211449 – net-print/cups < 1.2.12-r5 "process_browse_data()" Double Free Vulnerability (CVE-2008-0882)

Bug 211449 - net-print/cups < 1.2.12-r5 "process_browse_data()" Double Free Vulnerability (CVE-2008-0882)

Summary: net-print/cups < 1.2.12-r5 "process_browse_data()" Double Free Vulnerability ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/28994/
Whiteboard:	B1 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-02-25 20:58 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2020-04-04 21:04 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-02-25 20:58:33 UTC

A vulnerability has been discovered in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
 
 The vulnerability is caused due to an error within the "process_browse_data()" function when adding printers and classes. This can be exploited to free the same buffer twice by sending specially crafted browser packets to the UDP port on which cupsd is listening (by default port 631/UDP).
 
 Successful exploitation may allow execution of arbitrary code.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-02-26 20:34:15 UTC

printing please advise.

Comment 2 Timo Gurr (RETIRED) gentoo-dev

2008-02-28 20:29:42 UTC

cups-1.2.12-r5.ebuild applying cups-1.2.12-CVE-2008-0882.patch commited to the tree.
I also removed cups-1.3.5, cups >=1.3.6 not vulnerable.

Comment 3 Christian Faulhammer (RETIRED) gentoo-dev

2008-02-29 07:52:14 UTC

Arches please do net-print/cups-1.2.12-r5

target keywords  are alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2008-02-29 08:56:25 UTC

x86 stable

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2008-02-29 15:13:33 UTC

Stable for HPPA.

Comment 6 Ferris McCormick (RETIRED) gentoo-dev

2008-02-29 17:03:22 UTC

Sparc stable.  Verified with network printers only, both ps and pdf files.

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2008-03-02 15:02:50 UTC

alpha/ia64 stable, thanks Tobias

Comment 8 Markus Rothe (RETIRED) gentoo-dev

2008-03-02 20:32:54 UTC

ppc64 stable

Comment 9 Richard Freeman gentoo-dev

2008-03-02 22:02:45 UTC

amd64 stable

Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev

2008-03-04 20:31:34 UTC

ppc stable

Comment 11 Peter Volkov (RETIRED) gentoo-dev

2008-03-05 06:36:14 UTC

Fixed in release snapshot.

Comment 12 Robert Buchholz (RETIRED) gentoo-dev

2008-03-08 16:39:21 UTC

proposing b1 as status, request filed.

Comment 13 Robert Buchholz (RETIRED) gentoo-dev

2008-04-01 19:19:13 UTC

GLSA 200804-01