Rapid7 Vulnerability & Exploit Database

CESA-2008:0161: RHSA-2008:0161

Back to Search

CESA-2008:0161: RHSA-2008:0161

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
02/25/2008
Created
07/25/2018
Added
03/12/2010
Modified
08/29/2017

Description

Important: cups security updateThe Common UNIX Printing System (CUPS) provides a portable printing layerfor UNIX(R) operating systems.A flaw was found in the way CUPS handled the addition and removal of remoteshared printers via IPP. A remote attacker could send malicious UDP IPPpackets causing the CUPS daemon to attempt to dereference already freedmemory and crash. (CVE-2008-0597)A memory management flaw was found in the way CUPS handled the addition andremoval of remote shared printers via IPP. When shared printer wasremoved, allocated memory was not properly freed, leading to a memory leakpossibly causing CUPS daemon crash after exhausting available memory.(CVE-2008-0596)These issues were found during the investigation of CVE-2008-0882, whichdid not affect Red Hat Enterprise Linux 4.Note that the default configuration of CUPS on Red Hat Enterprise Linux4 allow requests of this type only from the local subnet.All CUPS users are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues.

Solution(s)

  • centos-upgrade-cups
  • centos-upgrade-cups-devel
  • centos-upgrade-cups-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;