Vulnerability CVE-2009-3553: Information

Description

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-3553
Published: Nov. 20, 2009
Modified: Feb. 2, 2024
Error type identifier: CWE-416

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs
  • Broken Link
  • Patch
  • Vendor Advisory
37360
  • Broken Link
  • Vendor Advisory
http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs
  • Broken Link
  • Patch
  • Vendor Advisory
RHSA-2009:1595
  • Broken Link
37364
  • Broken Link
  • Vendor Advisory
http://www.cups.org/str.php?L3200
  • Broken Link
  • Patch
  • Vendor Advisory
http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs
  • Broken Link
  • Patch
  • Vendor Advisory
37048
  • Broken Link
  • Third Party Advisory
  • VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=530111
  • Issue Tracking
FEDORA-2009-12652
  • Mailing List
http://support.apple.com/kb/HT4004
  • Vendor Advisory
APPLE-SA-2010-01-19-1
  • Mailing List
38241
  • Broken Link
ADV-2010-0173
  • Broken Link
USN-906-1
  • Third Party Advisory
275230
  • Broken Link
MDVSA-2010:073
  • Broken Link
DSA-2176
  • Mailing List
ADV-2011-0535
  • Broken Link
43521
  • Broken Link
GLSA-201207-10
  • Third Party Advisory
oval:org.mitre.oval:def:11183
  • Broken Link

    1. Configuration 1

      cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*
      cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
      cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
      End excliding
      10.5.8
      cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
      End excliding
      10.5.8
      cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
      Start including
      10.6.0
      End excliding
      10.6.2
      cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
      Start including
      10.6.0
      End excliding
      10.6.2

      Configuration 2

      cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top