CVE-2010-2941 — CRITICAL (9.8)

Q: How severe is CVE-2010-2941?

CVE-2010-2941 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2010-2941?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Cups, Apple Mac Os X, Apple Mac Os X Server, Fedoraproject Fedora, Canonical Ubuntu Linux.

Vulnerability Description

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apple	Cups	<= 1.4.4
Apple	Mac Os X	< 10.5.8
Apple	Mac Os X Server	< 10.5.8
Fedoraproject	Fedora	12
Canonical	Ubuntu Linux	6.06
Debian	Debian Linux	5.0
Opensuse	Opensuse	11.1
Suse	Linux Enterprise	10.0
Suse	Linux Enterprise Server	9
Redhat	Enterprise Linux	5.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0

Related Weaknesses (CWE)

CWE-416

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxBroken Link
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.hMailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.hMailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.hMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlMailing List
http://rhn.redhat.com/errata/RHSA-2010-0811.htmlThird Party Advisory
http://secunia.com/advisories/42287Broken Link
http://secunia.com/advisories/42867Broken Link
http://secunia.com/advisories/43521Broken Link
http://security.gentoo.org/glsa/glsa-201207-10.xmlThird Party Advisory
http://securitytracker.com/id?1024662Broken LinkThird Party AdvisoryVDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackwareBroken Link
http://support.apple.com/kb/HT4435Broken Link
http://www.debian.org/security/2011/dsa-2176Mailing ListThird Party Advisory

FAQ

What is CVE-2010-2941?

CVE-2010-2941 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-fr...

How severe is CVE-2010-2941?

CVE-2010-2941 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2010-2941?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Cups, Apple Mac Os X, Apple Mac Os X Server, Fedoraproject Fedora, Canonical Ubuntu Linux.