Lucene search

K
suseSuseSUSE-SA:2003:002
HistoryJan 02, 2003 - 11:31 a.m.

local and remote privilege escalation in cups

2003-01-0211:31:40
lists.opensuse.org
13

EPSS

0.209

Percentile

96.4%

CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers - remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of ‘options’ buffer - design problem to gain local root (needs added printer, see above) - wrong handling of zero width images can be abused to gain higher privileges - file descriptor leak and denial-of-service due to missing checks of return values of file/socket operations

EPSS

0.209

Percentile

96.4%