Description
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Affected products
- Apple / mac_os_x10.2 – 10.2
- Apple / mac_os_x10.2.2 – 10.2.2
- easy_software_products / cups1.1.1 – 1.1.1
- easy_software_products / cups1.1.4 – 1.1.4
- easy_software_products / cups1.1.4_2 – 1.1.4_2
- easy_software_products / cups1.1.4_3 – 1.1.4_3
- easy_software_products / cups1.1.4_5 – 1.1.4_5
- easy_software_products / cups1.0.4 – 1.0.4
- easy_software_products / cups1.1.7 – 1.1.7
- easy_software_products / cups1.1.10 – 1.1.10
- easy_software_products / cups1.1.13 – 1.1.13
- easy_software_products / cups1.1.14 – 1.1.14
- easy_software_products / cups1.1.17 – 1.1.17
- easy_software_products / cups1.1.6 – 1.1.6
- easy_software_products / cups1.0.4_8 – 1.0.4_8
References
- MISChttp://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
- VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-232
- VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2003_002_cups.html
- MISChttp://www.idefense.com/advisory/12.19.02.txt
- MISChttp://www.redhat.com/support/errata/RHSA-2002-295.html
- MAILING_LISThttp://marc.info/?l=bugtraq&m=104032149026670&w=2
- VENDOR_ADVISORYhttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/10910
- MISChttp://www.securityfocus.com/bid/6438