USN-952-1 -- cups, cupsys vulnerabilitiesID: oval:org.secpod.oval:def:700117 | Date: (C)2011-01-28 (M)2024-01-02 |
Class: PATCH | Family: unix |
Adrian Pastor and Tim Starling discovered that the CUPS web interface incorrectly protected against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. It was discovered that CUPS did not properly handle memory allocations in the texttops filter. If a user or automated system were tricked into printing a crafted text file, a remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the CUPS user . Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. A remote attacker who had access to the CUPS web interface could use this flaw to read a limited amount of memory from the cupsd process and possibly obtain confidential data
Platform: |
Ubuntu 8.04 |
Ubuntu 10.04 |
Ubuntu 9.10 |
Ubuntu 6.06 |
Ubuntu 9.04 |