Bug 212364 - net-print/cups <1.2.12-r6 Remote cgiCompileSearch() Buffer overflow (CVE-2008-0047)
|
Bug#:
212364
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: major
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: rbu@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674
|
|
Summary: net-print/cups <1.2.12-r6 Remote cgiCompileSearch() Buffer overflow (CVE-2008-0047)
|
|
Keywords:
|
|
Status Whiteboard: B1 [glsa]
|
|
Opened: 2008-03-05 10:14 0000
|
CUPS serves an interface on TCP port 631, which provides access to
several CGI applications.
These applications are used to administer CUPS, and to provide
information about print jobs. These applications all use a common
search function called cgiCompileSearch(). This function takes a user
provide search expression, and compiles it into a regular expression.
By passing a malformed search request, an attacker can trigger a heap
based buffer overflow.
In order to exploit this vulnerability remotely, the targeted host must
be sharing a printer(s) on the network. If a printer is not being
shared, CUPS only listens on the localhost interface, and the scope of
this vulnerability would be limited to local privilege escalation.
The CVE for this issue is CVE-2008-0047.
It is also tracked by
http://www.cups.org/str.php?L2729
Timing:
This issue should remain embargoed until 3/18/2008.
If there is any change to this schedule, we will notify vendor-sec.
Versions affected:
CUPS 1.2.0 through 1.3.6
Credit:
regenrecht working with the VeriSign iDefense VCP
Timo, this issue is under embargo until 2008-03-18. Do not commit anything to
CVS until this date. Please prepare an updated ebuild and attach it to this
bug, we will do prestable testing here. Thanks.
Timo, please prepare an ebuild.
Created an attachment (id=145731) [details]
cups-1.2.12-r6.ebuild
With the same keywords like cups-1.2.12-r4.ebuild:
Stable: alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
Testing: ~mips ~sparc-fbsd ~x86-fbsd
Arch Security Liaisons, please test the attached ebuild (
=net-print/cups-1.2.12-r4 ) and report it stable on this bug.
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh
sparc x86"
CC'ing current Liaisons:
alpha : ferdy
amd64 : welp
hppa : jer
ppc : dertobi123
ppc64 : corsair
release : pva
sparc : fmccor
x86 : opfer
sparc is good with cups-1.2.12-r6. (Tested remote only using {.ps, .pdf} files,
two different printers.)
I think in Comment 6 you mean -1.2.12-r6. I didn't do anything with -1.3.6-r2.
(In reply to comment #7)
> I think in Comment 6 you mean -1.2.12-r6.
Hgh.....my copy+paste foo is not improving as fast as I hoped.
Works on x86 remote and local...only had time for 1.2.12-r6
-1.2.12-r6 looks good on ppc64.
Looks good to go on amd64
public via URL. tgurr, printing, please commit the ebuild to the tree with the
stable keywords earned in this bug.
printing, I committed the ebuilds here since I could not get hold of tgurr
since yesterday. I did not clean up older ebuilds.
Now for the rest...
Arches, please test and mark stable:
=net-print/cups-1.2.12-r6
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh
sparc x86"
Already stabled : "amd64 hppa ppc64 sparc x86"
Missing keywords: "alpha arm ia64 m68k ppc release s390 sh"
ppc stable, ready for glsa
Fixed in release snapshot.
