LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

cups: arbitrary code execution

Package(s):cups CVE #(s):CVE-2010-0393
Created:March 4, 2010 Updated:April 20, 2010
Description:

From the Debian advisory:

Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions.

Alerts:
Pardus 2010-54 2010-04-20
Mandriva MDVSA-2010:073-1 2010-04-14
Mandriva MDVSA-2010:073 2010-04-14
Mandriva MDVSA-2010:072 2010-04-14
Pardus 2010-49 2010-04-09
SuSE SUSE-SR:2010:007 2010-03-30
Ubuntu USN-906-1 2010-03-03
Debian DSA-2007-1 2010-03-03
Gentoo 201207-10 2012-07-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds