Vigil@nce: CUPS, several vulnerabilities
October 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities of CUPS can be used by an attacker to
create a denial of service or to execute code.
Gravity: 2/4
Consequences: privileged access/rights, denial of service of
service
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 10/10/2008
IMPACTED PRODUCTS
– Fedora
– Mandriva Corporate
– Mandriva Linux
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION
CUPS (Common UNIX Printing System) provides printers management
under Unix. It listens on the 631/udp port. It has several
vulnerabilities.
An attacker can create a malicious SGI image generating a buffer
overflow in imagetops when it is printed. [grav:2/4; CVE-2008-3639]
An attacker can create a malicious text file generating an integer
overflow in texttops when it is printed. [grav:2/4; CVE-2008-3640]
An attacker can create a malicious HP-GL/2 file generating a
memory corruption in hpgltops when it is printed. [grav:2/4;
BID-31688, CVE-2008-3641, ZDI-08-067]
These vulnerabilities can be used by an attacker to create a
denial of service or to execute code.
CHARACTERISTICS
Identifiers: BID-31688, BID-31690, CVE-2008-3639, CVE-2008-3640,
CVE-2008-3641, FEDORA-2008-8801, FEDORA-2008-8844, MDVSA-2008:211,
RHSA-2008:0937-01, VIGILANCE-VUL-8159, ZDI-08-067