Debian 3.0: DSA-232-1 Critical: CUPS Remote Code Execution Threat
debian
January 20, 2003
Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS).
Topics Covered
Summary
Multiple vulnerabilities were discovered in the Common Unix Printing
System (CUPS). Several of these issues represent the potential for a
remote compromise or denial of service. The Common Vulnerabilities
and Exposures project identifies the following problems:
. CAN-2002-1383: Multiple integer overflows allow a remote attacker
to execute arbitrary code via the CUPSd HTTP interface and the
image handling code in CUPS filters.
. CAN-2002-1366: Race conditions in connection with /etc/cups/certs/
allow local users with lp privileges to create or overwrite
arbitrary files. This is not present in the potato version.
. CAN-2002-1367: This vulnerabilities allows a remote attacker to add
printers without authentication via a certain UDP packet, which can
then be used to perform unauthorized activities such as stealing
the local root certificate for the administration server via a
"need authorization" page.
. CAN-2002-1368: Negative lengths fed into memcpy() can cause a
den...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: cupsys
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!