CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
94.5%
It was discovered that the CUPS scheduler did not properly handle certain
network operations. A remote attacker could exploit this flaw and cause the
CUPS server to crash, resulting in a denial of service. This issue only
affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2009-3553,
CVE-2010-0302)
Ronald Volgers discovered that the CUPS lppasswd tool could be made to load
localized message strings from arbitrary files by setting an environment
variable. A local attacker could exploit this with a format-string
vulnerability leading to a root privilege escalation. The default compiler
options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to
a denial of service. (CVE-2010-0393)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | cups | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | cups-bsd | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | cups-client | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | cups-dbg | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | cups-ppdc | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcups2 | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcups2-dev | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcupscgi1 | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcupscgi1-dev | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcupsdriver1 | <Β 1.4.1-5ubuntu2.4 | UNKNOWN |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
94.5%