|
| From: | X-FORCE | | Date: | 19.02.2002 | | Subject: | CUPS ippRead() attribute name buffer overflow |
cups-ippread-bo (8192) High Risk
CUPS ippRead() attribute name buffer overflow
Description:
Common Unix Printing System (CUPS) versions 1.1.13 and earlier are vulnerable to a denial of service attack caused by a buffer overflow in the handling of attribute names in the ippRead() function. By setting a very long attribute name, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
Platforms Affected:
CUPS 1.1.13 and earlier
Debian Linux 2.2
Mandrake Linux 7.2
Mandrake Linux 8.0
Mandrake Linux 8.1
Remedy:
Upgrade to the latest version of CUPS (1.14 or later), available from the CUPS Web site. See References.
Debian GNU/Linux 2.2 (potato):
Upgrade to the latest version of cupsys (1.0.4-10 or later), as listed in Debian Security Advisory DSA 110-1. See References.
For Mandrake Linux 7.2:
Upgrade to the latest version of cups (1.1.7-2.2mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:015. See References.
For Mandrake Linux 8.0:
Upgrade to the latest version of cups (1.1.7-2.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:015. See References.
For Mandrake Linux 8.1:
Upgrade to the latest version of cups (1.1.10-9.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:015. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Gain Privileges
References:
Debian Security Advisory DSA 110-1, "New CUPS packages fix buffer overflow" at http://www.debian.org/security/2002/dsa-110
CUPS Web site, "Release Notes - Common UNIX Printing System" at http://www.cups.org/relnotes.html
|
