Date: Mon, 10 Aug 2015 19:55:32 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Cc: security@...ntu.com Subject: CVE Request: ippusbxd Hello MITRE, all, Please assign a CVE for ippusbxd. I discovered a flaw that accidentally allows access to a connected USB printer via all configured network addresses, rather than only TCP loopback addresses, by misusing the in6addr_any bind address. The original bug report is at https://bugs.launchpad.net/ubuntu/+source/ippusbxd/+bug/1455644 (though most of the contents aren't related). The flaw can be found at https://github.com/tillkamppeter/ippusbxd/blob/ea6005943e2669cbf492fa441d9dce02a4bc2471/src/tcp.c#L51 Comments in the source code and documentation indicate that access was intended only for localhost: https://github.com/tillkamppeter/ippusbxd/blob/ea6005943e2669cbf492fa441d9dce02a4bc2471/doc/ippusbxd.1#L17 Till Kamppeter has provided the following patches to address the issue: https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f https://github.com/tillkamppeter/ippusbxd/commit/a632841f8e65d402e13e81921515f5a1e2736c82 The first patch switches to using two sockets and binds them explicitly to the IPv6 and the IPv4 loopback addresses; the second patch simplifies the use of select(). Both patches are recommended. A new upstream release will be made soon to incorporate this fix. Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ