10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.092 Low
EPSS
Percentile
94.6%
The Common Unix Printing System contains a buffer overflow vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code.
The Common Unix Printing System (CUPS) is a printing service used by many Linux and Unix operating systems. CUPS uses a print scheduling process that dispatches print jobs and provides the printerβs status to local and remote programs.
The Internet Printing Protocol (IPP) is a standard protocol that defines printing and managing print ques. As specified in RFC 2910, the IPP transport layer consists of an HTTP/1.1 request or response. Section 3.5 of RFC 2910 specifies two different types of tags that can either delimit sections of protocols (delimiter tags) or specify the type of each attribute value (value tags). textWithLanguage
tags are defined in section 4.1.1.2 and nameWithLanguage
is defined in section 4.1.2.2.
Per Secunia Advisory 2007-76:
_Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the βippReadIO()β function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags. This can be exploited to overwrite one byte on the stack with a zero by sending an IPP request containing specially crafted βtextWithLanguageβ or βnameWithLanguageβ tags.
Successful exploitation allows execution of arbitrary code._
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running the CUPS server or cause the server to crash. The cupsd
daemon may run with root privileges.
Administrators and users should see the systems affected portion of this document for a partial list of affected vendors. Users who compile CUPS from source should see CUPS Article #508: Common UNIX Printing System 1.3.4 for information about obtaining fixed software.
Restrict access
Restricting access to CUPS servers by using the CUPS configuration directives, firewall rules, or access control lists may mitigate this vulnerability. By default, cupsd
listens on port 631/udp
. Systems that use CUPS exclusively for local printing should set the Listen
directive to localhost:631
in the cupsd configuration file to prevent remote systems from exploiting this vulnerability.
446897
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: November 01, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.cups.org/articles.php?L508> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23446897 Feedback>).
Notified: November 01, 2007 Updated: November 06, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:204> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23446897 Feedback>).
Notified: November 01, 2007 Updated: November 02, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See RHSA-2007-1022 and <http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4351for> more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23446897 Feedback>).
Notified: November 01, 2007 Updated: November 05, 2007
Affected
Writing a byte to memory is only possible with cups >= 1.2.*. Therefore the bug may only be exploitable to execute code on openSUSE 10.2 and 10.3. On all other products only a DoS is possible at worst.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 06, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.ubuntu.com/usn/usn-539-1> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23446897 Feedback>).
Notified: November 01, 2007 Updated: November 02, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 05, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 02, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.501902 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23446897 Feedback>).
Notified: November 01, 2007 Updated: November 02, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 05, 2007
Not Affected
Solaris IPP implementation is not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 01, 2007 Updated: November 01, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 42 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was published in Secunia Advisory 2007-76.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2007-4351 |
---|---|
Severity Metric: | 11.88 Date Public: |
docs.info.apple.com/article.html?artnum=307179
en.opensuse.org/AppArmor_Geeks
secunia.com/secunia_research/2007-76/advisory/
tools.ietf.org/html/rfc2910#section-3.5
www.cups.org/articles.php?L508
www.cups.org/articles.php?L508
www.cups.org/documentation.php/man-cupsd.conf.html
www.cups.org/documentation.php/spec-design.html
www.nsa.gov/selinux/info/faq.cfm