Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5183 to
the following vulnerability:
cupsd in CUPS before 1.3.8 allows local users, and possibly remote
attackers, to cause a denial of service (daemon crash) by adding a
large number of RSS Subscriptions, which triggers a NULL pointer
dereference. NOTE: this issue can be triggered remotely by leveraging
CVE-2008-5184.
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5183 to
the following vulnerability:
cupsd in CUPS before 1.3.8 allows local users, and possibly remote
attackers, to cause a denial of service (daemon crash) by adding a
large number of RSS Subscriptions, which triggers a NULL pointer
dereference. NOTE: this issue can be triggered remotely by leveraging
CVE-2008-5184.
References: cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2008- 5183 www.gnucitizen. org/blog/ pwning- ubuntu- via-cups/ /bugs.launchpad .net/ubuntu/ +source/ cups/+bug/ 298241 www.openwall. com/lists/ oss-security/ 2008/11/ 19/3 www.openwall. com/lists/ oss-security/ 2008/11/ 19/4
http://
http://
https:/
http://
http://
Patch: See attachment -- cups-1. 3-max-subscript ions.patch