Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:CUPS:HPGL-PC-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 CUPS HPGL Filter Overflow

Release Date

 2008/12/15

Update Number

 1330

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: CUPS HPGL Filter Overflow


This signature detects attempts to exploit a known vulnerability in the Common Unix Printing System (CUPS) HP Graphic Language (HPGL) Filter. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, usually the line printer daemon.

Extended Description

CUPS is prone to a remote code-execution vulnerability caused by an error in the 'HP-GL/2 filter. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local users may also exploit this vulnerability to elevate privileges. Successful remote exploits may require printer sharing to be enabled on the vulnerable system. The issue affects versions prior to CUPS 1.3.9. NOTE: This issue was previously discussed in BID 31681 (Apple Mac OS X 2008-007 Multiple Security Vulnerabilities), but has been assigned its own record to better document the vulnerability.

Affected Products

  • Apple Mac OS X 10.4.0
  • Apple Mac OS X 10.4.1
  • Apple Mac OS X 10.4.10
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X 10.4.2
  • Apple Mac OS X 10.4.3
  • Apple Mac OS X 10.4.4
  • Apple Mac OS X 10.4.5
  • Apple Mac OS X 10.4.6
  • Apple Mac OS X 10.4.7
  • Apple Mac OS X 10.4.8
  • Apple Mac OS X 10.4.9
  • Apple Mac OS X 10.5
  • Apple Mac OS X 10.5.1
  • Apple Mac OS X 10.5.2
  • Apple Mac OS X 10.5.3
  • Apple Mac OS X 10.5.4
  • Apple Mac OS X 10.5.5
  • Apple Mac OS X Server 10.4.0
  • Apple Mac OS X Server 10.4.1
  • Apple Mac OS X Server 10.4.10
  • Apple Mac OS X Server 10.4.11
  • Apple Mac OS X Server 10.4.2
  • Apple Mac OS X Server 10.4.3
  • Apple Mac OS X Server 10.4.4
  • Apple Mac OS X Server 10.4.5
  • Apple Mac OS X Server 10.4.6
  • Apple Mac OS X Server 10.4.7
  • Apple Mac OS X Server 10.4.8
  • Apple Mac OS X Server 10.4.9
  • Apple Mac OS X Server 10.5
  • Apple Mac OS X Server 10.5.1
  • Apple Mac OS X Server 10.5.2
  • Apple Mac OS X Server 10.5.3
  • Apple Mac OS X Server 10.5.4
  • Apple Mac OS X Server 10.5.5
  • Avaya Intuity AUDIX LX 2.0
  • Avaya Message Networking 3.1
  • Avaya Message Networking MN 3.1
  • Avaya Message Networking
  • Avaya Messaging Storage Server 1.0
  • Avaya Messaging Storage Server 2.0
  • Avaya Messaging Storage Server 3.1
  • Avaya Messaging Storage Server 4.0
  • Avaya Messaging Storage Server MM3.0
  • Avaya Messaging Storage Server
  • Avaya Proactive Contact 3.0
  • Avaya Proactive Contact 4.0
  • Avaya Proactive Contact
  • Avaya Voice Portal 3.0
  • Debian Linux 4.0
  • Debian Linux 4.0 Alpha
  • Debian Linux 4.0 Amd64
  • Debian Linux 4.0 Arm
  • Debian Linux 4.0 Hppa
  • Debian Linux 4.0 Ia-32
  • Debian Linux 4.0 Ia-64
  • Debian Linux 4.0 M68k
  • Debian Linux 4.0 Mips
  • Debian Linux 4.0 Mipsel
  • Debian Linux 4.0 Powerpc
  • Debian Linux 4.0 S/390
  • Debian Linux 4.0 Sparc
  • Easy Software Products CUPS 1.0.4
  • Easy Software Products CUPS 1.0.4 -8
  • Easy Software Products CUPS 1.1.1
  • Easy Software Products CUPS 1.1.10
  • Easy Software Products CUPS 1.1.12
  • Easy Software Products CUPS 1.1.13
  • Easy Software Products CUPS 1.1.14
  • Easy Software Products CUPS 1.1.15
  • Easy Software Products CUPS 1.1.16
  • Easy Software Products CUPS 1.1.17
  • Easy Software Products CUPS 1.1.18
  • Easy Software Products CUPS 1.1.19
  • Easy Software Products CUPS 1.1.19 Rc5
  • Easy Software Products CUPS 1.1.20
  • Easy Software Products CUPS 1.1.21
  • Easy Software Products CUPS 1.1.22
  • Easy Software Products CUPS 1.1.22 Rc1
  • Easy Software Products CUPS 1.1.23
  • Easy Software Products CUPS 1.1.23 Rc1
  • Easy Software Products CUPS 1.1.4
  • Easy Software Products CUPS 1.1.4 -2
  • Easy Software Products CUPS 1.1.4 -3
  • Easy Software Products CUPS 1.1.4 -5
  • Easy Software Products CUPS 1.1.6
  • Easy Software Products CUPS 1.1.7
  • Easy Software Products CUPS 1.2.10
  • Easy Software Products CUPS 1.2.12
  • Easy Software Products CUPS 1.2.2
  • Easy Software Products CUPS 1.2.4
  • Easy Software Products CUPS 1.2.8
  • Easy Software Products CUPS 1.2.9
  • Easy Software Products CUPS 1.3.2
  • Easy Software Products CUPS 1.3.3
  • Easy Software Products CUPS 1.3.5
  • Easy Software Products CUPS 1.3.6
  • Easy Software Products CUPS 1.3.7
  • Gentoo Linux
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Corporate Server 4.0
  • Mandriva Corporate Server 4.0.0 X86 64
  • Mandriva Linux Mandrake 2007.1
  • Mandriva Linux Mandrake 2007.1 X86 64
  • Mandriva Linux Mandrake 2008.0
  • Mandriva Linux Mandrake 2008.0 X86 64
  • Mandriva Linux Mandrake 2008.1
  • Mandriva Linux Mandrake 2008.1 X86 64
  • Mandriva Linux Mandrake 2009.0
  • Mandriva Linux Mandrake 2009.0 X86 64
  • Pardus Linux 2008
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora 8
  • Red Hat Fedora 9
  • rPath Appliance Platform Linux Service 1
  • rPath Appliance Platform Linux Service 2
  • rPath rPath Linux 1
  • rPath rPath Linux 2
  • Slackware Linux 12.1
  • Sun OpenSolaris Build Snv 100
  • Sun OpenSolaris Build Snv 101
  • Sun OpenSolaris Build Snv 101A
  • Sun OpenSolaris Build Snv 102
  • Sun OpenSolaris Build Snv 87
  • Sun OpenSolaris Build Snv 88
  • Sun OpenSolaris Build Snv 89
  • Sun OpenSolaris Build Snv 90
  • Sun OpenSolaris Build Snv 91
  • Sun OpenSolaris Build Snv 92
  • Sun OpenSolaris Build Snv 93
  • Sun OpenSolaris Build Snv 94
  • Sun OpenSolaris Build Snv 95
  • Sun OpenSolaris Build Snv 96
  • Sun OpenSolaris Build Snv 99
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE Novell Linux POS 9
  • SuSE Open-Enterprise-Server
  • SuSE openSUSE 10.2
  • SuSE openSUSE 10.3
  • SuSE openSUSE 11.0
  • SuSE openSUSE 11.1
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise Desktop 10 SP2
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP2
  • SuSE SUSE Linux Enterprise Server 8
  • SuSE SUSE Linux Enterprise Server 9
  • Turbolinux Appliance Server 1.0.0 Hosting Edition
  • Turbolinux Appliance Server 1.0.0 Workgroup Edition
  • Turbolinux Appliance Server 2.0
  • Turbolinux Appliance Server 3.0
  • Turbolinux Appliance Server 3.0 X64
  • Turbolinux Appliance Server Hosting Edition 1.0.0
  • Turbolinux Appliance Server Workgroup Edition 1.0.0
  • Turbolinux Client 2008
  • Turbolinux FUJI
  • Turbolinux Multimedia
  • Turbolinux Personal
  • Turbolinux Turbolinux Server 10.0.0
  • Turbolinux Turbolinux Server 10.0.0 X64
  • Turbolinux Turbolinux Server 11
  • Turbolinux Turbolinux Server 11 X64
  • Turbolinux wizpy
  • Ubuntu Ubuntu Linux 6.06 LTS Amd64
  • Ubuntu Ubuntu Linux 6.06 LTS I386
  • Ubuntu Ubuntu Linux 6.06 LTS Powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS Sparc
  • Ubuntu Ubuntu Linux 7.04 Amd64
  • Ubuntu Ubuntu Linux 7.04 I386
  • Ubuntu Ubuntu Linux 7.04 Powerpc
  • Ubuntu Ubuntu Linux 7.04 Sparc
  • Ubuntu Ubuntu Linux 7.10 Amd64
  • Ubuntu Ubuntu Linux 7.10 I386
  • Ubuntu Ubuntu Linux 7.10 Lpia
  • Ubuntu Ubuntu Linux 7.10 Powerpc
  • Ubuntu Ubuntu Linux 7.10 Sparc
  • Ubuntu Ubuntu Linux 8.04 LTS Amd64
  • Ubuntu Ubuntu Linux 8.04 LTS I386
  • Ubuntu Ubuntu Linux 8.04 LTS Lpia
  • Ubuntu Ubuntu Linux 8.04 LTS Powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS Sparc

References

  • BugTraq: 31688
  • CVE: CVE-2008-3641
  • URL: http://en.wikipedia.org/wiki/Common_Unix_Printing_System

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out