Common Unix Printing System Attribute Name Buffer Overflow Vulnerability

Cups (Common Unix Printing System) is a freely available, open source printer package maintained by the Cups Project. It is available for the Unix and Linux platforms.

When a job is submitted to a printer that is managed by Cups, it may be possible to create a buffer overflow condition. The jobs.c portion of the scheduler source uses a strcat function to copy the name attribute. No checks on the size of the name are performed, making it possible to overwrite variables on the stack, including the return address, and potentially execute arbitrary code.

This vulnerability is remotely exploitable.


 

Privacy Statement
Copyright 2010, SecurityFocus