Launchpad has imported 9 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=473901.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-12-01T13:03:13+00:00 Jan wrote: Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5183 to the following vulnerability: cupsd in CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241 http://www.openwall.com/lists/oss-security/2008/11/19/3 http://www.openwall.com/lists/oss-security/2008/11/19/4 Patch: See attachment -- cups-1.3-max-subscriptions.patch Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/6 ------------------------------------------------------------------------ On 2008-12-03T13:03:29+00:00 Fedora wrote: cups-1.3.9-4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/cups-1.3.9-4.fc10 Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/8 ------------------------------------------------------------------------ On 2008-12-03T13:05:29+00:00 Fedora wrote: cups-1.3.9-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/cups-1.3.9-2.fc9 Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/9 ------------------------------------------------------------------------ On 2008-12-03T13:19:04+00:00 Fedora wrote: cups-1.3.9-2.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/cups-1.3.9-2.fc8 Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/10 ------------------------------------------------------------------------ On 2008-12-09T11:33:00+00:00 Fedora wrote: cups-1.3.9-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/12 ------------------------------------------------------------------------ On 2008-12-09T11:35:46+00:00 Fedora wrote: cups-1.3.9-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/13 ------------------------------------------------------------------------ On 2008-12-09T11:38:24+00:00 Fedora wrote: cups-1.3.9-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/14 ------------------------------------------------------------------------ On 2010-03-29T08:40:07+00:00 Tomas wrote: https://www.redhat.com/security/data/cve/CVE-2008-5183.html Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/19 ------------------------------------------------------------------------ On 2010-12-24T02:14:14+00:00 Vincent wrote: This was addressed via: Red Hat Enterprise Linux version 5 (RHSA-2008:1029) Reply at: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/comments/20 ** Changed in: cups (Fedora) Status: Confirmed => Fix Released ** Changed in: cups (Fedora) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/298241 Title: Apple CUPS Daemon: unauthenticated SIGSEGV crash via RSS subscriptions Status in cups package in Ubuntu: Fix Released Status in cups source package in Gutsy: Fix Released Status in cups source package in Hardy: Fix Released Status in cups package in Debian: Fix Released Status in cups package in Fedora: Fix Released Status in cups package in openSUSE: New Bug description: Binary package hint: cups The CUPS daemon (/usr/sbin/cupsd) which listens by default on port 631/tcp, crashes when more than 100 RSS Subscriptions are added. No authentication is required to perform such action. The caveat is that by default - at least on Ubuntu and openSuse - the daemon only accepts connections from localhost as specified by the default configuration settings (/etc/cups/cupsd.conf). However, the attack can be of remote nature by tricking the victim user to visit a specially-crafted page. Such page would forge the 'add rss subscription' request 101 times which causes the CUPS daemon to crash. The CUPS daemon runs by default on Ubuntu, openSuse and probably other GNU/Linux distributions. Additionally, this vulnerability can be replicated against CUPS daemons using default settings. Since no authentication is required to add new RSS subscriptions, the CUPS administrator does not need to be logged in during exploitation. It is not known whether the crash can lead to command execution, further debugging/investigation is required. However, the daemon runs as root on both Ubuntu and openSuse (and probably other distributions), which means that given that command execution is possible, this bug would lead to a full compromise of the targeted system. _Please see the attached file for more details._ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
