Bug 529833 (CVE-2009-2820) - CVE-2009-2820 cups: Several XSS flaws in forms processed by CUPS web interface
Summary: CVE-2009-2820 cups: Several XSS flaws in forms processed by CUPS web interface
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-2820
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 536787 536788
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-10-20 11:28 UTC by Jan Lieskovsky
Modified: 2023-05-11 13:49 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-19 09:08:35 UTC
Embargoed:


Attachments (Terms of Use)
CVE-2009-2820-cups-1.3v2.patch from Aaron Sigel (13.13 KB, patch)
2009-10-20 11:31 UTC, Jan Lieskovsky
no flags Details | Diff
CVE-2009-2820-cups-1.4v2.patch from Aaron Sigel (13.07 KB, patch)
2009-10-20 11:32 UTC, Jan Lieskovsky
no flags Details | Diff
Regression fix (855 bytes, patch)
2009-10-30 20:46 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
CUPS Bugs and Features 3367 0 None None None Never
CUPS Bugs and Features 3401 0 None None None Never
Red Hat Product Errata RHSA-2009:1595 0 normal SHIPPED_LIVE Moderate: cups security update 2010-01-12 16:21:19 UTC

Description Jan Lieskovsky 2009-10-20 11:28:12 UTC
Several cross-site scripting (XSS) flaws were found in the way CUPS web
server interface used to process HTML form(s) content. A remote attacker
could provide a specially-crafted HTML page(s), which once visited, by
a local, unsuspecting user could lead to intended client-side security
mechanisms bypass or, potentially, to injecting of malicious scripts into
web pages, processed by CUPS web interface. 

Acknowledgements:

Red Hat would like to thank Aaron Sigel of Apple Product Security for
responsibly reporting this issue.

Comment 1 Jan Lieskovsky 2009-10-20 11:30:00 UTC
This issue does NOT affect the versions of the cups package, as shipped
with Red Hat Enterprise Linux 3 and 4.

This issue affects the version of the cups package, as shipped 
with Red Hat Enterprise Linux 5.

Comment 2 Jan Lieskovsky 2009-10-20 11:31:53 UTC
Created attachment 365324 [details]
CVE-2009-2820-cups-1.3v2.patch from Aaron Sigel

Comment 3 Jan Lieskovsky 2009-10-20 11:32:38 UTC
Created attachment 365326 [details]
CVE-2009-2820-cups-1.4v2.patch from Aaron Sigel

Comment 6 Vincent Danen 2009-10-23 17:23:46 UTC
This issue does not affect CUPS 1.1.x because it does not include the vulnerable admin page.

Comment 10 Tomas Hoger 2009-10-30 20:46:46 UTC
Created attachment 366865 [details]
Regression fix

It was reported that upstream patch breaks adding a class using the web interface.  Following patch was proposed and is being reviewed upstream.  It's possible this fix won't make it to upstream 1.4.2.

Comment 11 Tomas Hoger 2009-11-10 07:42:43 UTC
Now fixed in 1.4.2, which should also contain regression fix mentioned in comment #10:

http://www.cups.org/articles.php?L590
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Comment 16 errata-xmlrpc 2009-11-18 12:49:59 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1595 https://rhn.redhat.com/errata/RHSA-2009-1595.html

Comment 17 Fedora Update System 2009-12-01 04:17:40 UTC
cups-1.4.2-7.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2009-12-01 04:33:04 UTC
cups-1.4.2-7.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2009-12-02 04:48:48 UTC
cups-1.3.11-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 errata-xmlrpc 2010-01-12 16:21:23 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1595 https://rhn.redhat.com/errata/RHSA-2009-1595.html


Note You need to log in before you can comment on or make changes to this bug.