CUPS Bug in HPGL Filter Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1021031
|
|
SecurityTracker URL: http://securitytracker.com/id?1021031
|
|
CVE Reference: CVE-2008-3641
(Links to External Site)
|
Updated: Oct 10 2008
|
Original Entry Date: Oct 10 2008
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Apple Security Advisory
|
Description: A vulnerability was reported in CUPS. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted pen width and pen color opcodes to the CUPS service to execute arbitrary code on the target
system. The code will run with 'lp' user privileges.
On Mac OS X, if Printer Sharing is not enabled, a local user may be able
to obtain elevated privileges.
The vulnerability resides in the Hewlett-Packard Graphics Language (HPGL) filter.
Apple was
notified on August 19, 2008. Other operating systems are also affected.
regenrecht reported this vulnerability via TippingPoint's
Zero Day Initiative.
|
Impact: A remote user can execute arbitrary code on the target system.
|
Solution: Apple has issued a fix as part of Security Update 2008-007, available from the Software Update pane in System Preferences, or Apple's
Software Downloads web site at:
http://www.apple.com/support/downloads/
For Mac OS X v10.5.5
The download file is named:
"SecUpd2008-007.dmg"
Its SHA-1 digest is: 2e2489a223d13e9d7b9928735b6693ab0cbe6e00
For Mac OS X Server v10.5.5
The download
file is named: "SecUpdSrvr2008-007.dmg"
Its SHA-1 digest is: 62db4a0d0688bc047fcf391a20e23e1a72ae292c
For Mac OS X v10.4.11
(Intel)
The download file is named: "SecUpd2008-007Intel.dmg"
Its SHA-1 digest is: 810167ffc3480a897f0b3ef62fdaaed2cfd77f1a
For
Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2008-007PPC.dmg"
Its SHA-1 digest is: 2e1253241cec2999c8754db40816f801ad80ad8b
For
Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-007Univ.dmg"
Its SHA-1 digest is: 7c71ffd314d7412dcb73746151d4fd7c32749415
For
Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2008-007PPC.dmg"
Its SHA-1 digest is: be0868a142a9e2a6e93d42c3208ca9585a25cc6d
The
Apple advisory is available at:
http://support.apple.com/kb/HT3216
|
Vendor URL: support.apple.com/kb/HT3216 (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (OS X)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 10 Oct 2008 00:19:44 -0400
Subject: CUPS
|
CUPS
CVE-ID: CVE-2008-3641
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.5, Mac OS X Server v10.5.5
Impact: A remote attacker may be able to cause arbitrary code
execution with the privileges of the 'lp' user
Description: A range checking issue exists in the Hewlett-Packard
Graphics Language (HPGL) filter, which may cause arbitrary memory to
be overwritten with controlled data. If Printer Sharing is enabled, a
remote attacker may be able to cause arbitrary code execution with
the privileges of the 'lp' user. If Printer Sharing is not enabled, a
local user may be able to obtain elevated privileges. This update
addresses the issue by performing additional bounds checking. Credit
to regenrecht working with TippingPoint's Zero Day Initiative for
reporting this issue.
|
|
