CVE-2010-1748
CVE-2010-1748
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/34152unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://cups.org/articles.php?L596http://cups.org/str.php?L3577http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://secunia.com/advisories/40220http://secunia.com/advisories/43521http://security.gentoo.org/glsa/glsa-201207-10.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9723http://support.apple.com/kb/HT4188http://www.debian.org/security/2011/dsa-2176http://www.mandriva.com/security/advisories?name=MDVSA-2010:232http://www.mandriva.com/security/advisories?name=MDVSA-2010:234