CVE - CVE-2009-0949

CVE-ID
CVE-2009-0949	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-09-10-2 URL:http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html BID:35169 URL:http://www.securityfocus.com/bid/35169 BUGTRAQ:20090602 CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability URL:http://www.securityfocus.com/archive/1/504032/100/0/threaded CONFIRM:http://support.apple.com/kb/HT3865 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=500972 DEBIAN:DSA-1811 URL:http://www.debian.org/security/2009/dsa-1811 MISC:http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability OVAL:oval:org.mitre.oval:def:9631 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631 REDHAT:RHSA-2009:1082 URL:http://www.redhat.com/support/errata/RHSA-2009-1082.html REDHAT:RHSA-2009:1083 URL:http://www.redhat.com/support/errata/RHSA-2009-1083.html SECTRACK:1022321 URL:http://securitytracker.com/id?1022321 SECUNIA:35322 URL:http://secunia.com/advisories/35322 SECUNIA:35328 URL:http://secunia.com/advisories/35328 SECUNIA:35340 URL:http://secunia.com/advisories/35340 SECUNIA:35342 URL:http://secunia.com/advisories/35342 SECUNIA:35685 URL:http://secunia.com/advisories/35685 SECUNIA:36701 URL:http://secunia.com/advisories/36701 SUSE:SUSE-SR:2009:012 URL:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html UBUNTU:USN-780-1 URL:http://www.ubuntu.com/usn/USN-780-1 XF:apple-cups-ipptag-dos(50926) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/50926
Assigning CNA
MITRE Corporation
Date Record Created
20090318	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090318)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)