Bug 1084577 (CVE-2014-8166)
| Summary: | CVE-2014-8166 cups: code execution via unescape ANSI escape sequences | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | |||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | unspecified | CC: | carnil, falonso, fweimer, jkurik, jpopelka, jrusnack, matthias.flege, pfrields, security-response-team, shlomif, twaugh | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
A flaw was found in the way the CUPS daemon added shared printers announced through the network. A malicious host or user could send a specially crafted UDP packet to a CUPS server that, when processed, could potentially lead to arbitrary code execution with the privileges of the user running the CUPS daemon.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-04-14 10:53:32 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1084580 | ||||||
| Attachments: |
|
||||||
|
Description
Vincent Danen
2014-04-04 18:29:32 UTC
Created attachment 916761 [details]
untested patch
(In reply to Tim Waugh from comment #4) > Created attachment 916761 [details] > untested patch I tested it and it works for me. Hi all, I was referred to this bug from https://bugs.mageia.org/show_bug.cgi?id=15562 . (In reply to Jiri Popelka from comment #5) > (In reply to Tim Waugh from comment #4) > > Created attachment 916761 [details] > > untested patch > > I tested it and it works for me. Which version of the Fedora/Red Hat CUPS package is this patch for? It does not seem to apply cleanly against the one from RawHide: <<< shlomif@telaviv1:~/progs/Rpms$ cd BUILD/cups-2.0.2/ shlomif@telaviv1:~/progs/Rpms/BUILD/cups-2.0.2$ ls autom4te.cache CHANGES.txt desktop man backend conf doc monitor berkeley config.h.in examples notifier cgi-bin config.h.in.lspp filter packaging CHANGES-1.0.txt config-scripts install-sh ppdc CHANGES-1.1.txt configure INSTALL.txt README.txt CHANGES-1.2.txt configure.ac IPPTOOL.txt scheduler CHANGES-1.3.txt configure.ac.lspp LICENSE.txt systemv CHANGES-1.4.txt CREDITS.txt locale templates CHANGES-1.5.txt cups Makedefs.in test CHANGES-1.6.txt cups-config.in Makedefs.in.0755 vcnet CHANGES-1.7.txt cups-config.in.multilib Makedefs.in.lspp xcode CHANGES-IPPTOOL.txt data Makefile shlomif@telaviv1:~/progs/Rpms/BUILD/cups-2.0.2$ grep -r process_browse . shlomif@telaviv1:~/progs/Rpms/BUILD/cups-2.0.2$ grep -r 'Resource FQDN' . shlomif@telaviv1:~/progs/Rpms/BUILD/cups-2.0.2$ grep -r 'hptr' . shlomif@telaviv1:~/progs/Rpms/BUILD/cups-2.0.2$ >>> (all these identifiers appear in the scheduler/dirsvc.c portion of the patch). Please enlighten me. Regards, -- Shlomi Fish It's for RHEL-6. That functionality was removed in CUPS 1.6. (In reply to Tim Waugh from comment #7) > It's for RHEL-6. That functionality was removed in CUPS 1.6. Thanks for the insight! I'll update the Mageia bug. |