Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-5849

Published: 19/12/2007 Updated: 29/07/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 up to and including 1.3.4 allows remote malicious users to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

easy software products cups 1.2.4

easy software products cups 1.2.9

easy software products cups 1.2.10

easy software products cups 1.2.12

easy software products cups 1.3.3

Vendor Advisories

Ubuntu Security Notice: cupsys vulnerabilities
Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code ...
Debian CVElist Bug Report Logs: cupsys: CVE-2007-5849 stack-based buffer overflow leading to code execution in SNMP back-end
Debian Bug report logs - #457453 cupsys: CVE-2007-5849 stack-based buffer overflow leading to code execution in SNMP back-end Package: cupsys; Maintainer for cupsys is (unknown); Reported by: Nico Golde <nion@debianorg> Date: Sat, 22 Dec 2007 14:33:01 UTC Severity: grave Tags: patch, security Found in versions cupsys/12 ...
Debian CVElist Bug Report Logs: cupsys: CVE-2007-6358 insecure file handling in pdftops filter script
Debian Bug report logs - #456960 cupsys: CVE-2007-6358 insecure file handling in pdftops filter script Package: cupsys; Maintainer for cupsys is (unknown); Reported by: Nico Golde <nion@debianorg> Date: Tue, 18 Dec 2007 18:21:04 UTC Severity: important Tags: security Fixed in version cupsys/135-1 Done: Kenshi Muto &lt ...
Debian Security Advisories: DSA-1437-1 cupsys -- several vulnerabilities
Several local vulnerabilities have been discovered in the Common UNIX Printing System The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5849 Wei Wang discovered that an buffer overflow in the SNMP backend may lead to the execution of arbitrary code CVE-2007-6358 Elias Pipping ...

Exploits

Exploit DB: Common UNIX Printing System 1.2/1.3 SNMP - 'asn1_get_string()' Remote Buffer Overflow
source: wwwsecurityfocuscom/bid/26917/info Common UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer Exploiting this issue allows attackers to execute arbitrary machine code in the contex ...

References

CWE-189http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://docs.info.apple.com/article.html?artnum=307179http://bugs.gentoo.org/show_bug.cgi?id=201570http://www.cups.org/str.php?L2589http://www.debian.org/security/2007/dsa-1437http://www.gentoo.org/security/en/glsa/glsa-200712-14.xmlhttp://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://www.securityfocus.com/bid/26917http://secunia.com/advisories/28113http://secunia.com/advisories/28136http://secunia.com/advisories/28129http://secunia.com/advisories/28200http://www.ubuntu.com/usn/usn-563-1http://www.securityfocus.com/bid/26910http://secunia.com/advisories/28386http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.htmlhttp://secunia.com/advisories/28441http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00908.htmlhttp://secunia.com/advisories/28636http://secunia.com/advisories/28676http://www.mandriva.com/security/advisories?name=MDVSA-2008:036http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2007/4242https://exchange.xforce.ibmcloud.com/vulnerabilities/39101https://exchange.xforce.ibmcloud.com/vulnerabilities/39097https://nvd.nist.govhttps://usn.ubuntu.com/563-1/https://www.exploit-db.com/exploits/30898/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995CVE-2024-36680CVE-2024-35537unauthorizedCVE-2024-21518CVE-2024-37673cross-site scriptingSSRFCVE-2024-6241
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook