[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#506180: marked as done (CUPS: daemon crashes when adding more than 100 rss subscriptions)

Your message dated Wed, 19 Nov 2008 13:12:14 +0100
with message-id <20081119121214.GB6356@piware.de>
and subject line Re: [Pkg-cups-devel] Bug#506180: CUPS: daemon crashes when adding more than 100 rss subscriptions
has caused the Debian Bug report #506180,
regarding CUPS: daemon crashes when adding more than 100 rss subscriptions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
506180: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506180
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: cups
Severity: important
Version: 1.3.7-1
Tags: security

Hi,

An exploit[0][1] has been published for CUPS.

> The daemon crashes when more than 100 RSS Subscriptions are added which has
> been successfully tested on the latest versions of openSuse and Ubuntu
> Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason,
> the user doesn’t need to login to add RSS subscriptions, although
> authentication is required to perform other actions. I’m not sure if this
> bug can lead to remote code execution. Further investigation/gdbing is
> required.

Note: when reproducing it locally in a default Debian setup, I was required to 
login before the RSS subscriptions could be added and then crash cupsd.

If you fix the vulnerability please also make sure to include the CVE id when 
one is assigned in the changelog entry.

[0]http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/
[1]http://www.milw0rm.com/exploits/7151

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
--- Begin Message --- 
Version: 1.3.8-1

Hello Raphael,

Raphael Geissert [2008-11-18 21:22 -0600]:
> An exploit[0][1] has been published for CUPS.
> 
> > The daemon crashes when more than 100 RSS Subscriptions are added which has
> > been successfully tested on the latest versions of openSuse and Ubuntu
> > Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason,
> > the user doesn’t need to login to add RSS subscriptions, although
> > authentication is required to perform other actions. I’m not sure if this
> > bug can lead to remote code execution. Further investigation/gdbing is
> > required.
> 
> Note: when reproducing it locally in a default Debian setup, I was required to 
> login before the RSS subscriptions could be added and then crash cupsd.

This is http://www.cups.org/str.php?L2774 which has been fixed in
1.3.8. Thus current testing and unstable are unaffected. Etch is
unaffected as well, since 1.2.7 did not yet have RSS subscriptions.

So I close this report. However, it is relevant for Ubuntu 7.10 and
8.04, so I'll fix it there.

> If you fix the vulnerability please also make sure to include the CVE id when 
> one is assigned in the changelog entry.

I will, but currently there is none.

Thanks for pointing out!

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: