PT-2010-1076 · Apple+1 · Cups-Libs+4
Tim Waugh
·
Published
2010-03-03
·
Updated
2024-02-03
·
CVE-2010-0302
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
CUPS versions 1.3.7
CUPS-devel versions 1.3.7
cups-lpd versions 1.3.7
cups-libs versions 1.3.7
Description
The issue is related to a use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function, which can be exploited remotely to cause a denial of service, such as a daemon crash or hang. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited when kqueue or epoll is used, and it is related to improperly maintaining a reference count.
Recommendations
For CUPS versions 1.3.7, update to version 1.4.4 or later to resolve the issue.
For CUPS-devel versions 1.3.7, update to version 1.4.4 or later to resolve the issue.
For cups-lpd versions 1.3.7, update to version 1.4.4 or later to resolve the issue.
For cups-libs versions 1.3.7, update to version 1.4.4 or later to resolve the issue.
Fix
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cups
Cups-Devel
Red Hat
Cups-Libs
Cups-Lpd