SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CUPS Vendors:   Easy Software Products
CUPS Bug in HPGL Filter Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021031
SecurityTracker URL:  http://securitytracker.com/id/1021031
CVE Reference:   CVE-2008-3641   (Links to External Site)
Updated:  Oct 10 2008
Original Entry Date:  Oct 10 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in CUPS. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted pen width and pen color opcodes to the CUPS service to execute arbitrary code on the target system. The code will run with 'lp' user privileges.

On Mac OS X, if Printer Sharing is not enabled, a local user may be able to obtain elevated privileges.

The vulnerability resides in the Hewlett-Packard Graphics Language (HPGL) filter.

Apple was notified on August 19, 2008. Other operating systems are also affected.

regenrecht reported this vulnerability via TippingPoint's Zero Day Initiative.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   Apple has issued a fix as part of Security Update 2008-007, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.5.5
The download file is named: "SecUpd2008-007.dmg"
Its SHA-1 digest is: 2e2489a223d13e9d7b9928735b6693ab0cbe6e00

For Mac OS X Server v10.5.5
The download file is named: "SecUpdSrvr2008-007.dmg"
Its SHA-1 digest is: 62db4a0d0688bc047fcf391a20e23e1a72ae292c

For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-007Intel.dmg"
Its SHA-1 digest is: 810167ffc3480a897f0b3ef62fdaaed2cfd77f1a

For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2008-007PPC.dmg"
Its SHA-1 digest is: 2e1253241cec2999c8754db40816f801ad80ad8b

For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-007Univ.dmg"
Its SHA-1 digest is: 7c71ffd314d7412dcb73746151d4fd7c32749415

For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2008-007PPC.dmg"
Its SHA-1 digest is: be0868a142a9e2a6e93d42c3208ca9585a25cc6d

The Apple advisory is available at:

http://support.apple.com/kb/HT3216

Vendor URL:  support.apple.com/kb/HT3216 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (macOS/OS X)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 10 2008 (Red Hat Issues Fix) CUPS Bug in HPGL Filter Lets Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 3, 4, and 5.
Jun 11 2009 (Sun Issues Fix) CUPS Bug in HPGL Filter Lets Remote Users Execute Arbitrary Code
Sun has issued a fix for OpenSolaris.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC