Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
Various security issue have been fixed in the CUPS print server.
- CVE-2007-5848: A buffer overflow that can be exploited by users that are allowed to configure CUPS.
- CVE-2007-5849: Additionally a buffer overflow in the SNMP backend of CUPS was fixed that allowed remote attackers to execute arbitrary code by sending specially crafted SNMP responses.
This requires a local administrator to trigger a SNMP request and the attacker then injecting a response.
The second vulnerability affects openSUSE 10.2 and 10.3 only.
Affected
cups on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-5848, CVE-2007-5849 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities