Description
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Apple / cups1.4.4
- Apple / mac_os_x10.5.8
- Apple / mac_os_x_server10.5.8
- Canonical / Ubuntu Linux8.10 – 8.10
- Canonical / Ubuntu Linux9.04 – 9.04
- Canonical / Ubuntu Linux6.06 – 6.06
- Canonical / Ubuntu Linux8.04 – 8.04
- Canonical / Ubuntu Linux9.10 – 9.10
- fedoraproject / fedora11 – 11
- RedHat / enterprise_linux5.0 – 5.0
- RedHat / enterprise_linux_desktop5.0 – 5.0
- RedHat / enterprise_linux_eus5.4 – 5.4
- RedHat / enterprise_linux_server5.0 – 5.0
- RedHat / enterprise_linux_workstation5.0 – 5.0
References
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-906-1
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=557775
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1481
- MISChttp://cups.org/articles.php?L596
- MISChttp://www.securitytracker.com/id?1024124
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4188
- MISChttp://security.gentoo.org/glsa/glsa-201207-10.xml
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/40220
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:073
- MISChttp://cups.org/str.php?L3490
- MISChttp://www.securityfocus.com/bid/38510
- VENDOR_ADVISORYhttp://secunia.com/advisories/38785
- MISChttps://rhn.redhat.com/errata/RHSA-2010-0129.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/38979
- VENDOR_ADVISORYhttp://secunia.com/advisories/38927