct CSRF attacks. CVE-2008-3641, CVE-2008-5184, CVE-2008-5286 %NASLMINLEVEL 70300 C Tenable Network Security,...
Ubuntu: Security Advisory (USN-707-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu USN-707-1 (cupsys)
The remote host is missing an update to cupsys announced via advisory USN-707-1. OpenVAS Vulnerability Test $Id: ubuntu7071.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7071.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-707-1 cupsys Authors: Thomas Rein...
cups: DoS (daemon crash) caused by the large number of subscriptions
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...
FreeBSD Ports: cups-base
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2008-5184
The web interface cgi-bin/admin.c in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the 1 add and 2 cancel RSS subscription functions...
Null pointer dereference
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...
CVE-2008-5183
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...
CVE-2008-5183
The CVE-2008-5183 issue affects CUPS
CVE-2008-5183
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...
CVE-2008-5184
CVE-2008-5184 affects CUPS prior to 1.3.8, where the web interface (cgi-bin/admin.c) uses a guest user when no user is logged in, enabling CSRF attacks on RSS subscription management (add and cancel) by remote attackers. Multiple connected advisories note the issue as part of broader CUPS updates...
CVE-2008-5183
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...