| VID |
23208 |
| Severity |
40 |
| Port |
631 |
| Protocol |
TCP |
| Class |
CUPS |
| Detailed Description |
The CUPS server, according to its banner, has a stack-based buffer overflow vulnerability in the asn1_get_string function. Easy Software Products' Common UNIX Printing System (CUPS) is a cross-platform printing solution for UNIX environments that is based on the "Internet Printing Protocol". CUPS has a web-based graphical interface for printer management and is available on most Linux systems. CUPS version 1.3.4 and earlier versions are vulnerable to a stack-based buffer overflow vulnerability, caused by an integer signedness error in the "asn1_get_string()" [backend/snmp.c] function. By sending a specially-crafted SNMP responses with negative length values in an asn1 encoded string, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the affected service to crash.
* Note: This check solely relied on the banner of the remote CUPS server to assess this vulnerability, so this might be a false positive.
* References:
http://www.cups.org/str.php?L2589
http://www.cups.org/articles.php?L519
http://www.frsirt.com/english/advisories/2007/4242
http://secunia.com/advisories/28129
* Platforms Affected:
Easy Software Products, CUPS version 1.3.4 and earlier versions
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CUPS (1.3.5 or later), available from the CUPS Software Web site at http://www.cups.org/software.php |
| Related URL |
CVE-2007-5849 (CVE) |
| Related URL |
26917 (SecurityFocus) |
| Related URL |
39101 (ISS) |
|
