Security hole in Unix CUPS printing service
According to Secunia, a buffer overflow in the CUPS Common UNIX Printing System could allow attackers to gain access to and take control of a server. However CUPS is usually only accessible from local networks, which limits the risk of exploitation. The flaw was discovered in version 1.3.3, and earlier versions are also likely to be vulnerable.
The buffer overflow affects the ippReadIO function in the cups/ipp.c file and can be triggered by means of specially crafted IPP packets. According to Secunia, an attacker merely has to send crafted textWithLanguage or nameWithLanguage tags. Although it appears that only one byte can be overwritten with a zero in the stack, the report claims that this is enough to inject and execute arbitrary code.
CUPS update 1.3.4 has already been released and also resolves several other issues which are not security related. Linux and Unix distributors are likely to follow suit with updated versions soon. Although Apple obtained rights to the Unix printing system's source code a few months ago, CUPS continues to be distributed under GPL and LGPL. In 2002, the CUPS printing system was integrated into Apple's Mac OS X operating system. Therefore, an update for Mac users can also be expected in the near future.
- CUPS IPP Tags Memory Corruption Vulnerability, Secunia advisory