CVE-2009-0949

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-0949

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

T

he ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

References
Link Resource
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Mailing List
http://secunia.com/advisories/35322 Broken Link Vendor Advisory
http://secunia.com/advisories/35328 Broken Link Vendor Advisory
http://secunia.com/advisories/35340 Broken Link Vendor Advisory
http://secunia.com/advisories/35342 Broken Link Vendor Advisory
http://secunia.com/advisories/35685 Broken Link
http://secunia.com/advisories/36701 Broken Link
http://securitytracker.com/id?1022321 Broken Link Third Party Advisory VDB Entry
http://support.apple.com/kb/HT3865 Third Party Advisory
http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability Exploit Third Party Advisory
http://www.debian.org/security/2009/dsa-1811 Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1082.html Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1083.html Broken Link
http://www.securityfocus.com/archive/1/504032/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/35169 Broken Link Exploit Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-780-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=500972 Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/50926 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631 Broken Link
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Mailing List
http://secunia.com/advisories/35322 Broken Link Vendor Advisory
http://secunia.com/advisories/35328 Broken Link Vendor Advisory
http://secunia.com/advisories/35340 Broken Link Vendor Advisory
http://secunia.com/advisories/35342 Broken Link Vendor Advisory
http://secunia.com/advisories/35685 Broken Link
http://secunia.com/advisories/36701 Broken Link
http://securitytracker.com/id?1022321 Broken Link Third Party Advisory VDB Entry
http://support.apple.com/kb/HT3865 Third Party Advisory
http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability Exploit Third Party Advisory
http://www.debian.org/security/2009/dsa-1811 Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1082.html Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1083.html Broken Link
http://www.securityfocus.com/archive/1/504032/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/35169 Broken Link Exploit Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-780-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=500972 Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/50926 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:9.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*
History

21 Nov 2024, 01:01

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html - Mailing List () http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List
References () http://secunia.com/advisories/35322 - Broken Link, Vendor Advisory () http://secunia.com/advisories/35322 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/35328 - Broken Link, Vendor Advisory () http://secunia.com/advisories/35328 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/35340 - Broken Link, Vendor Advisory () http://secunia.com/advisories/35340 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/35342 - Broken Link, Vendor Advisory () http://secunia.com/advisories/35342 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/35685 - Broken Link () http://secunia.com/advisories/35685 - Broken Link
References () http://secunia.com/advisories/36701 - Broken Link () http://secunia.com/advisories/36701 - Broken Link
References () http://securitytracker.com/id?1022321 - Broken Link, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1022321 - Broken Link, Third Party Advisory, VDB Entry
References () http://support.apple.com/kb/HT3865 - Third Party Advisory () http://support.apple.com/kb/HT3865 - Third Party Advisory
References () http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability - Exploit, Third Party Advisory () http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability - Exploit, Third Party Advisory
References () http://www.debian.org/security/2009/dsa-1811 - Broken Link, Third Party Advisory () http://www.debian.org/security/2009/dsa-1811 - Broken Link, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2009-1082.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2009-1082.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2009-1083.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2009-1083.html - Broken Link
References () http://www.securityfocus.com/archive/1/504032/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/504032/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/35169 - Broken Link, Exploit, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/35169 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-780-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-780-1 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=500972 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=500972 - Issue Tracking
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/50926 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/50926 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631 - Broken Link
Information

Published : 2009-06-09 17:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-0949

Mitre link : CVE-2009-0949

CVE.ORG link : CVE-2009-0949

JSON object : View

Products Affected

apple

opensuse

canonical

suse

debian

CWE
CWE-908

Use of Uninitialized Resource