QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0302

Published: Mar 5, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

APPLE-SA-2010-06-15-1

vendor-advisory

x_refsource_APPLE

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=557775

x_refsource_CONFIRM

oval:org.mitre.oval:def:11216

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_VUPEN

http://cups.org/articles.php?L596

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

http://support.apple.com/kb/HT4188

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

FEDORA-2010-2743

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

http://cups.org/str.php?L3490

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.