2017-10-16 12:31:07 -04:00
{
2019-03-18 06:18:45 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com" ,
"ID" : "CVE-2015-1158" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a" ,
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
2017-10-16 12:31:07 -04:00
]
2019-03-18 06:18:45 +00:00
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "n/a"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221641" ,
"refsource" : "CONFIRM" ,
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1221641"
} ,
{
"name" : "DSA-3283" ,
"refsource" : "DEBIAN" ,
"url" : "http://www.debian.org/security/2015/dsa-3283"
} ,
{
"name" : "RHSA-2015:1123" ,
"refsource" : "REDHAT" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1123.html"
} ,
{
"name" : "https://bugzilla.opensuse.org/show_bug.cgi?id=924208" ,
"refsource" : "CONFIRM" ,
"url" : "https://bugzilla.opensuse.org/show_bug.cgi?id=924208"
} ,
{
"name" : "USN-2629-1" ,
"refsource" : "UBUNTU" ,
"url" : "http://www.ubuntu.com/usn/USN-2629-1"
} ,
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702" ,
"refsource" : "CONFIRM" ,
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702"
} ,
{
"name" : "1032556" ,
"refsource" : "SECTRACK" ,
"url" : "http://www.securitytracker.com/id/1032556"
} ,
{
"name" : "SUSE-SU-2015:1044" ,
"refsource" : "SUSE" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html"
} ,
{
"name" : "http://www.cups.org/blog.php?L1082" ,
"refsource" : "CONFIRM" ,
"url" : "http://www.cups.org/blog.php?L1082"
} ,
{
"name" : "VU#810572" ,
"refsource" : "CERT-VN" ,
"url" : "http://www.kb.cert.org/vuls/id/810572"
} ,
{
"name" : "75098" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/75098"
} ,
{
"name" : "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py" ,
"refsource" : "MISC" ,
"url" : "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py"
} ,
{
"name" : "https://www.cups.org/str.php?L4609" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.cups.org/str.php?L4609"
} ,
{
"name" : "GLSA-201510-07" ,
"refsource" : "GENTOO" ,
"url" : "https://security.gentoo.org/glsa/201510-07"
} ,
{
"name" : "https://code.google.com/p/google-security-research/issues/detail?id=455" ,
"refsource" : "MISC" ,
"url" : "https://code.google.com/p/google-security-research/issues/detail?id=455"
} ,
{
"name" : "SUSE-SU-2015:1041" ,
"refsource" : "SUSE" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html"
} ,
{
"name" : "37336" ,
"refsource" : "EXPLOIT-DB" ,
"url" : "https://www.exploit-db.com/exploits/37336/"
} ,
{
"name" : "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html" ,
"refsource" : "MISC" ,
"url" : "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html"
} ,
{
"name" : "41233" ,
"refsource" : "EXPLOIT-DB" ,
"url" : "https://www.exploit-db.com/exploits/41233/"
} ,
{
"name" : "openSUSE-SU-2015:1056" ,
"refsource" : "SUSE" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html"
}
]
}
}
