CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
BID:26268
Info
CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 26268 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4351 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2007 12:00AM |
| Updated: | Jun 26 2008 01:51AM |
| Credit: | Discovery is credited to Alin Rad Pop, Secunia Research. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 3.0 x64 Turbolinux Appliance Server 3.0 Turbolinux Appliance Server 2.0 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc Slackware Linux 12.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 rPath rPath Linux 1 Redhat Fedora Core7 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 3 Redhat Enterprise Linux 5 Server Redhat Desktop 3.0 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Easy Software Products CUPS 1.3.3 Easy Software Products CUPS 1.2.4 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Cisco Wide Area Application Services (WAAS) 4.0.18 Cisco Wide Area Application Services (WAAS) 4.0.17 Cisco Wide Area Application Services (WAAS) 4.0.13 Cisco Wide Area Application Services (WAAS) 4.0.9 Cisco Wide Area Application Services (WAAS) 4.0.7 Cisco Wide Area Application Services (WAAS) 0 Avaya Aura Application Enablement Services 3.1.3 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 |
| Not Vulnerable: |
Cisco Wide Area Application Services (WAAS) 4.0.19 |
Discussion
CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
CUPS 1.3.3 is reported vulnerable; other versions may be affected as well.
CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
CUPS 1.3.3 is reported vulnerable; other versions may be affected as well.
Exploit / POC
CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
Solution:
Please see the referenced advisories for information on obtaining and applying the appropriate updates.
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X 10.5.1
Apple Mac OS X Server 10.5.1
Solution:
Please see the referenced advisories for information on obtaining and applying the appropriate updates.
Apple Mac OS X 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X Server 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X 10.5.1
-
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= 1&platform=osx&method=sa/SecUpd2007-009.dmg
Apple Mac OS X Server 10.5.1
-
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= 1&platform=osx&method=sa/SecUpd2007-009.dmg
References
CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
References:
References:
- CUPS Product Page (Easy Software Products)
- Secunia Research: CUPS IPP Tags Memory Corruption Vulnerability (Secunia Research
) - Avaya Security Advisory ASA-2007-476 (Avaya)
- CUPS IPP Tags Memory Corruption Vulnerability (Secunia)
- RHSA-2007:1020-3 cups security and bug fix update (Red Hat)
- RHSA-2007:1023-2 cups security update (Red Hat)
- VU#446897 CUPS buffer overflow vulnerability (US-CERT)