Red Hat Bugzilla – Bug 473901
CVE-2008-5183 cups: DoS (daemon crash) caused by the large number of subscriptions
Last modified: 2010-12-23 21:14:14 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5183 to
the following vulnerability:
cupsd in CUPS before 1.3.8 allows local users, and possibly remote
attackers, to cause a denial of service (daemon crash) by adding a
large number of RSS Subscriptions, which triggers a NULL pointer
dereference. NOTE: this issue can be triggered remotely by leveraging
Patch: See attachment -- cups-1.3-max-subscriptions.patch
cups-1.3.9-4.fc10 has been submitted as an update for Fedora 10.
cups-1.3.9-2.fc9 has been submitted as an update for Fedora 9.
cups-1.3.9-2.fc8 has been submitted as an update for Fedora 8.
cups-1.3.9-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
cups-1.3.9-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
cups-1.3.9-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via:
Red Hat Enterprise Linux version 5 (RHSA-2008:1029)