Signature Detail

HTTP: Apple CUPS SGI Image Format Decoding imagetops Filter Buffer Overflow1

This signature detects attempts to exploit a known buffer overflow vulnerability in Apple's Common Unix Printing System (CUPS) distributed by multiple vendors. It is due to a boundary error in handling SGI Image format files. A remote attacker can exploit this vulnerability to compromise a vulnerable system. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, with the privileges of the printer user, normally lp.

References

• URL: http://www.gmail.com