CVE-2002-1372 - OpenCVE

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Cups
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.2.2:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:2.2:::::::*
	cpe:2.3:o:debian:debian_linux:3.0:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html	Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702	Broken Link
http://marc.info/?l=bugtraq&m=104032149026670&w=2	Mailing List
http://www.debian.org/security/2003/dsa-232	Third Party Advisory
http://www.idefense.com/advisory/12.19.02.txt	Broken Link Exploit Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001	Broken Link
http://www.novell.com/linux/security/advisories/2003_002_cups.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-295.html	Broken Link
http://www.securityfocus.com/bid/6440	Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10912	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2007-12-20T00:00:00

Reserved: 2002-12-16T00:00:00

Link: CVE-2002-1372

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-12-26T05:00:00.000

Modified: 2024-01-21T01:39:35.663

Link: CVE-2002-1372

JSON object: View

Redhat Information

No data.

CWE

CWE-252

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-12-20T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html"}, {"name": "CLSA-2003:702", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702"}, {"name": "DSA-232", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2003/dsa-232"}, {"name": "SuSE-SA:2003:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.idefense.com/advisory/12.19.02.txt"}, {"name": "RHSA-2002:295", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html"}, {"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2"}, {"name": "MDKSA-2003:001", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001"}, {"name": "6440", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6440"}, {"name": "cups-file-descriptor-dos(10912)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10912"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1372", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html"}, {"name": "CLSA-2003:702", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702"}, {"name": "DSA-232", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-232"}, {"name": "SuSE-SA:2003:002", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html"}, {"name": "http://www.idefense.com/advisory/12.19.02.txt", "refsource": "MISC", "url": "http://www.idefense.com/advisory/12.19.02.txt"}, {"name": "RHSA-2002:295", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html"}, {"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2"}, {"name": "MDKSA-2003:001", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001"}, {"name": "6440", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6440"}, {"name": "cups-file-descriptor-dos(10912)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10912"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1372", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-12-16T00:00:00", "dateUpdated": "2007-12-20T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB349B56-37FA-4ECB-8260-AFBF6B324B34", "versionEndIncluding": "1.1.17", "versionStartIncluding": "1.1.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "CDCF4FB3-F781-46D5-BEE7-485B3DC78B83", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "56CC0444-570C-4BB5-B53A-C5CA0BD87935", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "58B90124-0543-4226-BFF4-13CCCBCCB243", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta."}, {"lang": "es", "value": "Common Unix Printing System (CUPS) 1.1.14 a 1.1.17 no comprueba adecuadamente los valores de retorno de varias operaciones de ficheros y sockets, lo que podr\u00eda permitir a un atacante remoto causar una denegaci\u00f3n de servicio (consumici\u00f3n de recursos) haciendo que descriptores de ficheros sean asignados y no liberados, como ha sido demostrado por fanta."}], "id": "CVE-2002-1372", "lastModified": "2024-01-21T01:39:35.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2002-12-26T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2003/dsa-232"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit", "Vendor Advisory"], "url": "http://www.idefense.com/advisory/12.19.02.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/6440"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10912"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}], "source": "nvd@nist.gov", "type": "Primary"}]}