FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351364
Date:      2014-04-15
Time:      20:21:44Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
736e55bc-39bb-11de-a493-001b77d09812cups -- remote code execution and DNS rebinding

Gentoo security team summarizes:

The following issues were reported in CUPS:

  • iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).
  • Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
  • Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.


Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13
cups-base
lt 1.3.10

34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582
736e55bc-39bb-11de-a493-001b77d09812cups -- remote code execution and DNS rebinding

Gentoo security team summarizes:

The following issues were reported in CUPS:

  • iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).
  • Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
  • Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.


Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13
cups-base
lt 1.3.10

34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582