Search This Blog

Loading...

Thursday, November 01, 2007

[UNIX] CUPS IPP Tags Memory Corruption Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

CUPS IPP Tags Memory Corruption Vulnerability
------------------------------------------------------------------------


SUMMARY

" <http://www.cups.org/> CUPS provides a portable printing layer for
UNIX-based operating systems. It was developed by Easy Software Products
and is now owned and maintained by Apple Inc. to promote a standard
printing solution. It is the standard printing system in Mac OS X and most
Linux distributions". Secunia Research has discovered a vulnerability in
CUPS, which can be exploited by malicious people to compromise a
vulnerable system.

DETAILS

Vulnerable Systems:
* CUPS version 1.3.3

The vulnerability is caused due to a boundary error within the
"ippReadIO()" function in cups/ipp.c when processing IPP (Internet
Printing Protocol) tags. This can be exploited to overwrite one byte on
the stack with a zero by sending an IPP request containing specially
crafted "textWithLanguage" or "nameWithLanguage" tags.

Successful exploitation allows execution of arbitrary code.

Time Table:
16/10/2007 - Vendor notified.
22/10/2007 - vendor-sec notified.
31/10/2007 - Public disclosure.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351>
CVE-2007-4351


ADDITIONAL INFORMATION

The information has been provided by Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2007-76/>

http://secunia.com/secunia_research/2007-76/

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)