CUPS '_cupsImageReadPNG()' PNG File Integer Overflow Vulnerability.

Text Box: Terms and Conditions Copyright® 2008 SecPod, All rights reserved. info@secpod.com

SecPod ID: 10065

CUPS '_cupsImageReadPNG()' PNG File Integer Overflow Vulnerability.

Status: Public Report

Release Date: 08-12-2008

Severity: High

CVSS Base Score: 7.5 (AV:N/AC:L/Au:SI/C:N/I:P/A:C)

CVSS Temporal Score = 5.9

Affected Software/OS/Device:

CUPS version prior to 1.3.10 on all Linux platforms.

Impact Level: Application

Snort Signature ID:

Vulnerability Insight:

Overview:

CUPS Utility is prone to PNG File Integer Overflow Vulnerability.

Description:

The flaw is in the '_cupsImageReadPNG()' as it fails to perform boundary

checks on user supplied PNG files which causes arbitrary code executions in

the context of the application.

Impact :

Successful exploitation will let the attacker execute arbitrary codes

in the application running CUPS utility.

CVSS Score Report:

    ACCESS_VECTOR = NETWORK
    ACCESS_COMPLEXITY = LOW
    AUTHENTICATION = NOT_REQUIRED
    CONFIDENTIALITY_IMPACT = PARTIAL
    INTEGRITY_IMPACT = PARTIAL
    AVAILABILITY_IMPACT = PARTIAL
    EXPLOITABILITY = PROOF_OF_CONCEPT
    REMEDIATION_LEVEL = OFFICIAL_FIX
    REPORT_CONFIDENCE = CONFIRMED
    CVSS Base Score = 7.5 (AV:N/AC:L/Au:NR/C:P/I:None/I:P/A:P)
    CVSS Temporal Score = 5.9
    Risk factor = High

Fix:

Apply the Vendor Patch.
http://www.cups.org/strfiles/2974/str2974.patch

References:
http://www.cups.org/str.php?L2974
http://www.securityfocus.com/bid/32518
http://www.openwall.com/lists/oss-security/2008/12/01/1
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5286

Home Corporate Resources Report Security Bug Diary