CVE-2008-1033 : The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a passw

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

Published 2008-06-02 21:30:00

Updated 2017-08-08 01:29:51

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-1033

Probability of exploitation activity in the next 30 days: 0.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-1033

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:N/AC:H/Au:S/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2008-1033

CWE-264

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-1033

Red Hat 2008-06-03

Not vulnerable. This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux 3, 4, or 5.

References for CVE-2008-1033

http://securitytracker.com/id?1020145
http://www.vupen.com/english/advisories/2008/1697

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/29412

CVEs referencing this url
http://www.securityfocus.com/bid/29484
http://www.us-cert.gov/cas/techalerts/TA08-150A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/42713

Products affected by CVE-2008-1033