Release Date: | 2010-06-17 |
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstated by the (1) /admin?OP=redirectURL=% and (2) /admin?URL=/admin/OP=% URIs.
See more information about CVE-2010-1748 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.
Base Score: | 4.3 | Base Metrics: | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Access Vector: | Network | Attack Complexity: | Medium |
Authentication: | None required | Confidentiality Impact: | Partial |
Integrity Impact: | None | Availability Impact: | None |
Platform | Errata | Release Date |
Oracle Enterprise Linux version 3 (cups) | ELSA-2010-0490 | 2010-06-17 |
Oracle Enterprise Linux version 4 (cups) | ELSA-2010-0490 | 2010-06-17 |
Oracle Linux version 5 (cups) | ELSA-2010-0490 | 2010-06-17 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team