REDHAT-BUG-1218297
First published: Mon May 04 2015(Updated: )
This flaw was fixed upstream back in 2010, without much attention being given to the possible security implications of it. It is a remote buffer overflow with possibility of executing arbitrary code, with only a few restrictions, such as having the cups service open to the network and a particular kind of filter in use. Analysis by Engineering shows that only RHEL-6 contains the affected code, so RHEL-5, RHEL-7 and Fedora are not affected. Giving this flaw a Moderate rating, despite the 7.7 CVSSv2 score, as cups is not usually configured widely open to the network or internet at large, and because it depends on a particular kind of filter being used. References: <a href="https://bugs.linuxfoundation.org/show_bug.cgi?id=515">https://bugs.linuxfoundation.org/show_bug.cgi?id=515</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.linuxfoundation.org/show_bug.cgi?id=515
- http://www.openwall.com/lists/oss-security/2016/02/15/1
- https://access.redhat.com/security/cve/CVE-2010-5325
- http://www.openwall.com/lists/oss-security/2016/02/15/7
- https://rhn.redhat.com/errata/RHSA-2016-0491.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1218297
- agent/type
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-5325
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat enterprise linux