Veracode Vulnerability DatabaseVERACODE:23206Arbitrary Code Execution
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
cups is vulnerable to arbitrary code execution. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port.
References
docs.info.apple.com/article.html?artnum=307179
lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
secunia.com/advisories/27233
secunia.com/advisories/27410
secunia.com/advisories/27445
secunia.com/advisories/27447
secunia.com/advisories/27474
secunia.com/advisories/27494
secunia.com/advisories/27499
secunia.com/advisories/27540
secunia.com/advisories/27577
secunia.com/advisories/27604
secunia.com/advisories/27712
secunia.com/advisories/28136
secunia.com/advisories/30847
secunia.com/secunia_research/2007-76/advisory/
security.gentoo.org/glsa/glsa-200711-16.xml
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.501902
support.avaya.com/elmodocs2/security/ASA-2007-476.htm
www.cisco.com/en/US/products/products_security_response09186a00809a1f11.html
www.cups.org/str.php?L2561
www.debian.org/security/2007/dsa-1407
www.kb.cert.org/vuls/id/446897
www.mandriva.com/security/advisories?name=MDKSA-2007:204
www.novell.com/linux/security/advisories/2007_58_cups.html
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2007-1020.html
www.redhat.com/support/errata/RHSA-2007-1022.html
www.redhat.com/support/errata/RHSA-2007-1023.html
www.securityfocus.com/bid/26268
www.securitytracker.com/id?1018879
www.us-cert.gov/cas/techalerts/TA07-352A.html
www.vupen.com/english/advisories/2007/3681
www.vupen.com/english/advisories/2007/4238
www.vupen.com/english/advisories/2008/1934/references
access.redhat.com/errata/RHSA-2007:1020
bugzilla.redhat.com/show_bug.cgi?id=361661
exchange.xforce.ibmcloud.com/vulnerabilities/38190
issues.rpath.com/browse/RPL-1875
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10604
usn.ubuntu.com/539-1/
www.redhat.com/archives/fedora-package-announce/2007-November/msg00012.html
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C