[cupsys] [MDVSA-2008:050] multiple vulnerabilities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cupsys (Debian) |
Fix Released
|
Unknown
|
|||
cupsys (Fedora) |
Fix Released
|
High
|
|||
cupsys (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Dapper |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Edgy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Feisty |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Gutsy |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Binary package hint: cupsys
References:
MDVSA-2008:050 (http://
Quoting:
"Dave Camp at Critical Path Software discovered a buffer overflow
in CUPS 1.1.23 and earlier could allow local admin users to execute
arbitrary code via a crafted URI to the CUPS service (CVE-2007-5848).
The Red Hat Security Team also found two flaws in CUPS 1.1.x where
a malicious user on the local subnet could send a set of carefully
crafted IPP packets to the UDP port in such a way as to cause CUPS
to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash
(CVE-2008-0596).
Finally, another flaw was found in how CUPS handled the addition and
removal of remote printers via IPP that could allow a remote attacker
to send a malicious IPP packet to the UDP port causing CUPS to crash
(CVE-2008-0882)."
Changed in cupsys: | |
assignee: | nobody → jamie-strandboge |
status: | New → In Progress |
Changed in cupsys: | |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
Changed in cupsys: | |
status: | Unknown → Fix Released |
Changed in cupsys: | |
status: | Unknown → Fix Released |
Changed in cupsys (Fedora): | |
importance: | Unknown → High |
Secunia has released and advisory affecting cups printing system:
http:// secunia. com/advisories/ 28994/
Description:
A vulnerability has been discovered in CUPS, which can be exploited by
malicious people to cause a DoS (Denial of Service) or to potentially
compromise a vulnerable system.
The vulnerability is caused due to an error within the browse_ data()" function when adding printers and classes. This
"process_
can be exploited to free the same buffer twice by sending specially
crafted browser packets to the UDP port on which cupsd is listening (by
default port 631/UDP).
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 1.3.5. Prior versions may also
be affected.
Solution:
Update to version 1.3.6.
Upstream bug report: www.cups. org/str. php?L2656
http://
Upstream patch: www.cups. org/strfiles/ 2656/str2656. patch
http://