Vulnerabilities > CVE-2008-1373 - Buffer Errors vulnerability in Easy Software products Cups 1.3.6

CVSS 5.8 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

low complexity

easy-software-products

CWE-119

nessus

NVD

Published: 2008-04-04

Updated: 2018-10-11

Summary

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

Vulnerable Configurations

Part	Description	Count
Application	Easy_Software_Products Easy Software Products Cups 1.3.6	1

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200804-01.NASL
description	The remote host is affected by the vulnerability described in GLSA-200804-01 (CUPS: Multiple vulnerabilities) Multiple vulnerabilities have been reported in CUPS: regenrecht (VeriSign iDefense) discovered that the cgiCompileSearch() function used in several CGI scripts in CUPS
last seen	2020-06-01
modified	2020-06-02
plugin id	31752
published	2008-04-04
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31752
title	GLSA-200804-01 : CUPS: Multiple vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200804-01. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(31752); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2008-0047", "CVE-2008-0053", "CVE-2008-0882", "CVE-2008-1373"); script_bugtraq_id(27906, 28307, 28334, 28544); script_xref(name:"GLSA", value:"200804-01"); script_name(english:"GLSA-200804-01 : CUPS: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200804-01 (CUPS: Multiple vulnerabilities) Multiple vulnerabilities have been reported in CUPS: regenrecht (VeriSign iDefense) discovered that the cgiCompileSearch() function used in several CGI scripts in CUPS' administration interface does not correctly calculate boundaries when processing a user-provided regular expression, leading to a heap-based buffer overflow (CVE-2008-0047). Helge Blischke reported a double free() vulnerability in the process_browse_data() function when adding or removing remote shared printers (CVE-2008-0882). Tomas Hoger (Red Hat) reported that the gif_read_lzw() function uses the code_size value from GIF images without properly checking it, leading to a buffer overflow (CVE-2008-1373). An unspecified input validation error was discovered in the HP-GL/2 filter (CVE-2008-0053). Impact : A local attacker could send specially crafted network packets or print jobs and possibly execute arbitrary code with the privileges of the user running CUPS (usually lp), or cause a Denial of Service. The vulnerabilities are exploitable via the network when CUPS is sharing printers remotely. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200804-01" ); script_set_attribute( attribute:"solution", value: "All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-print/cups-1.2.12-r7'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cups"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-print/cups", unaffected:make_list("ge 1.2.12-r7"), vulnerable:make_list("lt 1.2.12-r7"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CUPS"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_CUPS-5117.NASL
description	- specially crafted GIF files could cause a buffer overflow in the printer filter for image files (CVE-2008-1373). - specially crafted files could cause a buffer overflow in the HP-GL/2 printer filter (CVE-2008-0053).
last seen	2020-06-01
modified	2020-06-02
plugin id	31770
published	2008-04-04
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31770
title	openSUSE 10 Security Update : cups (cups-5117)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update cups-5117. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(31770); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-0053", "CVE-2008-1373"); script_name(english:"openSUSE 10 Security Update : cups (cups-5117)"); script_summary(english:"Check for the cups-5117 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - specially crafted GIF files could cause a buffer overflow in the printer filter for image files (CVE-2008-1373). - specially crafted files could cause a buffer overflow in the HP-GL/2 printer filter (CVE-2008-0053)." ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-libs-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1\|SUSE10\.2\|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"cups-1.1.23-40.41") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"cups-client-1.1.23-40.41") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"cups-devel-1.1.23-40.41") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"cups-libs-1.1.23-40.41") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"cups-libs-32bit-1.1.23-40.41") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"cups-1.2.7-12.15") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"cups-client-1.2.7-12.15") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"cups-devel-1.2.7-12.15") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"cups-libs-1.2.7-12.15") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"cups-libs-32bit-1.2.7-12.15") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"cups-1.2.12-22.13") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"cups-client-1.2.12-22.13") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"cups-devel-1.2.12-22.13") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"cups-libs-1.2.12-22.13") ) flag++; if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"cups-libs-32bit-1.2.12-22.13") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-client / cups-devel / cups-libs / cups-libs-32bit"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0192.NASL
description	From Red Hat Security Advisory 2008:0192 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	67670
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67670
title	Oracle Linux 5 : cups (ELSA-2008-0192)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0192 and # Oracle Linux Security Advisory ELSA-2008-0192 respectively. # include("compat.inc"); if (description) { script_id(67670); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2008-0047", "CVE-2008-0053", "CVE-2008-1373"); script_bugtraq_id(28307, 28544); script_xref(name:"RHSA", value:"2008:0192"); script_name(english:"Oracle Linux 5 : cups (ELSA-2008-0192)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0192 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the 'lp' user. Please note: the default CUPS configuration in Red Hat Enterprise Linux 5 does not allow remote connections to the IPP TCP port. (CVE-2008-0047) Red Hat would like to thank 'regenrecht' for reporting this issue. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the 'lp' user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters 'imagetops' and 'imagetoraster'. An attacker could create a malicious GIF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1373) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-April/000556.html" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-lpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"cups-1.2.4-11.14.el5_1.6")) flag++; if (rpm_check(release:"EL5", reference:"cups-devel-1.2.4-11.14.el5_1.6")) flag++; if (rpm_check(release:"EL5", reference:"cups-libs-1.2.4-11.14.el5_1.6")) flag++; if (rpm_check(release:"EL5", reference:"cups-lpd-1.2.4-11.14.el5_1.6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080401_CUPS_ON_SL3_X.NASL
description	SL5 Only: A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	60378
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60378
title	Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_CUPS-5115.NASL
description	- specially crafted GIF files could cause a buffer overflow in the printer filter for image files. (CVE-2008-1373) - specially crafted files could cause a buffer overflow in the HP-GL/2 printer filter. (CVE-2008-0053)
last seen	2020-06-01
modified	2020-06-02
plugin id	31769
published	2008-04-04
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31769
title	SuSE 10 Security Update : CUPS (ZYPP Patch Number 5115)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-2897.NASL
description	Three security issues have been fixed in this update: * A buffer overflow when processing GIF files * A heap-based overflow in a CUPS helper program, used for searching documentation * A buffer overflow when processing HP-GL/2 files Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31816
published	2008-04-11
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31816
title	Fedora 7 : cups-1.2.12-10.fc7 (2008-2897)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1625.NASL
description	Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0053 Buffer overflows in the HP-GL input filter allowed to possibly run arbitrary code through crafted HP-GL files. - CVE-2008-1373 Buffer overflow in the GIF filter allowed to possibly run arbitrary code through crafted GIF files. - CVE-2008-1722 Integer overflows in the PNG filter allowed to possibly run arbitrary code through crafted PNG files.
last seen	2020-06-01
modified	2020-06-02
plugin id	33774
published	2008-08-01
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33774
title	Debian DSA-1625-1 : cupsys - buffer overflows

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-3586.NASL
description	- Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-2 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). - Fri May 2 2008 Tim Waugh <twaugh at redhat.com> - Include the hostname in the charset error (part of bug #441719). - Thu Apr 10 2008 Tim Waugh <twaugh at redhat.com> - Log an error when a client requests a charset other than ASCII or UTF-8. - Thu Apr 3 2008 Tim Waugh <twaugh at redhat.com> - Main package requires exactly-matching libs package. - Wed Apr 2 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-1 - 1.3.7. No longer need str2715, str2727, or CVE-2008-0047 patches. - Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.6-4 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). - Thu Feb 28 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-3 - Apply upstream fix for Adobe JPEG files (bug #166460, STR #2727). - Sat Feb 23 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-2 - Fix encoding of job-sheets option (bug #433753, STR #2715). - Wed Feb 20 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-1 - 1.3.6. No longer need str2650, str2664, or str2703 patches. - Tue Feb 12 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-3 - Fixed admin.cgi handling of DefaultAuthType (bug #432478, STR #2703). - Mon Jan 21 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-2 - Rebuilt. - Thu Jan 10 2008 Tim Waugh <twaugh at redhat.com> - Apply patch to fix busy looping in the backends (bug #426653, STR #2664). - Wed Jan 9 2008 Tim Waugh <twaugh at redhat.com> - Apply patch to prevent overlong PPD lines from causing failures except in strict mode (bug #405061). Needed for compatibility with older versions of foomatic (e.g. Red Hat Enterprise Linux 3/4). - Applied upstream patch to fix cupsctl --remote-any (bug #421411, STR #2650). - Thu Jan 3 2008 Tim Waugh <twaugh at redhat.com> 1.3.5-1 - 1.3.5. No longer need str2600, CVE-2007-4352,5392,5393 patches. - Efficiency fix for pstoraster (bug #416871). - Fri Nov 30 2007 Tim Waugh <twaugh at redhat.com> - CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are not moved in array operations, only pointers to them. - Tue Nov 27 2007 Tim Waugh <twaugh at redhat.com> - Updated to improved dnssd backend from Till Kamppeter. - Don
last seen	2020-06-01
modified	2020-06-02
plugin id	32207
published	2008-05-11
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/32207
title	Fedora 8 : cups-1.3.7-2.fc8 (2008-3586)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0206.NASL
description	From Red Hat Security Advisory 2008:0206 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	67674
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67674
title	Oracle Linux 3 / 4 : cups (ELSA-2008-0206)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-598-1.NASL
description	It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0047) It was discovered that the hpgl filter in CUPS did not properly validate its input when parsing parameters. If a crafted HP-GL/2 file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0053) It was discovered that CUPS had a flaw in its managing of remote shared printers via IPP. A remote attacker could send a crafted UDP packet and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0882) It was discovered that CUPS did not properly perform bounds checking in its GIF decoding routines. If a crafted GIF file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1373). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31785
published	2008-04-04
reporter	Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31785
title	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : cupsys vulnerabilities (USN-598-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12117.NASL
description	- specially crafted GIF files could cause a buffer overflow in the printer filter for image files. (CVE-2008-1373) - specially crafted files could cause a buffer overflow in the HP-GL/2 printer filter. (CVE-2008-0053)
last seen	2020-06-01
modified	2020-06-02
plugin id	41203
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41203
title	SuSE9 Security Update : CUPS (YOU Patch Number 12117)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0192.NASL
description	Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	43677
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43677
title	CentOS 5 : cups (CESA-2008:0192)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0206.NASL
description	Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	31756
published	2008-04-04
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31756
title	RHEL 3 / 4 : cups (RHSA-2008:0206)

NASL family	Misc.
NASL id	CUPS_1_3_7.NASL
description	According to its banner, the version of CUPS installed on the remote host is affected by several issues : - A buffer overflow exists in
last seen	2020-06-01
modified	2020-06-02
plugin id	31730
published	2008-04-03
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31730
title	CUPS < 1.3.7 Multiple Vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-3449.NASL
description	- Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-11 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). - Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-10 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). - Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-9 - Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656). - Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-8 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - LSPP fixes (cupsdSetString/ClearString). - Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). - Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661). - Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5 - Use ppdev for parallel port Device ID retrieval (bug #311671). - Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4 - Applied patch to fix CVE-2007-3387 (bug #251518). - Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3 - Better buildroot tag. - Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522). - Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2 - Use kernel support for USB paper-out detection, when available (bug #249213). - Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1 - 1.2.12. No longer need adminutil or str2408 patches. - Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3 - Better paper-out detection patch still (bug #246222). - Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2 - Applied patch to fix group handling in PPDs (bug #186231, STR #2408). - Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1 - Fixed permissions on classes.conf in the file manifest (bug #245748). - 1.2.11. - Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com> - Make the initscript use start priority 56 (bug #213828). - Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12 - Better paper-out detection patch (bug #241589). - Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11 - Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	32197
published	2008-05-11
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/32197
title	Fedora 7 : cups-1.2.12-11.fc7 (2008-3449)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0206.NASL
description	Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	31741
published	2008-04-04
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31741
title	CentOS 3 / 4 : cups (CESA-2008:0206)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0192.NASL
description	Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	31754
published	2008-04-04
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31754
title	RHEL 5 : cups (RHSA-2008:0192)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2008-094-01.NASL
description	New cups packages are available for Slackware 12.0, and -current to fix security issues. The change from CUPS 1.2.x to CUPS 1.3.x was tested here, but if you
last seen	2020-06-01
modified	2020-06-02
plugin id	31740
published	2008-04-04
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31740
title	Slackware 12.0 / current : cups (SSA:2008-094-01)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-2131.NASL
description	Two security issues have been fixed in this update: * A buffer overflow when processing GIF files * A heap-based overflow in a CUPS helper program, used for searching documentation This update also fixes a problem with processing some JPEG files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31814
published	2008-04-11
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31814
title	Fedora 8 : cups-1.3.6-4.fc8 (2008-2131)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-081.NASL
description	A heap-based buffer overflow in CUPS 1.2.x and later was discovered by regenrecht of VeriSign iDenfense that could allow a remote attacker to execute arbitrary code via a crafted CGI search expression (CVE-2008-0047). A validation error in the Hp-GL/2 filter was also discovered (CVE-2008-0053). Finally, a vulnerability in how CUPS handled GIF files was found by Tomas Hoger of Red Hat, similar to previous issues corrected in PHP, gd, tk, netpbm, and SDL_image (CVE-2008-1373). The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	37420
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37420
title	Mandriva Linux Security Advisory : cups (MDVSA-2008:081)

Oval

accepted

2013-04-29T04:14:19.874-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

family

unix

oval:org.mitre.oval:def:11479

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

version

Redhat

advisories

bugzilla

id	438303
title	CVE-2008-1373 cups: overflow in gif image filter

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment cups-devel is earlier than 1:1.2.4-11.14.el5_1.6
oval oval:com.redhat.rhsa:tst:20080192001
comment cups-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070123011
AND
comment cups-lpd is earlier than 1:1.2.4-11.14.el5_1.6
oval oval:com.redhat.rhsa:tst:20080192003
comment cups-lpd is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070123015
AND
comment cups-libs is earlier than 1:1.2.4-11.14.el5_1.6
oval oval:com.redhat.rhsa:tst:20080192005
comment cups-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070123013
AND
comment cups is earlier than 1:1.2.4-11.14.el5_1.6
oval oval:com.redhat.rhsa:tst:20080192007
comment cups is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070123009

rhsa

id	RHSA-2008:0192
released	2008-04-01
severity	Moderate
title	RHSA-2008:0192: cups security update (Moderate)

rhsa
id RHSA-2008:0206

rpms

cups-1:1.2.4-11.14.el5_1.6
cups-debuginfo-1:1.2.4-11.14.el5_1.6
cups-devel-1:1.2.4-11.14.el5_1.6
cups-libs-1:1.2.4-11.14.el5_1.6
cups-lpd-1:1.2.4-11.14.el5_1.6
cups-1:1.1.17-13.3.52
cups-1:1.1.22-0.rc1.9.20.2.el4_6.6
cups-debuginfo-1:1.1.17-13.3.52
cups-debuginfo-1:1.1.22-0.rc1.9.20.2.el4_6.6
cups-devel-1:1.1.17-13.3.52
cups-devel-1:1.1.22-0.rc1.9.20.2.el4_6.6
cups-libs-1:1.1.17-13.3.52
cups-libs-1:1.1.22-0.rc1.9.20.2.el4_6.6

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 28544 CVE(CAN) ID: CVE-2008-1373 Common Unix Printing System (CUPS)是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务。 CUPS处理畸形格式的GIF文件时存在漏洞，远程攻击者可能利用此漏洞控制服务器。 CUPS打印系统所使用的GIF解析代码直接从GIF图形中读取了code_size值，且没有经过验证便用于初始化gif_read_lzw()中的表格数组，这可能导致静态溢出。由于在for循环中用作上边界的clear_code为short型，因此溢出仅限于大约4k到16k的short int值。此外，攻击者仅能部分控制写过缓冲区的值。 Easy Software Products CUPS 1.3.6 厂商补丁： Easy Software Products ---------------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.cups.org/str.php?L2765 target=_blank>http://www.cups.org/str.php?L2765</a> RedHat ------ RedHat已经为此发布了安全公告（RHSA-2008:0206-01/RHSA-2008:0192-01）以及相应补丁: RHSA-2008:0206-01：Moderate: cups security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0206.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0206.html</a> RHSA-2008:0192-01：Moderate: cups security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0192.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0192.html</a> Gentoo ------ Gentoo已经为此发布了一个安全公告（GLSA-200804-01）以及相应补丁: GLSA-200804-01：CUPS: Multiple vulnerabilities 链接：<a href=http://security.gentoo.org/glsa/glsa-200804-01.xml target=_blank>http://security.gentoo.org/glsa/glsa-200804-01.xml</a> 所有CUPS用户都应升级到最新版本： # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7"
id	SSV:3117
last seen	2017-11-19
modified	2008-04-03
published	2008-04-03
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-3117
title	CUPS gif_read_lzw()函数GIF文件处理缓冲区溢出漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

Seebug

References