Date: Fri, 25 Apr 2014 15:24:15 -0500 From: Jamie Strandboge <jamie@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: Re: cups-browsed remote exploit On 04/02/2014 03:18 PM, cve-assign@...re.org wrote: >> For this it creates a filter-script > >> snprintf > >> "%s/filter/pdftoippprinter \"$1\" \"$2\" \"$3\" \"$4\" \"$5 $extra_options\"\n", >> p->name, pdl, make_model, cups_serverbin); > >> its easy to inject code to the script e.g. via model name or pdl key >> which is taken from the LAN packets. > > Use CVE-2014-2707. > This issue was reported as fixed in 1.0.51: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188 but it was found that the fix was incomplete with the full fix in 1.0.53: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 Should this get a second CVE or should we continue to use CVE-2014-2707? Furthermore, another security issue was also fixed in 1.0.53: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195 " - cups-browsed: SECURITY FIX: Fix on usage of the "BrowseAllow" directive in cups-browsed.conf. Before, if the argument of a "BrowseAllow" directive is not understood it is treated as the directive not having been there, allowing any host if this was the only "BrowseAllow" directive. Now we treat this as a directive which no host can fulfill, not allowing any host if it was the only one. No "BrowseAllow" directive means access for all, as before (Bug #1204). " I believe this should receive a CVE. Thanks References: https://bugzilla.novell.com/show_bug.cgi?id=871327 https://bugs.linuxfoundation.org/show_bug.cgi?id=1204 -- Jamie Strandboge http://www.ubuntu.com/ Download attachment "signature.asc" of type "application/pgp-signature" (885 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.