| VID |
23205 |
| Severity |
40 |
| Port |
631 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The CUPS server, according to its banner, has a stack-based buffer overflow vulnerability in the ippReadIO function. Easy Software Products' Common UNIX Printing System (CUPS) is a cross-platform printing solution for UNIX environments that is based on the "Internet Printing Protocol". CUPS has a web-based graphical interface for printer management and is available on most Linux systems. CUPS version 1.3.3 and earlier versions are vulnerable to a stack-based buffer overflow vulnerability, caused by improper bounds checking by the ippReadIO function in cups/ipp.c. By sending a specially-crafted request with an IPP (Internet Printing Protocol) tag such as 'textWithLanguage' or 'nameWithLanguage' and an overly large text-length value, a remote attacker from within the local network could exploit this vulnerability to execute arbitrary code on the system or cause the affected service to crash.
* Note: This check solely relied on the banner of the remote CUPS server to assess this vulnerability, so this might be a false positive.
* References:
http://www.cups.org/str.php?L2561
http://www.cups.org/articles.php?L508
http://secunia.com/secunia_research/2007-76/advisory/
http://www.securityfocus.com/archive/1/483033/30/0/threaded
http://www.frsirt.com/english/advisories/2007/3681
http://securitytracker.com/alerts/2007/Oct/1018879.html
http://www.kb.cert.org/vuls/id/446897
http://secunia.com/advisories/27233
* Platforms Affected:
Easy Software Products, CUPS version 1.3.3 and earlier versions
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CUPS (1.3.4 or later), available from the CUPS Software Web site at http://www.cups.org/software.php |
| Related URL |
CVE-2007-4351 (CVE) |
| Related URL |
26268 (SecurityFocus) |
| Related URL |
38190 (ISS) |
|
