National Cyber Awareness System

Vulnerability Summary for CVE-2009-0949

Overview

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: DEBIAN

Name: DSA-1811

Type: Patch Information

Hyperlink:http://www.debian.org/security/2009/dsa-1811

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=500972

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=500972

External Source: XF

Name: apple-cups-ipptag-dos(50926)

Hyperlink:http://xforce.iss.net/xforce/xfdb/50926

External Source: UBUNTU

Name: USN-780-1

Hyperlink:http://www.ubuntu.com/usn/USN-780-1

External Source: BID

Name: 35169

Hyperlink:http://www.securityfocus.com/bid/35169

External Source: BUGTRAQ

Name: 20090602 CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/504032/100/0/threaded

External Source: REDHAT

Name: RHSA-2009:1083

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1083.html

External Source: REDHAT

Name: RHSA-2009:1082

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1082.html

External Source: MISC

Name: http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability

Hyperlink:http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability

External Source: CONFIRM

Name: http://support.apple.com/kb/HT3865

Hyperlink:http://support.apple.com/kb/HT3865

External Source: SECTRACK

Name: 1022321

Hyperlink:http://securitytracker.com/id?1022321

External Source: SECUNIA

Name: 36701

Hyperlink:http://secunia.com/advisories/36701

External Source: SECUNIA

Name: 35685

Hyperlink:http://secunia.com/advisories/35685

External Source: SECUNIA

Name: 35342

Type: Advisory

Hyperlink:http://secunia.com/advisories/35342

External Source: SECUNIA

Name: 35340

Type: Advisory

Hyperlink:http://secunia.com/advisories/35340

External Source: SECUNIA

Name: 35328

Type: Advisory

Hyperlink:http://secunia.com/advisories/35328

External Source: SECUNIA

Name: 35322

Type: Advisory

Hyperlink:http://secunia.com/advisories/35322

External Source: OVAL

Name: oval:org.mitre.oval:def:9631

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9631

External Source: SUSE

Name: SUSE-SR:2009:012

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

External Source: APPLE

Name: APPLE-SA-2009-09-10-2

Hyperlink:http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

References to Check Content

Identifier:oval:org.mitre.oval:def:9631

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9631