|
|
Subscribe / Log in / New account

cups: denial of service

Package(s):cups CVE #(s):CVE-2008-5183 CVE-2008-5184
Created:November 25, 2008 Updated:March 2, 2011
Description: cupsd in CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

Alerts:
Debian DSA-2176-1 cups 2011-03-02
rPath rPSA-2008-0338-1 cups 2008-12-19
CentOS CESA-2008:1029 cups 2008-12-16
Red Hat RHSA-2008:1029-01 cups 2008-12-15
Fedora FEDORA-2008-10911 cups 2008-12-09
Fedora FEDORA-2008-10917 cups 2008-12-09
Fedora FEDORA-2008-10895 cups 2008-12-09
SuSE SUSE-SR:2008:026 libxml2, phpMyAdmin, lighttpd, OpenOffice_org, imp, clamav, acroread, htop, cups 2008-11-24
Mandriva MDVSA-2009:028 cups 2009-01-24
Ubuntu USN-707-1 cups, cupsys 2009-01-12
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds