CVE-2010-2941
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
| Software | From | Fixed in |
|---|---|---|
| apple / cups | - | 1.4.4.x |
| apple / mac_os_x_server | 10.6.0 | 10.6.4.x |
| apple / mac_os_x | 10.6.0 | 10.6.4.x |
| apple / mac_os_x_server | - | 10.5.8 |
| apple / mac_os_x | - | 10.5.8 |
| fedoraproject / fedora | 13 | 13.x |
| fedoraproject / fedora | 12 | 12.x |
| fedoraproject / fedora | 14 | 14.x |
| canonical / ubuntu_linux | 10.10 | 10.10.x |
| canonical / ubuntu_linux | 9.10 | 9.10.x |
| canonical / ubuntu_linux | 10.04 | 10.04.x |
| canonical / ubuntu_linux | 8.04 | 8.04.x |
| canonical / ubuntu_linux | 6.06 | 6.06.x |
| debian / debian_linux | 5.0 | 5.0.x |
| opensuse / opensuse | 11.1 | 11.1.x |
| suse / linux_enterprise_server | 9 | 9.x |
| opensuse / opensuse | 11.2 | 11.2.x |
| opensuse / opensuse | 11.3 | 11.3.x |
| suse / linux_enterprise | 11.0-sp1 | 11.0-sp1.x |
| suse / linux_enterprise | 11.0 | 11.0.x |
| suse / linux_enterprise | 10.0-sp3 | 10.0-sp3.x |
| redhat / enterprise_linux_server | 5.0 | 5.0.x |
| redhat / enterprise_linux | 6.0 | 6.0.x |
| redhat / enterprise_linux_workstation | 5.0 | 5.0.x |
| redhat / enterprise_linux | 5.0 | 5.0.x |
| redhat / enterprise_linux_desktop | 5.0 | 5.0.x |
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2010-0811.html
- http://secunia.com/advisories/42287
- http://secunia.com/advisories/42867
- http://secunia.com/advisories/43521
- http://security.gentoo.org/glsa/glsa-201207-10.xml
- http://securitytracker.com/id?1024662
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323
- http://support.apple.com/kb/HT4435
- http://www.debian.org/security/2011/dsa-2176
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
- http://www.osvdb.org/68951
- http://www.redhat.com/support/errata/RHSA-2010-0866.html
- http://www.securityfocus.com/bid/44530
- http://www.ubuntu.com/usn/USN-1012-1
- http://www.vupen.com/english/advisories/2010/2856
- http://www.vupen.com/english/advisories/2010/3042
- http://www.vupen.com/english/advisories/2010/3088
- http://www.vupen.com/english/advisories/2011/0061
- http://www.vupen.com/english/advisories/2011/0535
- https://bugzilla.redhat.com/show_bug.cgi?id=624438
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62882
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime