Your message dated Wed, 19 Nov 2008 13:12:14 +0100 with message-id <20081119121214.GB6356@piware.de> and subject line Re: [Pkg-cups-devel] Bug#506180: CUPS: daemon crashes when adding more than 100 rss subscriptions has caused the Debian Bug report #506180, regarding CUPS: daemon crashes when adding more than 100 rss subscriptions to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 506180: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506180 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: CUPS: daemon crashes when adding more than 100 rss subscriptions
- From: Raphael Geissert <atomo64@gmail.com>
- Date: Tue, 18 Nov 2008 21:22:06 -0600
- Message-id: <[🔎] 200811182122.14549.atomo64@gmail.com>
Source: cups Severity: important Version: 1.3.7-1 Tags: security Hi, An exploit[0][1] has been published for CUPS. > The daemon crashes when more than 100 RSS Subscriptions are added which has > been successfully tested on the latest versions of openSuse and Ubuntu > Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason, > the user doesn’t need to login to add RSS subscriptions, although > authentication is required to perform other actions. I’m not sure if this > bug can lead to remote code execution. Further investigation/gdbing is > required. Note: when reproducing it locally in a default Debian setup, I was required to login before the RSS subscriptions could be added and then crash cupsd. If you fix the vulnerability please also make sure to include the CVE id when one is assigned in the changelog entry. [0]http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ [1]http://www.milw0rm.com/exploits/7151 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.netAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
- To: Raphael Geissert <atomo64@gmail.com>, 506180-done@bugs.debian.org
- Subject: Re: [Pkg-cups-devel] Bug#506180: CUPS: daemon crashes when adding more than 100 rss subscriptions
- From: Martin Pitt <mpitt@debian.org>
- Date: Wed, 19 Nov 2008 13:12:14 +0100
- Message-id: <20081119121214.GB6356@piware.de>
- In-reply-to: <[🔎] 200811182122.14549.atomo64@gmail.com>
- References: <[🔎] 200811182122.14549.atomo64@gmail.com>
Version: 1.3.8-1 Hello Raphael, Raphael Geissert [2008-11-18 21:22 -0600]: > An exploit[0][1] has been published for CUPS. > > > The daemon crashes when more than 100 RSS Subscriptions are added which has > > been successfully tested on the latest versions of openSuse and Ubuntu > > Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason, > > the user doesn’t need to login to add RSS subscriptions, although > > authentication is required to perform other actions. I’m not sure if this > > bug can lead to remote code execution. Further investigation/gdbing is > > required. > > Note: when reproducing it locally in a default Debian setup, I was required to > login before the RSS subscriptions could be added and then crash cupsd. This is http://www.cups.org/str.php?L2774 which has been fixed in 1.3.8. Thus current testing and unstable are unaffected. Etch is unaffected as well, since 1.2.7 did not yet have RSS subscriptions. So I close this report. However, it is relevant for Ubuntu 7.10 and 8.04, so I'll fix it there. > If you fix the vulnerability please also make sure to include the CVE id when > one is assigned in the changelog entry. I will, but currently there is none. Thanks for pointing out! Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)Attachment: signature.asc
Description: Digital signature
--- End Message ---