In association with heise online

01 November 2007, 12:09

Security hole in Unix CUPS printing service

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to Secunia, a buffer overflow in the CUPS Common UNIX Printing System could allow attackers to gain access to and take control of a server. However CUPS is usually only accessible from local networks, which limits the risk of exploitation. The flaw was discovered in version 1.3.3, and earlier versions are also likely to be vulnerable.

The buffer overflow affects the ippReadIO function in the cups/ipp.c file and can be triggered by means of specially crafted IPP packets. According to Secunia, an attacker merely has to send crafted textWithLanguage or nameWithLanguage tags. Although it appears that only one byte can be overwritten with a zero in the stack, the report claims that this is enough to inject and execute arbitrary code.

CUPS update 1.3.4 has already been released and also resolves several other issues which are not security related. Linux and Unix distributors are likely to follow suit with updated versions soon. Although Apple obtained rights to the Unix printing system's source code a few months ago, CUPS continues to be distributed under GPL and LGPL. In 2002, the CUPS printing system was integrated into Apple's Mac OS X operating system. Therefore, an update for Mac users can also be expected in the near future.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit