FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cups -- off-by-one buffer overflow

Affected packages
cups-base < 1.3.3_1

Details

VuXML ID 8dd9722c-8e97-11dc-b8f6-001c2514716c
Discovery 2007-11-06
Entry 2007-11-09
Modified 2007-11-12

Secunia reports:

Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags. This can be exploited to overwrite one byte on the stack with a zero by sending an IPP request containing specially crafted "textWithLanguage" or "nameWithLanguage" tags.

Successful exploitation allows execution of arbitrary code.

References

CVE Name CVE-2007-4351
URL http://secunia.com/secunia_research/2007-76/