Signature Detail

APP: CUPS Jobs Form Exploit

This signature detects attempts to exploit a known vulnerability in the CUPS daemon. Version 1.1.17_pre20021025 is vulnerable. Attackers can send a maliciously crafted jobs form submission to the CUPS daemon to acquire command-line access with daemon permissions (typically lp).

Extended Description

A vulnerability has been reported for CUPS that may allow attackers to execute code with root privileges. Reportedly, some functions in the CUPS daemon use the strncat() function call improperly. When the CUPS daemon receives specially constructed printer attributes, it will trigger a buffer overflow condition when the strncat() function is used and may result in the corruption of sensitive memory with attacker-supplied values. It may be possible for an attacker to execute code with root privileges by exploiting this vulnerability. It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.

Affected Products

• Apple Mac OS X 10.2.0
• Apple Mac OS X 10.2.2
• Easy Software Products CUPS 1.0.4
• Easy Software Products CUPS 1.0.4 -8
• Easy Software Products CUPS 1.1.1
• Easy Software Products CUPS 1.1.10
• Easy Software Products CUPS 1.1.12
• Easy Software Products CUPS 1.1.13
• Easy Software Products CUPS 1.1.14
• Easy Software Products CUPS 1.1.15
• Easy Software Products CUPS 1.1.16
• Easy Software Products CUPS 1.1.17
• Easy Software Products CUPS 1.1.4
• Easy Software Products CUPS 1.1.4 -2
• Easy Software Products CUPS 1.1.4 -3
• Easy Software Products CUPS 1.1.4 -5
• Easy Software Products CUPS 1.1.6
• Easy Software Products CUPS 1.1.7

References

• BugTraq: 6438
• CVE: CVE-2002-1369