CVE-2008-5183

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-5183
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lab.gnucitizen.org/projects/cups-0day Broken Link
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html Mailing List
http://secunia.com/advisories/33937 Broken Link
http://secunia.com/advisories/43521 Broken Link
http://support.apple.com/kb/HT3438 Third Party Advisory
http://www.debian.org/security/2011/dsa-2176 Third Party Advisory
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 Broken Link
http://www.openwall.com/lists/oss-security/2008/11/19/3 Mailing List
http://www.openwall.com/lists/oss-security/2008/11/19/4 Mailing List
http://www.openwall.com/lists/oss-security/2008/11/20/1 Mailing List
http://www.redhat.com/support/errata/RHSA-2008-1029.html Broken Link
http://www.securityfocus.com/bid/32419 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021396 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/0422 Broken Link
http://www.vupen.com/english/advisories/2011/0535 Broken Link
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 Broken Link
https://www.exploit-db.com/exploits/7150 Third Party Advisory VDB Entry
http://lab.gnucitizen.org/projects/cups-0day Broken Link
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html Mailing List
http://secunia.com/advisories/33937 Broken Link
http://secunia.com/advisories/43521 Broken Link
http://support.apple.com/kb/HT3438 Third Party Advisory
http://www.debian.org/security/2011/dsa-2176 Third Party Advisory
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 Broken Link
http://www.openwall.com/lists/oss-security/2008/11/19/3 Mailing List
http://www.openwall.com/lists/oss-security/2008/11/19/4 Mailing List
http://www.openwall.com/lists/oss-security/2008/11/20/1 Mailing List
http://www.redhat.com/support/errata/RHSA-2008-1029.html Broken Link
http://www.securityfocus.com/bid/32419 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021396 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/0422 Broken Link
http://www.vupen.com/english/advisories/2011/0535 Broken Link
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 Broken Link
https://www.exploit-db.com/exploits/7150 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
History

21 Nov 2024, 00:53

Type Values Removed Values Added
References () http://lab.gnucitizen.org/projects/cups-0day - Broken Link () http://lab.gnucitizen.org/projects/cups-0day - Broken Link
References () http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List () http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List
References () http://secunia.com/advisories/33937 - Broken Link () http://secunia.com/advisories/33937 - Broken Link
References () http://secunia.com/advisories/43521 - Broken Link () http://secunia.com/advisories/43521 - Broken Link
References () http://support.apple.com/kb/HT3438 - Third Party Advisory () http://support.apple.com/kb/HT3438 - Third Party Advisory
References () http://www.debian.org/security/2011/dsa-2176 - Third Party Advisory () http://www.debian.org/security/2011/dsa-2176 - Third Party Advisory
References () http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ - Broken Link () http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 - Broken Link
References () http://www.openwall.com/lists/oss-security/2008/11/19/3 - Mailing List () http://www.openwall.com/lists/oss-security/2008/11/19/3 - Mailing List
References () http://www.openwall.com/lists/oss-security/2008/11/19/4 - Mailing List () http://www.openwall.com/lists/oss-security/2008/11/19/4 - Mailing List
References () http://www.openwall.com/lists/oss-security/2008/11/20/1 - Mailing List () http://www.openwall.com/lists/oss-security/2008/11/20/1 - Mailing List
References () http://www.redhat.com/support/errata/RHSA-2008-1029.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2008-1029.html - Broken Link
References () http://www.securityfocus.com/bid/32419 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/32419 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1021396 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1021396 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2009/0422 - Broken Link () http://www.vupen.com/english/advisories/2009/0422 - Broken Link
References () http://www.vupen.com/english/advisories/2011/0535 - Broken Link () http://www.vupen.com/english/advisories/2011/0535 - Broken Link
References () https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 - Issue Tracking () https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 - Issue Tracking
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 - Broken Link
References () https://www.exploit-db.com/exploits/7150 - Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/7150 - Third Party Advisory, VDB Entry

28 Dec 2023, 15:35

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2008/11/19/3 - (MLIST) http://www.openwall.com/lists/oss-security/2008/11/19/3 - Mailing List
References (VUPEN) http://www.vupen.com/english/advisories/2011/0535 - (VUPEN) http://www.vupen.com/english/advisories/2011/0535 - Broken Link
References (SECUNIA) http://secunia.com/advisories/33937 - (SECUNIA) http://secunia.com/advisories/33937 - Broken Link
References (SECUNIA) http://secunia.com/advisories/43521 - (SECUNIA) http://secunia.com/advisories/43521 - Broken Link
References (CONFIRM) http://support.apple.com/kb/HT3438 - (CONFIRM) http://support.apple.com/kb/HT3438 - Third Party Advisory
References (DEBIAN) http://www.debian.org/security/2011/dsa-2176 - (DEBIAN) http://www.debian.org/security/2011/dsa-2176 - Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 - Third Party Advisory, VDB Entry
References (APPLE) http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - (APPLE) http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-1029.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-1029.html - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 - Broken Link
References (SECTRACK) http://www.securitytracker.com/id?1021396 - (SECTRACK) http://www.securitytracker.com/id?1021396 - Broken Link, Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/32419 - (BID) http://www.securityfocus.com/bid/32419 - Broken Link, Third Party Advisory, VDB Entry
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List
References (MISC) http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ - (MISC) http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/0422 - (VUPEN) http://www.vupen.com/english/advisories/2009/0422 - Broken Link
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/7150 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/7150 - Third Party Advisory, VDB Entry
References (CONFIRM) https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 - (CONFIRM) https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 - Issue Tracking
References (MLIST) http://www.openwall.com/lists/oss-security/2008/11/19/4 - (MLIST) http://www.openwall.com/lists/oss-security/2008/11/19/4 - Mailing List
References (MISC) http://lab.gnucitizen.org/projects/cups-0day - (MISC) http://lab.gnucitizen.org/projects/cups-0day - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 - Broken Link
References (MLIST) http://www.openwall.com/lists/oss-security/2008/11/20/1 - (MLIST) http://www.openwall.com/lists/oss-security/2008/11/20/1 - Mailing List
First Time Apple mac Os X
Apple mac Os X Server
Opensuse opensuse
Debian debian Linux
Debian
Opensuse
CVSS v2 : 4.3
v3 : unknown 		v2 : 4.3
v3 : 7.5
CWE CWE-399 CWE-476
CPE cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*		 cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Information

Published : 2008-11-21 02:30

Updated : 2024-11-21 00:53

NVD link : CVE-2008-5183

Mitre link : CVE-2008-5183

CVE.ORG link : CVE-2008-5183

JSON object : View

Products Affected

apple

  • mac_os_x
  • cups
  • mac_os_x_server

opensuse

  • opensuse

debian

  • debian_linux
CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024