oss-sec mailing list archives
Re: CVE request: CUPS DoS via RSS subscriptions
From: Michael Sweet <mike () easysw com>
Date: Fri, 21 Nov 2008 07:23:24 -0800
Eygene Ryabinkin wrote:
Steve, good day. Thu, Nov 20, 2008 at 07:41:06PM -0500, Steven M. Christey wrote:I treated this as two CVEs, one for the CSRF-simplifying attack, and a separate one for the CUPS server crash (assuming that cupsd should not be crashable by non-root authenticated users).Please note that as it was discuissed in thread started with http://www.openwall.com/lists/oss-security/2008/11/19/4 even 1.3.9 is crashable by non-root authenticated users by adding a big number of subscriptions (don't know about RSS ones, though subscription for mailing upon job completion does its job). But I imagine that CVE-2008-5184 can't be used for 1.3.9, so remote attack is not feasible. I expect that the fix will go into 1.3.10: http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt Adding Michael Sweet to the CC, since he can shed a bit more light on this matter. Perhaps CVE-2008-5183 should be extended or another CVE can be created.
While they are related, since half of the issue has already been addressed it would probably be less confusing (for tracking purposes) to create another CVE for the too-many-subscriptions issue (which is what my patch addresses...) -- ______________________________________________________________________ Michael Sweet, Easy Software Products mike at easysw dot com
Current thread:
- CVE request: CUPS DoS via RSS subscriptions Kees Cook (Nov 19)
- Re: CVE request: CUPS DoS via RSS subscriptions Steven M. Christey (Nov 20)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 20)
- Re: CVE request: CUPS DoS via RSS subscriptions Michael Sweet (Nov 21)
- Re: CVE request: cups - potential integer overflow in PNG image reader [was: CUPS DoS via RSS subscriptions] Jan Lieskovsky (Nov 25)
- Re: CVE request: cups - potential integer overflow in PNG image reader [was: CUPS DoS via RSS subscriptions] Eygene Ryabinkin (Nov 25)
- Re: CVE request: cups - potential integer overflow in PNG image reader [was: CUPS DoS via RSS subscriptions] Tomas Hoger (Nov 25)
- Message not available
- Message not available
- Re: CVE request: cups - potential integer overflow in PNG image reader [was: CUPS DoS via RSS subscriptions] Tomas Hoger (Dec 03)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 20)
- Re: CVE request: CUPS DoS via RSS subscriptions Steven M. Christey (Nov 20)
- <Possible follow-ups>
- Re: CVE request: CUPS DoS via RSS subscriptions Josh Bressers (Nov 19)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 19)
- Re: CVE request: CUPS DoS via RSS subscriptions Michael Sweet (Nov 19)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 20)
- Re: CVE request: CUPS DoS via RSS subscriptions Michael R Sweet (Nov 20)
- Re: CVE request: CUPS DoS via RSS subscriptions Eygene Ryabinkin (Nov 19)