|Check Point Reference:||CPAI-2011-091|
|Date Published:||27 Mar 2011|
|Last Updated:||Wednesday 09 January, 2019|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||CUPS is a modular printing system for Unix-like operating systems that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer. A use-after-free memory corruption vulnerability has been reported in the implementation of Internet Printing Protocol (IPP) of the Common Unix Printing System (CUPS). This vulnerability is caused by improper handling of memory allocations and deallocations for multiple-valued attributes that have their values typed differently. A remote attacker can exploit this issue by specially crafting a request to a CUPS server using the IPP protocol. Successful exploitation of this vulnerability can result in execution of arbitrary code on the vulnerable system and may result in a denial of service condition.|
This protection will detect and block malicious CUPS requests sent to the vulnerable system.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Application Servers Protection Violation.
Attack Information: Apple CUPS IPP Use-after-free memory corruption