[Pkg-cups-devel] Bug#506180: CUPS: daemon crashes when adding more than 100 rss subscriptions
Raphael Geissert
atomo64 at gmail.com
Wed Nov 19 03:22:06 UTC 2008
Source: cups
Severity: important
Version: 1.3.7-1
Tags: security
Hi,
An exploit[0][1] has been published for CUPS.
> The daemon crashes when more than 100 RSS Subscriptions are added which has
> been successfully tested on the latest versions of openSuse and Ubuntu
> Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason,
> the user doesn’t need to login to add RSS subscriptions, although
> authentication is required to perform other actions. I’m not sure if this
> bug can lead to remote code execution. Further investigation/gdbing is
> required.
Note: when reproducing it locally in a default Debian setup, I was required to
login before the RSS subscriptions could be added and then crash cupsd.
If you fix the vulnerability please also make sure to include the CVE id when
one is assigned in the changelog entry.
[0]http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/
[1]http://www.milw0rm.com/exploits/7151
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20081118/1e677f4b/attachment.pgp
More information about the Pkg-cups-devel
mailing list