10 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.6%
Adrian Pastor and Tim Starling discovered that the CUPS web interface
incorrectly protected against cross-site request forgery (CSRF) attacks. If
an authenticated user were tricked into visiting a malicious website while
logged into CUPS, a remote attacker could modify the CUPS configuration and
possibly steal confidential data. (CVE-2010-0540)
It was discovered that CUPS did not properly handle memory allocations in
the texttops filter. If a user or automated system were tricked into
printing a crafted text file, a remote attacker could cause a denial of
service or possibly execute arbitrary code with privileges of the CUPS user
(lp). (CVE-2010-0542)
Luca Carettoni discovered that the CUPS web interface incorrectly handled
form variables. A remote attacker who had access to the CUPS web interface
could use this flaw to read a limited amount of memory from the cupsd
process and possibly obtain confidential data. (CVE-2010-1748)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | cups | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | cups-bsd | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | cups-client | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | cups-dbg | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | cups-ppdc | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcups2 | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcups2-dev | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcupscgi1 | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcupscgi1-dev | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcupsdriver1 | <Β 1.4.1-5ubuntu2.6 | UNKNOWN |