CVE-2009-0949

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

Weakness

The product uses or accesses a resource that has not been initialized.

Affected Software

Name	Vendor	Start Version	End Version
Cups	Apple	*	1.3.10 (excluding)
Red Hat Enterprise Linux 3	RedHat	cups-1:1.1.17-13.3.62	*
Red Hat Enterprise Linux 4	RedHat	cups-1:1.1.22-0.rc1.9.32.el4_8.3	*
Red Hat Enterprise Linux 5	RedHat	cups-1:1.3.7-8.el5_3.6	*
Cups	Ubuntu	intrepid	*
Cups	Ubuntu	jaunty	*
Cups	Ubuntu	upstream	*
Cupsys	Ubuntu	dapper	*
Cupsys	Ubuntu	hardy	*

Potential Mitigations

References

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35322
http://secunia.com/advisories/35328
http://secunia.com/advisories/35340
http://secunia.com/advisories/35342
http://secunia.com/advisories/35685
http://secunia.com/advisories/36701
http://securitytracker.com/id?1022321
http://support.apple.com/kb/HT3865
http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability
http://www.debian.org/security/2009/dsa-1811
http://www.redhat.com/support/errata/RHSA-2009-1082.html
http://www.redhat.com/support/errata/RHSA-2009-1083.html
http://www.securityfocus.com/archive/1/504032/100/0/threaded
http://www.securityfocus.com/bid/35169
http://www.ubuntu.com/usn/USN-780-1
https://bugzilla.redhat.com/show_bug.cgi?id=500972
https://exchange.xforce.ibmcloud.com/vulnerabilities/50926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0949
CWE	https://cwe.mitre.org/data/definitions/908.html

Use of Uninitialized Resource

Weakness

Affected Software

Potential Mitigations

References