|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674
|
| |
Vulnerable Systems:
* CUPS version 1.3.5
CUPS listens on TCP port 631 for requests. This interface provides access to several CGI applications used to administer CUPS and provide information about print jobs. By passing a specially crafted request, an attacker can trigger a heap based buffer overflow.
Analysis:
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service. Depending on the underlying operating system and distribution, CUPS may run as the lp, daemon, or a different user.
In order to exploit this vulnerability remotely, the targeted host must be sharing a printer(s) on the network. If a printer is not being shared, where CUPS only listens on the local interface, this vulnerability could only be used to elevate privileges locally.
Workaround:
Disabling printer sharing will prevent this vulnerability from being exploited remotely. However, local users will still be able to obtain the privileges of the CUPS service user.
Vendor reponse:
Apple Inc. has addressed this vulnerability within Security Update 2008-002. For more information, visit the following URL.
http://docs.info.apple.com/article.html?artnum=307562
CVE Information:
CVE-2008-0047
Disclosure Timeline:
02/26/2008 - Initial vendor notification
02/26/2008 - Initial vendor response
03/18/2008 - Coordinated public disclosure
|
|
|
|
|
