製品・ソフトウェアに関する情報

JVN脆弱性詳細

CUPS のテキストフィルタサブシステムにおける任意のコードを実行される脆弱性

タイトル	CUPS のテキストフィルタサブシステムにおける任意のコードを実行される脆弱性
概要	CUPS のテキストフィルタサブシステム内にある _WriteProlog 関数には、特定の calloc コールの戻り値をチェックしないため、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。
想定される影響	第三者により、巧妙に細工されたファイルを介して、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2010年6月17日0:00
登録日	2010年7月13日17:55
最終更新日	2011年3月31日13:53

CVSS2.0 : 警告
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P

影響を受けるシステム

レッドハット

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

RHEL Desktop Workstation 5 (client)

オラクル

Oracle Solaris 11 Express

ターボリナックス

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

CUPS

CUPS 1.4.4 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0542	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542
National Vulnerability Database (NVD)
2	CVE-2010-0542	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	名前	URL
Asianux Technical Support Network
1	cups-1.3.7-18.4.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1058
CUPS
2	L596	http://www.cups.org/articles.php?L596
3	STR #3516	http://www.cups.org/str.php?L3516
MIRACLE LINUX アップデート情報
4	2070	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2070
Red Hat Security Advisory
5	RHSA-2010:0490	https://rhn.redhat.com/errata/RHSA-2010-0490.html
SECURITY BLOG
6	multiple_vulnerabilities_in_cups_printing	http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_cups_printing
Turbolinux Security Advisory
7	TLSA-2010-25	http://www.turbolinux.co.jp/security/2010/TLSA-2010-25j.txt

その他

No	名前	URL
SecurityFocus
1	40943	http://www.securityfocus.com/bid/40943
SecurityTracker
2	1024121	http://securitytracker.com/id?1024121

変更履歴

No	変更内容	変更日
0	[2010年07月13日] 掲載 [2010年08月12日] 影響を受けるシステム：ターボリナックス (TLSA-2010-25) の情報を追加ベンダ情報：ターボリナックス (TLSA-2010-25) を追加 [2011年03月31日] 影響を受けるシステム：オラクル (multiple_vulnerabilities_in_cups_printing) の情報を追加ベンダ情報：オラクル (multiple_vulnerabilities_in_cups_printing) を追加	2018年2月17日10:37

NVD脆弱性情報

CVE-2010-0542

概要	The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
公表日	2010年6月22日1:30
登録日	2021年1月29日10:57
最終更新日	2024年11月21日10:12

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apple:cups:1.1.20:::::::*
cpe:2.3:a:apple:cups:1.1.5-2:::::::*
cpe:2.3:a:apple:cups:1.3.9:::::::*
cpe:2.3:a:apple:cups:1.1.14:::::::*
cpe:2.3:a:apple:cups:1.3:rc2::::::
cpe:2.3:a:apple:cups:1.1.6-1:::::::*
cpe:2.3:a:apple:cups:1.1.18:::::::*
cpe:2.3:a:apple:cups:1.1.12:::::::*
cpe:2.3:a:apple:cups::::::::		1.4.3
cpe:2.3:a:apple:cups:1.3.11:::::::*
cpe:2.3:a:apple:cups:1.1.5-1:::::::*
cpe:2.3:a:apple:cups:1.3.3:::::::*
cpe:2.3:a:apple:cups:1.1.22:::::::*
cpe:2.3:a:apple:cups:1.2.0:::::::*
cpe:2.3:a:apple:cups:1.1.16:::::::*
cpe:2.3:a:apple:cups:1.4.1:::::::*
cpe:2.3:a:apple:cups:1.3.1:::::::*
cpe:2.3:a:apple:cups:1.1.23:rc1::::::
cpe:2.3:a:apple:cups:1.1.20:rc1::::::
cpe:2.3:a:apple:cups:1.1.15:::::::*
cpe:2.3:a:apple:cups:1.1.17:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc6::::::
cpe:2.3:a:apple:cups:1.2.4:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc1::::::
cpe:2.3:a:apple:cups:1.3.2:::::::*
cpe:2.3:a:apple:cups:1.1.22:rc1::::::
cpe:2.3:a:apple:cups:1.1.7:::::::*
cpe:2.3:a:apple:cups:1.2:rc2::::::
cpe:2.3:a:apple:cups:1.1.6-2:::::::*
cpe:2.3:a:apple:cups:1.3:b1::::::
cpe:2.3:a:apple:cups:1.1.3:::::::*
cpe:2.3:a:apple:cups:1.2.3:::::::*
cpe:2.3:a:apple:cups:1.1.21:::::::*
cpe:2.3:a:apple:cups:1.4.0:::::::*
cpe:2.3:a:apple:cups:1.2.9:::::::*
cpe:2.3:a:apple:cups:1.2.10:::::::*
cpe:2.3:a:apple:cups:1.1.4:::::::*
cpe:2.3:a:apple:cups:1.1.23:::::::*
cpe:2.3:a:apple:cups:1.2.6:::::::*
cpe:2.3:a:apple:cups:1.2:b1::::::
cpe:2.3:a:apple:cups:1.3.8:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc4::::::
cpe:2.3:a:apple:cups:1.1.19:::::::*
cpe:2.3:a:apple:cups:1.1:::::::*
cpe:2.3:a:apple:cups:1.3.4:::::::*
cpe:2.3:a:apple:cups:1.1.8:::::::*
cpe:2.3:a:apple:cups:1.1.5:::::::*
cpe:2.3:a:apple:cups:1.2.1:::::::*
cpe:2.3:a:apple:cups:1.2:rc3::::::
cpe:2.3:a:apple:cups:1.1.2:::::::*
cpe:2.3:a:apple:cups:1.3.10:::::::*
cpe:2.3:a:apple:cups:1.1.13:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc4::::::
cpe:2.3:a:apple:cups:1.1.9-1:::::::*
cpe:2.3:a:apple:cups:1.2.12:::::::*
cpe:2.3:a:apple:cups:1.1.21:rc2::::::
cpe:2.3:a:apple:cups:1.2:b2::::::
cpe:2.3:a:apple:cups:1.2.7:::::::*
cpe:2.3:a:apple:cups:1.1.6-3:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc5::::::
cpe:2.3:a:apple:cups:1.1.9:::::::*
cpe:2.3:a:apple:cups:1.3.7:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc5::::::
cpe:2.3:a:apple:cups:1.2:rc1::::::
cpe:2.3:a:apple:cups:1.1.1:::::::*
cpe:2.3:a:apple:cups:1.2.8:::::::*
cpe:2.3:a:apple:cups:1.2.2:::::::*
cpe:2.3:a:apple:cups:1.4.2:::::::*
cpe:2.3:a:apple:cups:1.1.10:::::::*
cpe:2.3:a:apple:cups:1.2.11:::::::*
cpe:2.3:a:apple:cups:1.1.22:rc2::::::
cpe:2.3:a:apple:cups:1.1.21:rc1::::::
cpe:2.3:a:apple:cups:1.3:rc1::::::
cpe:2.3:a:apple:cups:1.1.11:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc3::::::
cpe:2.3:a:apple:cups:1.1.6:::::::*
cpe:2.3:a:apple:cups:1.1.10-1:::::::*
cpe:2.3:a:apple:cups:1.3.0:::::::*
cpe:2.3:a:apple:cups:1.3.5:::::::*
cpe:2.3:a:apple:cups:1.3.6:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc2::::::
cpe:2.3:a:apple:cups:1.1.20:rc3::::::
cpe:2.3:a:apple:cups:1.2.5:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc2::::::

構成1	以上	以下	より上	未満
cpe:2.3:a:apple:cups:1.1.20:::::::*
cpe:2.3:a:apple:cups:1.1.5-2:::::::*
cpe:2.3:a:apple:cups:1.3.9:::::::*
cpe:2.3:a:apple:cups:1.1.14:::::::*
cpe:2.3:a:apple:cups:1.3:rc2::::::
cpe:2.3:a:apple:cups:1.1.6-1:::::::*
cpe:2.3:a:apple:cups:1.1.18:::::::*
cpe:2.3:a:apple:cups:1.1.12:::::::*
cpe:2.3:a:apple:cups::::::::		1.4.3
cpe:2.3:a:apple:cups:1.3.11:::::::*
cpe:2.3:a:apple:cups:1.1.5-1:::::::*
cpe:2.3:a:apple:cups:1.3.3:::::::*
cpe:2.3:a:apple:cups:1.1.22:::::::*
cpe:2.3:a:apple:cups:1.2.0:::::::*
cpe:2.3:a:apple:cups:1.1.16:::::::*
cpe:2.3:a:apple:cups:1.4.1:::::::*
cpe:2.3:a:apple:cups:1.3.1:::::::*
cpe:2.3:a:apple:cups:1.1.23:rc1::::::
cpe:2.3:a:apple:cups:1.1.20:rc1::::::
cpe:2.3:a:apple:cups:1.1.15:::::::*
cpe:2.3:a:apple:cups:1.1.17:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc6::::::
cpe:2.3:a:apple:cups:1.2.4:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc1::::::
cpe:2.3:a:apple:cups:1.3.2:::::::*
cpe:2.3:a:apple:cups:1.1.22:rc1::::::
cpe:2.3:a:apple:cups:1.1.7:::::::*
cpe:2.3:a:apple:cups:1.2:rc2::::::
cpe:2.3:a:apple:cups:1.1.6-2:::::::*
cpe:2.3:a:apple:cups:1.3:b1::::::
cpe:2.3:a:apple:cups:1.1.3:::::::*
cpe:2.3:a:apple:cups:1.2.3:::::::*
cpe:2.3:a:apple:cups:1.1.21:::::::*
cpe:2.3:a:apple:cups:1.4.0:::::::*
cpe:2.3:a:apple:cups:1.2.9:::::::*
cpe:2.3:a:apple:cups:1.2.10:::::::*
cpe:2.3:a:apple:cups:1.1.4:::::::*
cpe:2.3:a:apple:cups:1.1.23:::::::*
cpe:2.3:a:apple:cups:1.2.6:::::::*
cpe:2.3:a:apple:cups:1.2:b1::::::
cpe:2.3:a:apple:cups:1.3.8:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc4::::::
cpe:2.3:a:apple:cups:1.1.19:::::::*
cpe:2.3:a:apple:cups:1.1:::::::*
cpe:2.3:a:apple:cups:1.3.4:::::::*
cpe:2.3:a:apple:cups:1.1.8:::::::*
cpe:2.3:a:apple:cups:1.1.5:::::::*
cpe:2.3:a:apple:cups:1.2.1:::::::*
cpe:2.3:a:apple:cups:1.2:rc3::::::
cpe:2.3:a:apple:cups:1.1.2:::::::*
cpe:2.3:a:apple:cups:1.3.10:::::::*
cpe:2.3:a:apple:cups:1.1.13:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc4::::::
cpe:2.3:a:apple:cups:1.1.9-1:::::::*
cpe:2.3:a:apple:cups:1.2.12:::::::*
cpe:2.3:a:apple:cups:1.1.21:rc2::::::
cpe:2.3:a:apple:cups:1.2:b2::::::
cpe:2.3:a:apple:cups:1.2.7:::::::*
cpe:2.3:a:apple:cups:1.1.6-3:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc5::::::
cpe:2.3:a:apple:cups:1.1.9:::::::*
cpe:2.3:a:apple:cups:1.3.7:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc5::::::
cpe:2.3:a:apple:cups:1.2:rc1::::::
cpe:2.3:a:apple:cups:1.1.1:::::::*
cpe:2.3:a:apple:cups:1.2.8:::::::*
cpe:2.3:a:apple:cups:1.2.2:::::::*
cpe:2.3:a:apple:cups:1.4.2:::::::*
cpe:2.3:a:apple:cups:1.1.10:::::::*
cpe:2.3:a:apple:cups:1.2.11:::::::*
cpe:2.3:a:apple:cups:1.1.22:rc2::::::
cpe:2.3:a:apple:cups:1.1.21:rc1::::::
cpe:2.3:a:apple:cups:1.3:rc1::::::
cpe:2.3:a:apple:cups:1.1.11:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc3::::::
cpe:2.3:a:apple:cups:1.1.6:::::::*
cpe:2.3:a:apple:cups:1.1.10-1:::::::*
cpe:2.3:a:apple:cups:1.3.0:::::::*
cpe:2.3:a:apple:cups:1.3.5:::::::*
cpe:2.3:a:apple:cups:1.3.6:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc2::::::
cpe:2.3:a:apple:cups:1.1.20:rc3::::::
cpe:2.3:a:apple:cups:1.2.5:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc2::::::

No	URL	タグ
1	http://cups.org/articles.php?L596	Patch
2	http://cups.org/articles.php?L596	Patch
3	http://cups.org/str.php?L3516
4	http://cups.org/str.php?L3516
5	http://cups.org/strfiles/3516/str3516.patch	Patch
6	http://cups.org/strfiles/3516/str3516.patch	Patch
7	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
8	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
9	http://secunia.com/advisories/43521
10	http://secunia.com/advisories/43521
11	http://security.gentoo.org/glsa/glsa-201207-10.xml
12	http://security.gentoo.org/glsa/glsa-201207-10.xml
13	http://securitytracker.com/id?1024121
14	http://securitytracker.com/id?1024121
15	http://www.debian.org/security/2011/dsa-2176
16	http://www.debian.org/security/2011/dsa-2176
17	http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
18	http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
19	http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
20	http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
21	http://www.securityfocus.com/bid/40943
22	http://www.securityfocus.com/bid/40943
23	http://www.vupen.com/english/advisories/2011/0535
24	http://www.vupen.com/english/advisories/2011/0535
25	https://bugzilla.redhat.com/show_bug.cgi?id=587746	Patch
26	https://bugzilla.redhat.com/show_bug.cgi?id=587746	Patch
27	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10365
28	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10365