CVE-2007-5849

2007-12-19 22:46:00 2017-07-29 03:33:54

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Easy software products Cups 1.2.12 (not an official CPE) Easy software products Cups 1.3.3 (not an official CPE) Easy software products Cups 1.2.4 (not an official CPE) Easy software products Cups 1.2.10 (not an official CPE) Easy software products Cups 1.2.9 (not an official CPE)

Easy software products - Cups

Advisory	Patch	Confirmed	Link
			FEDORA-2008-0322
			cups-asn1getstring-bo(39101)
			macos-snmp-bo(39097)
			ADV-2007-4242
			ADV-2007-4238
			TA07-352A
			USN-563-1
			26917
			26910
			SUSE-SR:2008:002
			MDVSA-2008:036
			GLSA-200712-14
			DSA-1437
			http://www.cups.org/str.php?L2589
			SUSE-SA:2008:002
			APPLE-SA-2007-12-17
			http://docs.info.apple.com/article.html?artnum=307179
			http://bugs.gentoo.org/show_bug.cgi?id=201570

CVE-2007-5849

2007-12-19 22:46:00 2017-07-29 03:33:54

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)