FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cups -- remote code execution and DNS rebinding

Affected packages
cups-base < 1.3.10

Details

VuXML ID 736e55bc-39bb-11de-a493-001b77d09812
Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13

Gentoo security team summarizes:

The following issues were reported in CUPS:

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.

References

Bugtraq ID 34568
Bugtraq ID 34571
Bugtraq ID 34665
CVE Name CVE-2009-0146
CVE Name CVE-2009-0147
CVE Name CVE-2009-0163
CVE Name CVE-2009-0164
CVE Name CVE-2009-0166
URL http://www.cups.org/articles.php?L582