"CUPS provides a portable printing layer for UNIX-based operating systems. It was developed by Easy Software Products and is now owned and maintained by Apple Inc. to promote a standard printing solution. It is the standard printing system in Mac OS X and most Linux distributions". Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags. This can be exploited to overwrite one byte on the stack with a zero by sending an IPP request containing specially crafted "textWithLanguage" or "nameWithLanguage" tags.
Successful exploitation allows execution of arbitrary code.
Time Table:
16/10/2007 - Vendor notified.
22/10/2007 - vendor-sec notified.
31/10/2007 - Public disclosure.
