CUPS cupsd RSS订阅空指针引用本地拒绝服务漏洞

admin

0
文章

0
评论

2022-07-23 11:02:36 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

CUPS cuPSD RSS订阅空指针引用本地拒绝服务漏洞

CNNVD编号：CNNVD-200811-342
危害等级：中危
CVE编号： CVE-2008-5183
漏洞类型：资源管理错误
发布时间： 2008-11-21
威胁类型：远程
更新时间： 2009-02-20
厂商： CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
漏洞来源： Adrian Pastor※ m12...

漏洞简介

Common Unix Printing System(CUPS)是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务。如果向默认监听于631/tcp端口的CUPS守护程序(/usr/sbin/cuPSD)添加了多于100个RSS订阅的话，就会触发空指针引用，导致守护程序崩溃。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接： RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:1029-01)以及相应补丁: RHSA-2008:1029-01：Moderate: cups security update 链接：https://www.redhat.com/support/errata/RHSA-2008-1029.HTML

参考网址

来源:bugs.launchpad.net 链接:https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 来源: XF 名称: cups-rss-dos(46684) 链接:http://xforce.iss.net/xforce/xfdb/46684 来源: SECTRACK 名称: 1021396 链接:http://www.securitytracker.com/id?1021396 来源: BID 名称: 32419 链接:http://www.securityfocus.com/bid/32419 来源: REDHAT 名称: RHSA-2008:1029 链接:http://www.redhat.com/support/errata/RHSA-2008-1029.HTML 来源: MLIST 名称: [oss-security] 20081120 Re: CVE request: CUPS DoS via RSS subscriptions 链接:http://www.openwall.com/lists/oss-security/2008/11/20/1 来源: MLIST 名称: [oss-security] 20081119 Re: CVE request: CUPS DoS via RSS subscriptions 链接:http://www.openwall.com/lists/oss-security/2008/11/19/4 来源: MLIST 名称: [oss-security] 20081119 CVE request: CUPS DoS via RSS subscriptions 链接:http://www.openwall.com/lists/oss-security/2008/11/19/3 来源: MILW0RM 名称: 7150 链接:http://www.milw0rm.com/exploits/7150 来源: MANDRIVA 名称: MDVSA-2009:028 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 来源: MISC 链接:http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ 来源: VUPEN 名称: ADV-2009-0422 链接:http://www.frsirt.com/english/advisories/2009/0422 来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com 链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3438 来源: SECUNIA 名称: 33937 链接:http://secunia.com/advisories/33937 来源: SUSE 名称: SUSE-SR:2008:026 链接:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.HTML 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-02-12 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Feb/msg00000.HTML 来源: MISC 链接:http://lab.gnucitizen.org/projects/cups-0day

受影响实体

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Cups:1.3.7
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Cups:1.3.5
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Cups:1.3.4
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Cups:1.3:Rc1
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Cups:1.3:Rc2