[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3553Date: (C)2009-11-19   (M)2024-02-22


Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
SUNALERT-275230
BID-37048
SECUNIA-37360
SECUNIA-37364
SECUNIA-38241
SECUNIA-43521
ADV-2010-0173
ADV-2011-0535
APPLE-SA-2010-01-19-1
DSA-2176
FEDORA-2009-12652
GLSA-201207-10
MDVSA-2010:073
RHSA-2009:1595
USN-906-1
http://support.apple.com/kb/HT4004
http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs
http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs
http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs
http://www.cups.org/str.php?L3200
https://bugzilla.redhat.com/show_bug.cgi?id=530111
oval:org.mitre.oval:def:11183

CWE    1
CWE-416
OVAL    21
oval:org.secpod.oval:def:300196
oval:org.secpod.oval:def:3503
oval:org.secpod.oval:def:300008
oval:org.secpod.oval:def:201793
...

© SecPod Technologies