Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 542158 (CVE-2015-2265) - <net-print/cups-filters-1.0.66: remove_bad_chars() bypass (CVE-2015-2265)
Summary: <net-print/cups-filters-1.0.66: remove_bad_chars() bypass (CVE-2015-2265)
Status: RESOLVED FIXED
Alias: CVE-2015-2265
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugs.linuxfoundation.org/show...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-04 17:43 UTC by Andreas K. Hüttel
Modified: 2015-06-30 14:11 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas K. Hüttel archtester gentoo-dev 2015-03-04 17:43:47 UTC 
From the upstream bug report: 

cups-browsed fails to properly sanitise data from the network when creating IPP
printer scripts.
As a result, an attacker can remotely create a script containing arbitrary
commands, which will be executed as the "lp" user when the associated printer
is used.

This is the same vulnerability reported as CVE-2014-2707 but the existing fixes
rely on a string sanitisation function remove_bad_chars() which is not
effective.

Fixed in net-print/cups-filters-1.0.66 (just bumped). Let's wait a day for testing and then stabilize.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2015-03-08 14:18:58 UTC 
I dont see any bug explosion, so let's do it. 

Arches please stabilize
=net-print/cups-filters-1.0.66

Target: all stable arches
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-03-09 11:19:29 UTC 
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2015-03-13 09:26:35 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-03-13 09:27:31 UTC 
x86 stable
Comment 5 Markus Meier gentoo-dev 2015-03-14 14:33:37 UTC 
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-03-25 16:08:13 UTC 
ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-03-26 11:23:24 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-03-26 11:30:23 UTC 
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-03-30 09:50:22 UTC 
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2015-03-30 10:03:05 UTC 
alpha stable.

Maintainer(s), please cleanup.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2015-04-22 20:18:10 UTC 
Arches and Maintainer(s), Thank you for your work.

GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).
Comment 12 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-11 16:20:13 UTC 
GLSA Vote: No
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2015-05-11 19:36:14 UTC 
CVE-2015-2265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2265):
  The remove_bad_chars function in utils/cups-browsed.c in cups-filters before
  1.0.66 allows remote IPP printers to execute arbitrary commands via
  consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this
  vulnerability exists because of an incomplete fix for CVE-2014-2707.