Rapid7 Vulnerability & Exploit Database

ELSA-2010-0490 Important: Enterprise Linux cups security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2010-0490 Important: Enterprise Linux cups security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

06/17/2010

Created

07/25/2018

Added

12/20/2011

Modified

07/04/2017

Description

The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.

Solution(s)

oracle-linux-upgrade-cups
oracle-linux-upgrade-cups-devel
oracle-linux-upgrade-cups-libs
oracle-linux-upgrade-cups-lpd

References

https://attackerkb.com/topics/cve-2010-0540
APPLE-SA-2010-06-15-1
40871
40943
CVE - 2010-0540
CVE - 2010-0542
CVE - 2010-1748
DSA-2176
OVAL10365
OVAL10382
OVAL9723
http://oss.oracle.com/pipermail/el-errata/2010-June/001503.html
http://oss.oracle.com/pipermail/el-errata/2010-June/001504.html
http://oss.oracle.com/pipermail/el-errata/2010-June/001505.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;