Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:CUPS-GIF-BO |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Multiple Vendor CUPS GIF Decoding Routine Buffer Overflow |
Release Date |
2010/09/28 |
Update Number |
1780 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Multiple Vendor CUPS GIF Decoding Routine Buffer Overflow
This signature detects attempts to exploit a known vulnerability against multiple vendor CUPS GIF Decoders. A successful attack can result in a denial-of-service condition.
Extended Description
CUPS is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer. Successful exploits allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions. CUPS 1.3.6 is vulnerable; other versions may also be affected.
Affected Products
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Easy_software_products cups 1.3.6
- Gentoo net-print/cups 1.2.12-R6
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva linux_mandrake 2007.0
- Mandriva linux_mandrake 2007.0 X86 64
- Mandriva linux_mandrake 2007.1
- Mandriva linux_mandrake 2007.1 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Red_hat fedora 7
- Red_hat fedora 8
- Rpath rpath_linux 1
- Slackware linux 12.0
- Suse linux 10.1 Ppc
- Suse linux 10.1 X86
- Suse linux 10.1 X86-64
- Suse novell_linux_desktop 9.0.0
- Suse novell_linux_pos 9
- Suse open-enterprise-server
- Suse opensuse 10.2
- Suse opensuse 10.3
- Suse suse_linux_enterprise_desktop 10 SP1
- Suse suse_linux_enterprise_server 10 SP1
- Suse suse_linux_enterprise_server 9
- Turbolinux appliance_server 1.0.0 Hosting Edition
- Turbolinux appliance_server 1.0.0 Workgroup Edition
- Turbolinux appliance_server 2.0
- Turbolinux appliance_server 3.0
- Turbolinux appliance_server 3.0 X64
- Turbolinux appliance_server_hosting_edition 1.0.0
- Turbolinux appliance_server_workgroup_edition 1.0.0
- Turbolinux fuji
- Turbolinux multimedia
- Turbolinux personal
- Turbolinux turbolinux_server 10.0.0
- Turbolinux turbolinux_server 10.0.0 X64
- Turbolinux turbolinux_server 11
- Turbolinux turbolinux_server 11 X64
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Ubuntu ubuntu_linux 6.10 Amd64
- Ubuntu ubuntu_linux 6.10 I386
- Ubuntu ubuntu_linux 6.10 Powerpc
- Ubuntu ubuntu_linux 6.10 Sparc
- Ubuntu ubuntu_linux 7.04 Amd64
- Ubuntu ubuntu_linux 7.04 I386
- Ubuntu ubuntu_linux 7.04 Powerpc
- Ubuntu ubuntu_linux 7.04 Sparc
- Ubuntu ubuntu_linux 7.10 Amd64
- Ubuntu ubuntu_linux 7.10 I386
- Ubuntu ubuntu_linux 7.10 Powerpc
- Ubuntu ubuntu_linux 7.10 Sparc
References
- BugTraq: 28544
- CVE: CVE-2008-1373