Bug 436153 (CVE-2008-0047)
Summary: | CVE-2008-0047 cups: heap based buffer overflow in cgiCompileSearch() | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | kreilly, security-response-team, twaugh | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-04-09 06:22:50 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 436338, 436339, 440040, 440041, 440042 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2008-03-05 17:24:26 UTC
Created attachment 296901 [details]
Upstream patch
This issue does not affect the version of cups as shipped in Red Hat Enterprise Linux 3 or 4 (no help.cgi). In Red Hat Enterprise Linux 5, help.cgi is included (as a PIE executable) and runs as user lp group lp. For CVSS v2 score using Access Vector: Local because by default the tcp administrator interface is bound to localhost. cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P Downgrading to moderate severity. By default on RHEL, CUPS binds the tcp administration interface to localhost. Successful exploitation of this flaw would yield user 'lp' group 'lp' privileges, but confined by the targeted SELinux policy, enabled by default. Public now via APPLE-SA-2008-03-18: http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Lifting embargo. cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7 cups-1.3.6-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. cups-1.2.12-10.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0192.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2897 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2131 |