[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#506180: CUPS: daemon crashes when adding more than 100 rss subscriptions

found 506180 1.3.7-6
retitle 506180 CVE-2008-5183: daemon crashes when adding more than 100
subscriptions
thanks

2008/11/18 Raphael Geissert <atomo64@gmail.com>:
> Source: cups
> Severity: important
> Version: 1.3.7-1
> Tags: security
>
> Hi,
>
> An exploit[0][1] has been published for CUPS.
>
>> The daemon crashes when more than 100 RSS Subscriptions are added which has
>> been successfully tested on the latest versions of openSuse and Ubuntu
>> Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason,

This is CVE-2008-5183

>> the user doesn't need to login to add RSS subscriptions, although
>> authentication is required to perform other actions. I'm not sure if this

and this is CVE-2008-5184. So, if I got it right etch is not affected
either, right?



Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Yogi Berra  - "I never said most of the things I said."
Reply to: