CUPS Bugs Let Remote Users Execute Arbitrary Code or Deny Service
|
|
SecurityTracker Alert ID: 1019672
|
|
SecurityTracker URL: http://securitytracker.com/id?1019672
|
|
CVE Reference: CVE-2008-0053
(Links to External Site)
|
Date: Mar 19 2008
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 1.3.6
|
Description: A vulnerability was reported in CUPS. A remote user can execute arbitrary code on the target system.
A remote user can cause the system to crash or execute arbitrary code.
Apple reported this vulnerability.
|
Impact: A remote user can execute arbitrary code on the target system.
|
Solution: The vendor has issued a fixed version (1.3.6).
|
Vendor URL: www.cups.org/ (Links to External Site)
|
Cause: Not specified
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 19 Mar 2008 01:42:41 -0500
Subject: CUPS
|
CVE-ID: CVE-2008-0053
Apple reported:
Multiple vulnerabilities in CUPS may lead to an unexpected
application termination or arbitrary code execution with system
privileges
Description: Multiple input validation issues exist in CUPS, the
most serious of which may lead to arbitrary code execution with
system privileges. This update addresses the issues by updating to
CUPS 1.3.6.
|
|
