CVE-2010-1748

Name	CVE-2010-1748
Description	The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
Source	CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
References	DSA-2176-1
NVD severity	medium (attack range: remote)
Debian/oldstable	not vulnerable.
Debian/stable	not vulnerable.
Debian/testing	not vulnerable.
Debian/unstable	not vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
cups (PTS)	squeeze	1.4.4-7+squeeze5	fixed
	squeeze (security)	1.4.4-7+squeeze4	fixed
	squeeze (lts)	1.4.4-7+squeeze7	fixed
	wheezy	1.5.3-5+deb7u4	fixed
	wheezy (security)	1.5.3-5+deb7u5	fixed
	sid, jessie	1.7.5-11	fixed

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
cups	source	(unstable)	1.4.4-1	medium
cups	source	lenny	1.3.8-1+lenny9	medium	DSA-2176-1