CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers - remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of ‘options’ buffer - design problem to gain local root (needs added printer, see above) - wrong handling of zero width images can be abused to gain higher privileges - file descriptor leak and denial-of-service due to missing checks of return values of file/socket operations
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 7.1 | ppc | cups | < 1.1.6-53 | cups-1.1.6-53.ppc.rpm |
openSUSE | 7.3 | sparc | cups-client | < 1.1.10-45 | cups-client-1.1.10-45.sparc.rpm |
openSUSE | 8.1 | i586 | cups-libs | < 1.1.15-69 | cups-libs-1.1.15-69.i586.rpm |
openSUSE | 8.0 | i386 | cups-client | < 1.1.12-90 | cups-client-1.1.12-90.i386.rpm |
openSUSE | 8.1 | i586 | cups-client | < 1.1.15-69 | cups-client-1.1.15-69.i586.rpm |
openSUSE | 7.3 | sparc | cups-libs | < 1.1.10-45 | cups-libs-1.1.10-45.sparc.rpm |
openSUSE | 7.3 | i386 | cups-libs | < 1.1.10-94 | cups-libs-1.1.10-94.i386.rpm |
openSUSE | 8.1 | i586 | cups | < 1.1.15-69 | cups-1.1.15-69.i586.rpm |
openSUSE | 7.3 | i386 | cups-client | < 1.1.10-94 | cups-client-1.1.10-94.i386.rpm |
openSUSE | 7.1 | i386 | cups | < 1.1.6-121 | cups-1.1.6-121.i386.rpm |