Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Feb 2008 11:53:41 -0900
From: Jonathan Smith <smithj@...ethemallocs.com>
To:  oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: cups

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, lets start actually using this list... below is an advisory from
secunia detailing a cups DoS.

Steve, could we get a CVE assigned?

Attached is the patch upstream used to fix it (against 1.1.23, but it is
the same for other versions, just with a different offset).

	smithj

Secunia Security Advisories wrote:
| TITLE:
| CUPS "process_browse_data()" Double Free Vulnerability
|
| SECUNIA ADVISORY ID:
| SA28994
|
| VERIFY ADVISORY:
| http://secunia.com/advisories/28994/
|
| CRITICAL:
| Moderately critical
|
| IMPACT:
| DoS, System access
|
| WHERE:
| From local network
|
| SOFTWARE:
| CUPS 1.x
| http://secunia.com/product/921/
|
| DESCRIPTION:
| A vulnerability has been discovered in CUPS, which can be exploited
| by malicious people to cause a DoS (Denial of Service) or to
| potentially compromise a vulnerable system.
|
| The vulnerability is caused due to an error within the
| "process_browse_data()" function when adding printers and classes.
| This can be exploited to free the same buffer twice by sending
| specially crafted browser packets to the UDP port on which cupsd is
| listening (by default port 631/UDP).
|
| Successful exploitation may allow execution of arbitrary code.
|
| The vulnerability is confirmed in version 1.3.5. Prior versions may
| also be affected.
|
| SOLUTION:
| Update to version 1.3.6.
|
| PROVIDED AND/OR DISCOVERED BY:
| Reported as a CUPS bug by h.blischke.
|
| ORIGINAL ADVISORY:
| http://www.cups.org/str.php?L2656
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iEYEARECAAYFAke8k1UACgkQCG91qXPaRemo6ACgkzBRHnntL1EFvNm7vEjLVAna
Ym0An2Ptrg2M20FJL7WX+XYVJCDENJO4
=iA0l
-----END PGP SIGNATURE-----

View attachment "cups-double-free.patch" of type "text/x-patch" (472 bytes)

Download attachment "cups-double-free.patch.sig" of type "application/pgp-signature" (72 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ