CUPS print service executes injected code
Version 1.3.6 of the CUPS CUPS print service and prior releases contain a security vulnerability. The security hole allows attackers to inject and execute code using a specially crafted request to the print service.
In its standard configuration, CUPS monitors TCP port 631 for incoming connections. If a printer is shared on a computer, generally anyone on the LAN has access to it. According to an advisory by security service provider iDefense, attackers can use undisclosed crafted requests to the service to trigger a buffer overflow and execute malicious code. If CUPS is only running locally without printer sharing, local users can use the vulnerability to increase their permissions.
Apple, the current owner of CUPS has updated the printer service under Mac OS X with its release today of Update 2008-002. Linux distributors should release their updated packets soon. If the update is offered by the distributor, the administrator should apply itas soon as possible.
See also:
- Multiple Vendor CUPS CGI Heap Overflow Vulnerability, security advisory by iDefense
- Common UNIX Printing System 1.3.6, announcement of the current version by the CUPS developers
(mba)