oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: ippusbxd

From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 10 Aug 2015 19:55:32 -0700
Hello MITRE, all,

Please assign a CVE for ippusbxd. I discovered a flaw that accidentally
allows access to a connected USB printer via all configured network
addresses, rather than only TCP loopback addresses, by misusing the
in6addr_any bind address.

The original bug report is at
https://bugs.launchpad.net/ubuntu/+source/ippusbxd/+bug/1455644
(though most of the contents aren't related).

The flaw can be found at
https://github.com/tillkamppeter/ippusbxd/blob/ea6005943e2669cbf492fa441d9dce02a4bc2471/src/tcp.c#L51

Comments in the source code and documentation indicate that access was
intended only for localhost:
https://github.com/tillkamppeter/ippusbxd/blob/ea6005943e2669cbf492fa441d9dce02a4bc2471/doc/ippusbxd.1#L17

Till Kamppeter has provided the following patches to address the issue:
https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f
https://github.com/tillkamppeter/ippusbxd/commit/a632841f8e65d402e13e81921515f5a1e2736c82

The first patch switches to using two sockets and binds them explicitly
to the IPv6 and the IPv4 loopback addresses; the second patch simplifies
the use of select(). Both patches are recommended. A new upstream release
will be made soon to incorporate this fix.

Thanks

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: