(Sun Issues Fix) CUPS Heap Overflow in 'imagetops' Processing of SGI Image Files Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1022373 |
|
SecurityTracker URL: http://securitytracker.com/id/1022373
|
|
CVE Reference:
CVE-2008-3639
(Links to External Site)
|
Date: Jun 11 2009
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.3.9
|
Description:
A vulnerability was reported in CUPS. A remote user can execute arbitrary code on the target system.
A remote user can send a specially crafted SGI image file to the CUPS service to execute arbitrary code on the target system. The code will run with 'lp' user privileges.
The vulnerability resides in the 'imagetops' component.
regenrecht reported this vulnerability via iDefense.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
Sun has issued a fix for OpenSolaris.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261088-1
|
Vendor URL: www.cups.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 11 Jun 2009 07:07:17 -0400
Subject: CUPS
|
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261088-1
CVE-2008-3639 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639
CVE-2008-3640 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640
CVE-2008-3641 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641
|
|
