Oval Definition:	oval:org.mitre.oval:def:22302
Revision Date: 2014-02-24 Version: 48 Title: RHSA-2010:0490: cups security update (Important) Description: The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. Family: unix Class: patch Status: ACCEPTED Reference(s): CESA-2010:0490 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 RHSA-2010:0490-01 Platform(s): CentOS Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 Product(s): cups Definition Synopsis Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x AND Packages section cups-lpd is earlier than 1:1.3.7-18.el5_5.4 OR cups-devel is earlier than 1:1.3.7-18.el5_5.4 OR cups-libs is earlier than 1:1.3.7-18.el5_5.4 OR cups is earlier than 1:1.3.7-18.el5_5.4
BACK