SecurityTracker.com Archives - CUPS Buffer Overflow in gif_read_lzw() Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker Alert ID: 1019739

SecurityTracker URL: http://securitytracker.com/id?1019739

CVE Reference: CVE-2008-1373 (Links to External Site)

Date: Apr 1 2008

Impact: Execution of arbitrary code via network, User access via network

Vendor Confirmed: Yes

Version(s): 1.3.6

Description: A vulnerability was reported in CUPS (Common UNIX Printing System). A remote user can execute arbitrary code on the target system.

A remote user can send a GIF file with a specially crafted code_size value to trigger a buffer overflow in gif_read_lzw() and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Impact: A remote user can execute arbitrary code on the target system.

Solution: No solution was available at the time of this entry.

Vendor URL: www.cups.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Apr 1 2008	(Red Hat Issues Fix) CUPS Buffer Overflow in gif_read_lzw() Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 5.
Apr 1 2008	(Red Hat Issues Fix) CUPS Buffer Overflow in gif_read_lzw() Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 3 and 4.

Date: Tue, 1 Apr 2008 13:57:31 -0500
Subject: CUPS

 
 
http://www.cups.org/str.php?L2765
 
CVE-2008-1373

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC