CUPS strncat() Function Call Buffer Overflow Vulnerability

A vulnerability has been reported for CUPS that may allow attackers to execute code with root privileges. Reportedly, some functions in the CUPS daemon use the strncat() function call improperly.

When the CUPS daemon receives specially constructed printer attributes, it will trigger a buffer overflow condition when the strncat() function is used and may result in the corruption of sensitive memory with attacker-supplied values.

It may be possible for an attacker to execute code with root privileges by exploiting this vulnerability.

It should be noted that CUPS is not enabled by default in Red Hat Linux
and Apple MacOS X.


 

Privacy Statement
Copyright 2010, SecurityFocus