blob: cad29aee5214d5b66df4093b4d3f90160a5a4881 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200711-16">
<title>CUPS: Memory corruption</title>
CUPS contains a boundary checking error that might lead to the execution of
arbitrary code.
<product type="ebuild">cups</product>
<announced>November 12, 2007</announced>
<revised>November 12, 2007: 01</revised>
<package name="net-print/cups" auto="yes" arch="*">
<unaffected range="ge">1.2.12-r2</unaffected>
<vulnerable range="lt">1.2.12-r2</vulnerable>
CUPS provides a portable printing layer for UNIX-based operating
Alin Rad Pop (Secunia Research) discovered an off-by-one error in the
ippReadIO() function when handling Internet Printing Protocol (IPP)
tags that might allow to overwrite one byte on the stack.
<impact type="high">
A local attacker could send a specially crafted IPP request containing
"textWithLanguage" or "nameWithLanguage" tags, leading to a Denial of
Service or the execution of arbitrary code with the privileges of the
"lp" user. If CUPS is configured to allow network printing, this
vulnerability might be remotely exploitable.
To avoid remote exploitation, network access to CUPS servers on port
631/udp should be restricted. In order to do this, update the "Listen"
setting in cupsd.conf to "<i>Listen localhost:631</i>" or add a rule to
the system's firewall. However, this will not avoid local users from
exploiting this vulnerability.
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-print/cups-1.2.12-r2&quot;</code>
<uri link="">CVE-2007-4351</uri>
<metadata tag="submitter" timestamp="Sun, 04 Nov 2007 00:16:24 +0000">
<metadata tag="bugReady" timestamp="Sun, 11 Nov 2007 08:38:00 +0000">