Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Debian 3.0: DSA-232-1 Critical: CUPS Remote Code Execution Threat

debian
Calendar Grey January 20, 2003
Scroller Debian
- -------------------------------------------------------------------------- Debian Security Advisor
Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS).

Summary

Multiple vulnerabilities were discovered in the Common Unix Printing
System (CUPS). Several of these issues represent the potential for a
remote compromise or denial of service. The Common Vulnerabilities
and Exposures project identifies the following problems:

. CAN-2002-1383: Multiple integer overflows allow a remote attacker
to execute arbitrary code via the CUPSd HTTP interface and the
image handling code in CUPS filters.

. CAN-2002-1366: Race conditions in connection with /etc/cups/certs/
allow local users with lp privileges to create or overwrite
arbitrary files. This is not present in the potato version.

. CAN-2002-1367: This vulnerabilities allows a remote attacker to add
printers without authentication via a certain UDP packet, which can
then be used to perform unauthorized activities such as stealing
the local root certificate for the administration server via a
"need authorization" page.

. CAN-2002-1368: Negative lengths fed into memcpy() can cause a
den...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: cupsys

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.