Vigil@nce: CUPS, denial of service
November 2009 by Vigil@nce
A remote attacker can thus ask for current print jobs in order to
generate a denial of service of the CUPS daemon.
Severity: 2/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 19/11/2009
IMPACTED PRODUCTS
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The CUPS (Common UNIX Printing System) product provides printers
management under Unix.
A vulnerability linked to the use of already freed memory in the
cupsdDoSelect() method of the file scheduler/select.c has been
discovered. Technical details are unknown.
A remote attacker can thus ask for current print jobs in order to
generate a denial of service of the CUPS daemon.
CHARACTERISTICS
Identifiers: 530111, BID-37048, CVE-2009-3553, RHSA-2009:1595-01,
VIGILANCE-VUL-9207
http://vigilance.fr/vulnerability/CUPS-denial-of-service-9207