Title: CUPS 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability
Severity: MODERATE
Description:
CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems.
The application is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference that occurs in the 'ippReadIO()' function of the 'cups/ipp.c' source file. Specifically, the issue can be triggered when the application processes a specially crafted IPP (Internet Printing Protocol) packet that contains two consecutive IPP_TAG_UNSUPPORTED tags.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Affected Products:
- ALT Linux ALT Linux Compact 2.3.0
- ALT Linux ALT Linux Junior 2.3.0
- Apple Mac OS X 10.4.0
- Apple Mac OS X 10.4.1
- Apple Mac OS X 10.4.10
- Apple Mac OS X 10.4.11
- Apple Mac OS X 10.4.11
- Apple Mac OS X 10.4.2
- Apple Mac OS X 10.4.3
- Apple Mac OS X 10.4.4
- Apple Mac OS X 10.4.5
- Apple Mac OS X 10.4.6
- Apple Mac OS X 10.4.7
- Apple Mac OS X 10.4.8
- Apple Mac OS X 10.4.9
- Apple Mac OS X 10.5
- Apple Mac OS X 10.5.1
- Apple Mac OS X 10.5.2
- Apple Mac OS X 10.5.3
- Apple Mac OS X 10.5.4
- Apple Mac OS X 10.5.5
- Apple Mac OS X 10.5.6
- Apple Mac OS X Server 10.4.0
- Apple Mac OS X Server 10.4.1
- Apple Mac OS X Server 10.4.10
- Apple Mac OS X Server 10.4.11
- Apple Mac OS X Server 10.4.11
- Apple Mac OS X Server 10.4.2
- Apple Mac OS X Server 10.4.3
- Apple Mac OS X Server 10.4.4
- Apple Mac OS X Server 10.4.5
- Apple Mac OS X Server 10.4.6
- Apple Mac OS X Server 10.4.7
- Apple Mac OS X Server 10.4.8
- Apple Mac OS X Server 10.4.9
- Apple Mac OS X Server 10.5
- Apple Mac OS X Server 10.5.1
- Apple Mac OS X Server 10.5.2
- Apple Mac OS X Server 10.5.3
- Apple Mac OS X Server 10.5.4
- Apple Mac OS X Server 10.5.5
- Apple Mac OS X Server 10.5.6
- Avaya Session Manager 1.1
- Caldera OpenLinux Server 3.1.0
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.0
- Caldera OpenLinux Workstation 3.1.1
- Conectiva Linux 6.0.0
- Conectiva Linux 7.0.0
- Conectiva Linux 8.0.0
- Conectiva Linux 9.0.0
- Conectiva Linux Enterprise Edition 1.0.0
- Debian Linux 2.2.0
- Debian Linux 2.3.0
- Debian Linux 3.0.0
- Debian Linux 3.0.0 alpha
- Debian Linux 3.0.0 arm
- Debian Linux 3.0.0 hppa
- Debian Linux 3.0.0 ia-32
- Debian Linux 3.0.0 ia-64
- Debian Linux 3.0.0 m68k
- Debian Linux 3.0.0 mips
- Debian Linux 3.0.0 mipsel
- Debian Linux 3.0.0 ppc
- Debian Linux 3.0.0 s/390
- Debian Linux 3.0.0 sparc
- Debian Linux 4.0
- Debian Linux 4.0 alpha
- Debian Linux 4.0 amd64
- Debian Linux 4.0 arm
- Debian Linux 4.0 armel
- Debian Linux 4.0 hppa
- Debian Linux 4.0 ia-32
- Debian Linux 4.0 ia-64
- Debian Linux 4.0 m68k
- Debian Linux 4.0 mips
- Debian Linux 4.0 mipsel
- Debian Linux 4.0 powerpc
- Debian Linux 4.0 s/390
- Debian Linux 4.0 sparc
- Debian Linux 5.0
- Debian Linux 5.0 alpha
- Debian Linux 5.0 amd64
- Debian Linux 5.0 arm
- Debian Linux 5.0 armel
- Debian Linux 5.0 hppa
- Debian Linux 5.0 ia-32
- Debian Linux 5.0 ia-64
- Debian Linux 5.0 m68k
- Debian Linux 5.0 mips
- Debian Linux 5.0 mipsel
- Debian Linux 5.0 powerpc
- Debian Linux 5.0 s/390
- Debian Linux 5.0 sparc
- Easy Software Products CUPS 1.0.4
- Easy Software Products CUPS 1.0.4 -8
- Easy Software Products CUPS 1.1.1
- Easy Software Products CUPS 1.1.10
- Easy Software Products CUPS 1.1.12
- Easy Software Products CUPS 1.1.13
- Easy Software Products CUPS 1.1.14
- Easy Software Products CUPS 1.1.15
- Easy Software Products CUPS 1.1.16
- Easy Software Products CUPS 1.1.17
- Easy Software Products CUPS 1.1.18
- Easy Software Products CUPS 1.1.19
- Easy Software Products CUPS 1.1.19 rc5
- Easy Software Products CUPS 1.1.19 rc5
- Easy Software Products CUPS 1.1.20
- Easy Software Products CUPS 1.1.21
- Easy Software Products CUPS 1.1.22
- Easy Software Products CUPS 1.1.22 rc1
- Easy Software Products CUPS 1.1.23
- Easy Software Products CUPS 1.1.23 rc1
- Easy Software Products CUPS 1.1.4
- Easy Software Products CUPS 1.1.4 -2
- Easy Software Products CUPS 1.1.4 -3
- Easy Software Products CUPS 1.1.4 -5
- Easy Software Products CUPS 1.1.6
- Easy Software Products CUPS 1.1.7
- Easy Software Products CUPS 1.2.10
- Easy Software Products CUPS 1.2.12
- Easy Software Products CUPS 1.2.2
- Easy Software Products CUPS 1.2.4
- Easy Software Products CUPS 1.2.8
- Easy Software Products CUPS 1.2.9
- Easy Software Products CUPS 1.3.2
- Easy Software Products CUPS 1.3.3
- Easy Software Products CUPS 1.3.5
- Easy Software Products CUPS 1.3.6
- Easy Software Products CUPS 1.3.7
- Easy Software Products CUPS 1.3.8
- Easy Software Products CUPS 1.3.9
- Gentoo Linux
- Gentoo Linux 1.4.0
- Gentoo Linux 1.4.0 _rc1
- Gentoo Linux 1.4.0 _rc2
- Gentoo Linux 1.4.0 _rc3
- MandrakeSoft Corporate Server 2.1.0
- MandrakeSoft Corporate Server 2.1.0 x86_64
- MandrakeSoft Linux Mandrake 10.0.0
- MandrakeSoft Linux Mandrake 10.0.0 amd64
- MandrakeSoft Linux Mandrake 10.1.0
- MandrakeSoft Linux Mandrake 10.1.0 x86_64
- MandrakeSoft Linux Mandrake 7.2.0
- MandrakeSoft Linux Mandrake 8.0.0
- MandrakeSoft Linux Mandrake 8.0.0 ppc
- MandrakeSoft Linux Mandrake 8.1.0
- MandrakeSoft Linux Mandrake 8.1.0 ia64
- MandrakeSoft Linux Mandrake 8.2.0
- MandrakeSoft Linux Mandrake 8.2.0 ppc
- MandrakeSoft Linux Mandrake 9.0.0
- MandrakeSoft Linux Mandrake 9.2.0
- MandrakeSoft Linux Mandrake 9.2.0 amd64
- MandrakeSoft Multi Network Firewall 2.0.0
- MandrakeSoft apcupsd 2006.0
- RedHat Desktop 3.0.0
- RedHat Enterprise Linux 5 server
- RedHat Enterprise Linux AS 3
- RedHat Enterprise Linux AS 4
- RedHat Enterprise Linux Desktop 5 client
- RedHat Enterprise Linux Desktop Workstation 5 client
- RedHat Enterprise Linux Desktop version 4
- RedHat Enterprise Linux ES 3
- RedHat Enterprise Linux ES 4
- RedHat Enterprise Linux WS 3
- RedHat Enterprise Linux WS 4
- RedHat PowerTools 7.0.0
- S.u.S.E. Linux 7.1.0 alpha
- S.u.S.E. Linux 7.1.0 ppc
- S.u.S.E. Linux 7.1.0 sparc
- S.u.S.E. Linux 7.1.0 x86
- S.u.S.E. Linux 7.2.0 i386
- S.u.S.E. Linux 7.3.0 i386
- S.u.S.E. Linux 7.3.0 ppc
- S.u.S.E. Linux 7.3.0 sparc
- S.u.S.E. Linux 8.0.0
- S.u.S.E. Linux 8.0.0 i386
- S.u.S.E. Linux 8.1.0
- S.u.S.E. Linux Personal 8.2.0
- S.u.S.E. Linux Personal 9.1.0
- Turbolinux Appliance Server 1.0.0 Hosting Edition
- Turbolinux Appliance Server 1.0.0 Workgroup Edition
- Turbolinux Appliance Server Hosting Edition 1.0.0
- Turbolinux Appliance Server Workgroup Edition 1.0.0
- Turbolinux Home
- Turbolinux Turbolinux Desktop 10.0.0
- Turbolinux Turbolinux Server 8.0.0
- Turbolinux Turbolinux Workstation 8.0.0
- Ubuntu Ubuntu Linux 4.1.0 ia32
- Ubuntu Ubuntu Linux 4.1.0 ia64
- Ubuntu Ubuntu Linux 4.1.0 ppc
- Ubuntu Ubuntu Linux 6.06 LTS amd64
- Ubuntu Ubuntu Linux 6.06 LTS i386
- Ubuntu Ubuntu Linux 6.06 LTS powerpc
- Ubuntu Ubuntu Linux 6.06 LTS sparc
- Ubuntu Ubuntu Linux 8.04 LTS amd64
- Ubuntu Ubuntu Linux 8.04 LTS i386
- Ubuntu Ubuntu Linux 8.04 LTS lpia
- Ubuntu Ubuntu Linux 8.04 LTS powerpc
- Ubuntu Ubuntu Linux 8.04 LTS sparc
- Ubuntu Ubuntu Linux 8.10 amd64
- Ubuntu Ubuntu Linux 8.10 i386
- Ubuntu Ubuntu Linux 8.10 lpia
- Ubuntu Ubuntu Linux 8.10 powerpc
- Ubuntu Ubuntu Linux 8.10 sparc
- Ubuntu Ubuntu Linux 9.04 amd64
- Ubuntu Ubuntu Linux 9.04 i386
- Ubuntu Ubuntu Linux 9.04 lpia
- Ubuntu Ubuntu Linux 9.04 powerpc
- Ubuntu Ubuntu Linux 9.04 sparc
References:
- Avaya: ASA-2009-202 cups security update (RHSA-2009-1082)
- CORE Security Technologies: Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
- Easy Software Products: CUPS Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
