| Vulnerability Name: | CVE-2007-5849 (CCN-39101) | ||||||||||||||||||||
| Assigned: | 2007-12-17 | ||||||||||||||||||||
| Published: | 2007-12-17 | ||||||||||||||||||||
| Updated: | 2017-07-29 | ||||||||||||||||||||
| Summary: | Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-189 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=201570 Source: MITRE Type: CNA CVE-2007-5849 Source: CCN Type: Apple Web site About Security Update 2007-009 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307179 Source: APPLE Type: UNKNOWN APPLE-SA-2007-12-17 Source: SUSE Type: UNKNOWN SUSE-SA:2008:002 Source: SECUNIA Type: Vendor Advisory 28113 Source: CCN Type: SA28129 CUPS SNMP Backend "asn1_get_string()" Signedness Vulnerability Source: SECUNIA Type: Vendor Advisory 28129 Source: CCN Type: SA28136 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28136 Source: SECUNIA Type: Vendor Advisory 28200 Source: SECUNIA Type: Vendor Advisory 28386 Source: SECUNIA Type: Vendor Advisory 28441 Source: SECUNIA Type: Vendor Advisory 28636 Source: SECUNIA Type: Vendor Advisory 28676 Source: CCN Type: CUPS Web site Download - Common UNIX Printing System Source: CCN Type: CUPS STR #2589 SNMP backend integer underflow/stack overflow in asn1_get_string() Source: CONFIRM Type: UNKNOWN http://www.cups.org/str.php?L2589 Source: DEBIAN Type: UNKNOWN DSA-1437 Source: DEBIAN Type: DSA-1437 cupsys -- several vulnerabilities Source: CCN Type: GLSA-200712-14 CUPS: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200712-14 Source: MANDRIVA Type: UNKNOWN MDVSA-2008:036 Source: SUSE Type: UNKNOWN SUSE-SR:2008:002 Source: CCN Type: OSVDB ID: 40719 CUPS SNMP Back End (backend/snmp.c) asn1_get_string Function Crafted SNMP Response Remote Overflow Source: BID Type: UNKNOWN 26910 Source: CCN Type: BID-26910 Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities Source: BID Type: UNKNOWN 26917 Source: CCN Type: BID-26917 Common UNIX Printing System SNMP 'asn1_get_string()' Remote Buffer Overflow Vulnerability Source: CCN Type: USN-563-1 CUPS vulnerabilities Source: UBUNTU Type: UNKNOWN USN-563-1 Source: CERT Type: US Government Resource TA07-352A Source: VUPEN Type: Vendor Advisory ADV-2007-4238 Source: VUPEN Type: Vendor Advisory ADV-2007-4242 Source: XF Type: UNKNOWN macos-snmp-bo(39097) Source: XF Type: UNKNOWN cups-asn1getstring-bo(39101) Source: XF Type: UNKNOWN cups-asn1getstring-bo(39101) Source: FEDORA Type: UNKNOWN FEDORA-2008-0322 Source: SUSE Type: SUSE-SA:2008:002 SUSE Security Announcement Source: SUSE Type: SUSE-SR:2008:002 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||