CUPS < 1.3.9 Multiple Vulnerabilities

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote printer service is affected by multiple vulnerabilities.

Description :

According to its banner, the version of CUPS installed on the remote
host is earlier than 1.3.9. Such versions are affected by several
issues :

- The HP-GL/2 filter does not adequately check the ranges
on the pen width and pen color opcodes that allows an
attacker to overwrite memory addresses with arbitrary
data, which may result in execution of arbitrary code
(STR #2911).

- There is a heap-based buffer overflow in the SGI file
format parsing module that can be triggered with
malformed Run Length Encoded (RLE) data to execute
arbitrary code (STR #2918).

- There is an integer overflow vulnerability in the
'WriteProlog()' function in the 'texttops'
application that can be triggered when calculating
the page size used for storing PostScript data to
execute arbitrary code (STR #2919).

See also :

http://www.zerodayinitiative.com/advisories/ZDI-08-067/
http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0175.html
http://www.nessus.org/u?d39dc47a
http://archives.neohapsis.com/archives/bugtraq/2008-11/0014.html
http://www.nessus.org/u?12e95e4f
http://archives.neohapsis.com/archives/bugtraq/2008-11/0015.html
http://www.cups.org/str.php?L2911
http://www.cups.org/str.php?L2918
http://www.cups.org/str.php?L2919
http://www.cups.org/articles.php?L575

Solution :

Upgrade to CUPS version 1.3.9 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 34385 (cups_1_3_9.nasl)

Bugtraq ID: 31688
31690

CVE ID: CVE-2008-3639
CVE-2008-3640
CVE-2008-3641