NVD脆弱性詳細

CVE-2008-3641

概要	The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
公表日	2008年10月10日19:30
登録日	2021年1月29日13:40
最終更新日	2018年10月12日5:48

CVSS2.0 : HIGH
スコア	10.0
ベクター	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apple:cups:1.1:::::::*
cpe:2.3:a:apple:cups:1.1.1:::::::*
cpe:2.3:a:apple:cups:1.1.2:::::::*
cpe:2.3:a:apple:cups:1.1.3:::::::*
cpe:2.3:a:apple:cups:1.1.4:::::::*
cpe:2.3:a:apple:cups:1.1.5:::::::*
cpe:2.3:a:apple:cups:1.1.5-1:::::::*
cpe:2.3:a:apple:cups:1.1.5-2:::::::*
cpe:2.3:a:apple:cups:1.1.6:::::::*
cpe:2.3:a:apple:cups:1.1.6-1:::::::*
cpe:2.3:a:apple:cups:1.1.6-2:::::::*
cpe:2.3:a:apple:cups:1.1.6-3:::::::*
cpe:2.3:a:apple:cups:1.1.7:::::::*
cpe:2.3:a:apple:cups:1.1.8:::::::*
cpe:2.3:a:apple:cups:1.1.9:::::::*
cpe:2.3:a:apple:cups:1.1.9-1:::::::*
cpe:2.3:a:apple:cups:1.1.10:::::::*
cpe:2.3:a:apple:cups:1.1.10-1:::::::*
cpe:2.3:a:apple:cups:1.1.11:::::::*
cpe:2.3:a:apple:cups:1.1.12:::::::*
cpe:2.3:a:apple:cups:1.1.13:::::::*
cpe:2.3:a:apple:cups:1.1.14:::::::*
cpe:2.3:a:apple:cups:1.1.15:::::::*
cpe:2.3:a:apple:cups:1.1.16:::::::*
cpe:2.3:a:apple:cups:1.1.17:::::::*
cpe:2.3:a:apple:cups:1.1.18:::::::*
cpe:2.3:a:apple:cups:1.1.19:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc1::::::
cpe:2.3:a:apple:cups:1.1.19:rc2::::::
cpe:2.3:a:apple:cups:1.1.19:rc3::::::
cpe:2.3:a:apple:cups:1.1.19:rc4::::::
cpe:2.3:a:apple:cups:1.1.19:rc5::::::
cpe:2.3:a:apple:cups:1.1.20:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc1::::::
cpe:2.3:a:apple:cups:1.1.20:rc2::::::
cpe:2.3:a:apple:cups:1.1.20:rc3::::::
cpe:2.3:a:apple:cups:1.1.20:rc4::::::
cpe:2.3:a:apple:cups:1.1.20:rc5::::::
cpe:2.3:a:apple:cups:1.1.20:rc6::::::
cpe:2.3:a:apple:cups:1.1.21:::::::*
cpe:2.3:a:apple:cups:1.1.21:rc1::::::
cpe:2.3:a:apple:cups:1.1.21:rc2::::::
cpe:2.3:a:apple:cups:1.1.22:::::::*
cpe:2.3:a:apple:cups:1.1.22:rc1::::::
cpe:2.3:a:apple:cups:1.1.22:rc2::::::
cpe:2.3:a:apple:cups:1.1.23:::::::*
cpe:2.3:a:apple:cups:1.1.23:rc1::::::
cpe:2.3:a:apple:cups:1.2:b1::::::
cpe:2.3:a:apple:cups:1.2:b2::::::
cpe:2.3:a:apple:cups:1.2:rc1::::::
cpe:2.3:a:apple:cups:1.2:rc2::::::
cpe:2.3:a:apple:cups:1.2:rc3::::::
cpe:2.3:a:apple:cups:1.2.0:::::::*
cpe:2.3:a:apple:cups:1.2.1:::::::*
cpe:2.3:a:apple:cups:1.2.2:::::::*
cpe:2.3:a:apple:cups:1.2.3:::::::*
cpe:2.3:a:apple:cups:1.2.4:::::::*
cpe:2.3:a:apple:cups:1.2.5:::::::*
cpe:2.3:a:apple:cups:1.2.6:::::::*
cpe:2.3:a:apple:cups:1.2.7:::::::*
cpe:2.3:a:apple:cups:1.2.8:::::::*
cpe:2.3:a:apple:cups:1.2.9:::::::*
cpe:2.3:a:apple:cups:1.2.10:::::::*
cpe:2.3:a:apple:cups:1.2.11:::::::*
cpe:2.3:a:apple:cups:1.2.12:::::::*
cpe:2.3:a:apple:cups:1.3:b1::::::
cpe:2.3:a:apple:cups:1.3:rc1::::::
cpe:2.3:a:apple:cups:1.3:rc2::::::
cpe:2.3:a:apple:cups:1.3.0:::::::*
cpe:2.3:a:apple:cups:1.3.1:::::::*
cpe:2.3:a:apple:cups:1.3.2:::::::*
cpe:2.3:a:apple:cups:1.3.3:::::::*
cpe:2.3:a:apple:cups:1.3.4:::::::*
cpe:2.3:a:apple:cups:1.3.5:::::::*
cpe:2.3:a:apple:cups:1.3.6:::::::*
cpe:2.3:a:apple:cups:1.3.7:::::::*
cpe:2.3:a:apple:cups::::::::		1.3.8

関連情報、対策とツール

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	APPLE	Vendor Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html	SUSE
3	http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html	SUSE
4	http://secunia.com/advisories/32084	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/32222	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/32226	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/32284	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/32292	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/32316	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/32331	SECUNIA
11	http://secunia.com/advisories/33085	SECUNIA
12	http://secunia.com/advisories/33111	SECUNIA
13	http://secunia.com/advisories/33568	SECUNIA
14	http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1	SUNALERT
15	http://support.apple.com/kb/HT3216	CONFIRM	Vendor Advisory
16	http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm	CONFIRM
17	http://www.cups.org/articles.php?L575	CONFIRM
18	http://www.cups.org/str.php?L2911	CONFIRM	Exploit
19	http://www.debian.org/security/2008/dsa-1656	DEBIAN
20	http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml	GENTOO
21	http://www.mandriva.com/security/advisories?name=MDVSA-2008:211	MANDRIVA
22	http://www.redhat.com/support/errata/RHSA-2008-0937.html	REDHAT
23	http://www.securityfocus.com/archive/1/497221/100/0/threaded	BUGTRAQ
24	http://www.securityfocus.com/bid/31681	BID	Patch
25	http://www.securityfocus.com/bid/31688	BID
26	http://www.securitytracker.com/id?1021031	SECTRACK
27	http://www.vupen.com/english/advisories/2008/2780	VUPEN
28	http://www.vupen.com/english/advisories/2008/2782	VUPEN
29	http://www.vupen.com/english/advisories/2008/3401	VUPEN
30	http://www.vupen.com/english/advisories/2009/1568	VUPEN
31	http://www.zerodayinitiative.com/advisories/ZDI-08-067	MISC
32	https://exchange.xforce.ibmcloud.com/vulnerabilities/45779	XF
33	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9666	OVAL
34	https://usn.ubuntu.com/656-1/	UBUNTU
35	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html	FEDORA
36	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html	FEDORA

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

構成1	以上	以下	より上	未満
cpe:2.3:a:apple:cups:1.1:::::::*
cpe:2.3:a:apple:cups:1.1.1:::::::*
cpe:2.3:a:apple:cups:1.1.2:::::::*
cpe:2.3:a:apple:cups:1.1.3:::::::*
cpe:2.3:a:apple:cups:1.1.4:::::::*
cpe:2.3:a:apple:cups:1.1.5:::::::*
cpe:2.3:a:apple:cups:1.1.5-1:::::::*
cpe:2.3:a:apple:cups:1.1.5-2:::::::*
cpe:2.3:a:apple:cups:1.1.6:::::::*
cpe:2.3:a:apple:cups:1.1.6-1:::::::*
cpe:2.3:a:apple:cups:1.1.6-2:::::::*
cpe:2.3:a:apple:cups:1.1.6-3:::::::*
cpe:2.3:a:apple:cups:1.1.7:::::::*
cpe:2.3:a:apple:cups:1.1.8:::::::*
cpe:2.3:a:apple:cups:1.1.9:::::::*
cpe:2.3:a:apple:cups:1.1.9-1:::::::*
cpe:2.3:a:apple:cups:1.1.10:::::::*
cpe:2.3:a:apple:cups:1.1.10-1:::::::*
cpe:2.3:a:apple:cups:1.1.11:::::::*
cpe:2.3:a:apple:cups:1.1.12:::::::*
cpe:2.3:a:apple:cups:1.1.13:::::::*
cpe:2.3:a:apple:cups:1.1.14:::::::*
cpe:2.3:a:apple:cups:1.1.15:::::::*
cpe:2.3:a:apple:cups:1.1.16:::::::*
cpe:2.3:a:apple:cups:1.1.17:::::::*
cpe:2.3:a:apple:cups:1.1.18:::::::*
cpe:2.3:a:apple:cups:1.1.19:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc1::::::
cpe:2.3:a:apple:cups:1.1.19:rc2::::::
cpe:2.3:a:apple:cups:1.1.19:rc3::::::
cpe:2.3:a:apple:cups:1.1.19:rc4::::::
cpe:2.3:a:apple:cups:1.1.19:rc5::::::
cpe:2.3:a:apple:cups:1.1.20:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc1::::::
cpe:2.3:a:apple:cups:1.1.20:rc2::::::
cpe:2.3:a:apple:cups:1.1.20:rc3::::::
cpe:2.3:a:apple:cups:1.1.20:rc4::::::
cpe:2.3:a:apple:cups:1.1.20:rc5::::::
cpe:2.3:a:apple:cups:1.1.20:rc6::::::
cpe:2.3:a:apple:cups:1.1.21:::::::*
cpe:2.3:a:apple:cups:1.1.21:rc1::::::
cpe:2.3:a:apple:cups:1.1.21:rc2::::::
cpe:2.3:a:apple:cups:1.1.22:::::::*
cpe:2.3:a:apple:cups:1.1.22:rc1::::::
cpe:2.3:a:apple:cups:1.1.22:rc2::::::
cpe:2.3:a:apple:cups:1.1.23:::::::*
cpe:2.3:a:apple:cups:1.1.23:rc1::::::
cpe:2.3:a:apple:cups:1.2:b1::::::
cpe:2.3:a:apple:cups:1.2:b2::::::
cpe:2.3:a:apple:cups:1.2:rc1::::::
cpe:2.3:a:apple:cups:1.2:rc2::::::
cpe:2.3:a:apple:cups:1.2:rc3::::::
cpe:2.3:a:apple:cups:1.2.0:::::::*
cpe:2.3:a:apple:cups:1.2.1:::::::*
cpe:2.3:a:apple:cups:1.2.2:::::::*
cpe:2.3:a:apple:cups:1.2.3:::::::*
cpe:2.3:a:apple:cups:1.2.4:::::::*
cpe:2.3:a:apple:cups:1.2.5:::::::*
cpe:2.3:a:apple:cups:1.2.6:::::::*
cpe:2.3:a:apple:cups:1.2.7:::::::*
cpe:2.3:a:apple:cups:1.2.8:::::::*
cpe:2.3:a:apple:cups:1.2.9:::::::*
cpe:2.3:a:apple:cups:1.2.10:::::::*
cpe:2.3:a:apple:cups:1.2.11:::::::*
cpe:2.3:a:apple:cups:1.2.12:::::::*
cpe:2.3:a:apple:cups:1.3:b1::::::
cpe:2.3:a:apple:cups:1.3:rc1::::::
cpe:2.3:a:apple:cups:1.3:rc2::::::
cpe:2.3:a:apple:cups:1.3.0:::::::*
cpe:2.3:a:apple:cups:1.3.1:::::::*
cpe:2.3:a:apple:cups:1.3.2:::::::*
cpe:2.3:a:apple:cups:1.3.3:::::::*
cpe:2.3:a:apple:cups:1.3.4:::::::*
cpe:2.3:a:apple:cups:1.3.5:::::::*
cpe:2.3:a:apple:cups:1.3.6:::::::*
cpe:2.3:a:apple:cups:1.3.7:::::::*
cpe:2.3:a:apple:cups::::::::		1.3.8