Check Point Advisories

Apple CUPS IPP Use-after-free Memory Corruption (CVE-2010-2941)

Vulnerability
Protection

Check Point Reference:	CPAI-2011-091
Date Published:	27 Mar 2011
Severity:	Critical
Last Updated:	Wednesday 09 January, 2019
Source:
Industry Reference:	CVE-2010-2941
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	CUPS is a modular printing system for Unix-like operating systems that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer. A use-after-free memory corruption vulnerability has been reported in the implementation of Internet Printing Protocol (IPP) of the Common Unix Printing System (CUPS). This vulnerability is caused by improper handling of memory allocations and deallocations for multiple-valued attributes that have their values typed differently. A remote attacker can exploit this issue by specially crafting a request to a CUPS server using the IPP protocol. Successful exploitation of this vulnerability can result in execution of arbitrary code on the vulnerable system and may result in a denial of service condition.

Protection Overview

This protection will detect and block malicious CUPS requests sent to the vulnerable system.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Apple CUPS IPP Use-after-free Memory Corruption protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Application Servers Protection Violation.
Attack Information: Apple CUPS IPP Use-after-free memory corruption