Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5183

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.5, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 5 products from apple, from apple, from apple and 2 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2008, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2008-11-21T02:30:00.453

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	cups	≤ 1.3.9	Yes
Operating System	apple	mac_os_x	< 10.5.6	Yes
Operating System	apple	mac_os_x_server	< 10.5.6	Yes
Operating System	opensuse	opensuse	11.0	Yes
Operating System	debian	debian_linux	5.0	Yes
Operating System	debian	debian_linux	6.0	Yes

References

http://lab.gnucitizen.org/projects/cups-0day Broken Link ([email protected])
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Mailing List ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html Mailing List ([email protected])
http://secunia.com/advisories/33937 Broken Link ([email protected])
http://secunia.com/advisories/43521 Broken Link ([email protected])
http://support.apple.com/kb/HT3438 Third Party Advisory ([email protected])
http://www.debian.org/security/2011/dsa-2176 Third Party Advisory ([email protected])
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ Broken Link ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 Broken Link ([email protected])
http://www.openwall.com/lists/oss-security/2008/11/19/3 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2008/11/19/4 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2008/11/20/1 Mailing List ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1029.html Broken Link ([email protected])
http://www.securityfocus.com/bid/32419 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1021396 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2009/0422 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2011/0535 Broken Link ([email protected])
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 Issue Tracking ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 Broken Link ([email protected])
https://www.exploit-db.com/exploits/7150 Third Party Advisory, VDB Entry ([email protected])
http://lab.gnucitizen.org/projects/cups-0day Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33937 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43521 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3438 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2176 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2008/11/19/3 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2008/11/19/4 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2008/11/20/1 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1029.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32419 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021396 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0422 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0535 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46684 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/7150 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For apple's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.