Veracode Vulnerability DatabaseVERACODE:24364Arbitrary Code Execution
7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
cups is vulnerable to arbitrary code execution. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server.
References
blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
rhn.redhat.com/errata/RHSA-2010-0811.html
secunia.com/advisories/42287
secunia.com/advisories/42867
secunia.com/advisories/43521
security.gentoo.org/glsa/glsa-201207-10.xml
securitytracker.com/id?1024662
slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323
support.apple.com/kb/HT4435
www.debian.org/security/2011/dsa-2176
www.mandriva.com/security/advisories?name=MDVSA-2010:232
www.mandriva.com/security/advisories?name=MDVSA-2010:233
www.mandriva.com/security/advisories?name=MDVSA-2010:234
www.osvdb.org/68951
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0866.html
www.securityfocus.com/bid/44530
www.ubuntu.com/usn/USN-1012-1
www.vupen.com/english/advisories/2010/2856
www.vupen.com/english/advisories/2010/3042
www.vupen.com/english/advisories/2010/3088
www.vupen.com/english/advisories/2011/0061
www.vupen.com/english/advisories/2011/0535
access.redhat.com/errata/RHSA-2010:0811
bugzilla.redhat.com/show_bug.cgi?id=624438
exchange.xforce.ibmcloud.com/vulnerabilities/62882
Related
7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C