[gentoo-announce] [ GLSA 200711-16 ] CUPS: Memory corruption - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200711-16 ] CUPS: Memory corruption
Date:	Mon, 12 Nov 2007 22:21:29
Message-Id:	`4738CC0C.9000608@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200711-16

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: High

11

     Title: CUPS: Memory corruption

12

      Date: November 12, 2007

13

      Bugs: #196736

14

        ID: 200711-16

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

CUPS contains a boundary checking error that might lead to the

22

execution of arbitrary code.

23

24

Background

25

==========

26

27

CUPS provides a portable printing layer for UNIX-based operating

28

systems.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package         /   Vulnerable   /                     Unaffected

35

    -------------------------------------------------------------------

36

  1  net-print/cups      < 1.2.12-r2                      >= 1.2.12-r2

37

38

Description

39

===========

40

41

Alin Rad Pop (Secunia Research) discovered an off-by-one error in the

42

ippReadIO() function when handling Internet Printing Protocol (IPP)

43

tags that might allow to overwrite one byte on the stack.

44

45

Impact

46

======

47

48

A local attacker could send a specially crafted IPP request containing

49

"textWithLanguage" or "nameWithLanguage" tags, leading to a Denial of

50

Service or the execution of arbitrary code with the privileges of the

51

"lp" user. If CUPS is configured to allow network printing, this

52

vulnerability might be remotely exploitable.

53

54

Workaround

55

==========

56

57

To avoid remote exploitation, network access to CUPS servers on port

58

631/udp should be restricted. In order to do this, update the "Listen"

59

setting in cupsd.conf to "Listen localhost:631" or add a rule to the

60

system's firewall. However, this will not avoid local users from

61

exploiting this vulnerability.

62

63

Resolution

64

==========

65

66

All CUPS users should upgrade to the latest version:

67

68

    # emerge --sync

69

    # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r2"

70

71

References

72

==========

73

74

  [ 1 ] CVE-2007-4351

75

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351

76

77

Availability

78

============

79

80

This GLSA and any updates to it are available for viewing at

81

the Gentoo Security Website:

82

83

  http://security.gentoo.org/glsa/glsa-200711-16.xml

84

85

Concerns?

86

=========

87

88

Security is a primary focus of Gentoo Linux and ensuring the

89

confidentiality and security of our users machines is of utmost

90

importance to us. Any security concerns should be addressed to

91

security@g.o or alternatively, you may file a bug at

92

http://bugs.gentoo.org.

93

94

License

95

=======

96

97

Copyright 2007 Gentoo Foundation, Inc; referenced text

98

belongs to its owner(s).

99

100

The contents of this document are licensed under the

101

Creative Commons - Attribution / Share Alike license.

102

103

http://creativecommons.org/licenses/by-sa/2.5

104

-----BEGIN PGP SIGNATURE-----

105

Version: GnuPG v1.4.7 (GNU/Linux)

106

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

107

108

iD8DBQFHOMwLuhJ+ozIKI5gRAj2kAJ4nBFEivR9EjTpMWFgHR/urJr57WQCffDR7

109

JQt3M+r4ykECz1I05+c9C00=

110

=gIFU

111

-----END PGP SIGNATURE-----

112

--

113

gentoo-announce@g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200711-16
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: High
11	Title: CUPS: Memory corruption
12	Date: November 12, 2007
13	Bugs: #196736
14	ID: 200711-16
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	CUPS contains a boundary checking error that might lead to the
22	execution of arbitrary code.
23
24	Background
25	==========
26
27	CUPS provides a portable printing layer for UNIX-based operating
28	systems.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 net-print/cups < 1.2.12-r2 >= 1.2.12-r2
37
38	Description
39	===========
40
41	Alin Rad Pop (Secunia Research) discovered an off-by-one error in the
42	ippReadIO() function when handling Internet Printing Protocol (IPP)
43	tags that might allow to overwrite one byte on the stack.
44
45	Impact
46	======
47
48	A local attacker could send a specially crafted IPP request containing
49	"textWithLanguage" or "nameWithLanguage" tags, leading to a Denial of
50	Service or the execution of arbitrary code with the privileges of the
51	"lp" user. If CUPS is configured to allow network printing, this
52	vulnerability might be remotely exploitable.
53
54	Workaround
55	==========
56
57	To avoid remote exploitation, network access to CUPS servers on port
58	631/udp should be restricted. In order to do this, update the "Listen"
59	setting in cupsd.conf to "Listen localhost:631" or add a rule to the
60	system's firewall. However, this will not avoid local users from
61	exploiting this vulnerability.
62
63	Resolution
64	==========
65
66	All CUPS users should upgrade to the latest version:
67
68	# emerge --sync
69	# emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r2"
70
71	References
72	==========
73
74	[ 1 ] CVE-2007-4351
75	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
76
77	Availability
78	============
79
80	This GLSA and any updates to it are available for viewing at
81	the Gentoo Security Website:
82
83	http://security.gentoo.org/glsa/glsa-200711-16.xml
84
85	Concerns?
86	=========
87
88	Security is a primary focus of Gentoo Linux and ensuring the
89	confidentiality and security of our users machines is of utmost
90	importance to us. Any security concerns should be addressed to
91	security@g.o or alternatively, you may file a bug at
92	http://bugs.gentoo.org.
93
94	License
95	=======
96
97	Copyright 2007 Gentoo Foundation, Inc; referenced text
98	belongs to its owner(s).
99
100	The contents of this document are licensed under the
101	Creative Commons - Attribution / Share Alike license.
102
103	http://creativecommons.org/licenses/by-sa/2.5
104	-----BEGIN PGP SIGNATURE-----
105	Version: GnuPG v1.4.7 (GNU/Linux)
106	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
107
108	iD8DBQFHOMwLuhJ+ozIKI5gRAj2kAJ4nBFEivR9EjTpMWFgHR/urJr57WQCffDR7
109	JQt3M+r4ykECz1I05+c9C00=
110	=gIFU
111	-----END PGP SIGNATURE-----
112	--
113	gentoo-announce@g.o mailing list

Gentoo Archives: gentoo-announce