APP: Apple CUPS Text-to-PostScript Filter Integer Overflow
This signature detects attempts to exploit a known vulnerability in Apple CUPS Text-to-PostScript texttops Filter. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers. Remote attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges. Successful remote exploits may require printer sharing to be enabled on the vulnerable system. These issues affect versions prior to CUPS 1.3.9.
Affected Products
Avaya proactive_contact
Short Name
APP:CUPS:TEXTTOPS-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Apple CUPS CVE-2008-3640 Filter Integer Overflow Text-to-PostScript bid:31690
Release Date
07/26/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Sun
Rpath
Turbolinux
Avaya
Easy_software_products
Pardus
Slackware
Ubuntu
Mandriva
Debian
CVSS Score
6.8