6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
Ronald Volgers discovered that the lppasswd component of the cups suite,
the Common UNIX Printing System, is vulnerable to format string attacks
due to insecure use of the LOCALEDIR environment variable. An attacker
can abuse this behaviour to execute arbitrary code via crafted localization
files and triggering calls to _cupsLangprintf(). This works as the lppasswd
binary happens to be installed with setuid 0 permissions.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny8.
For the testing distribution (squeeze) this problem will be fixed soon.
For the unstable distribution (sid) this problem has been fixed in
version 1.4.2-9.1.
We recommend that you upgrade your cups packages.
CPE | Name | Operator | Version |
---|---|---|---|
cups | eq | 1.3.8-1lenny5 | |
cups | eq | 1.3.8-1+lenny6 | |
cups | eq | 1.3.8-1lenny4.1 | |
cups | eq | 1.3.8-1+lenny7 |