oss-sec mailing list archives
CVE Request: ippusbxd
From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 10 Aug 2015 19:55:32 -0700
Hello MITRE, all, Please assign a CVE for ippusbxd. I discovered a flaw that accidentally allows access to a connected USB printer via all configured network addresses, rather than only TCP loopback addresses, by misusing the in6addr_any bind address. The original bug report is at https://bugs.launchpad.net/ubuntu/+source/ippusbxd/+bug/1455644 (though most of the contents aren't related). The flaw can be found at https://github.com/tillkamppeter/ippusbxd/blob/ea6005943e2669cbf492fa441d9dce02a4bc2471/src/tcp.c#L51 Comments in the source code and documentation indicate that access was intended only for localhost: https://github.com/tillkamppeter/ippusbxd/blob/ea6005943e2669cbf492fa441d9dce02a4bc2471/doc/ippusbxd.1#L17 Till Kamppeter has provided the following patches to address the issue: https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f https://github.com/tillkamppeter/ippusbxd/commit/a632841f8e65d402e13e81921515f5a1e2736c82 The first patch switches to using two sockets and binds them explicitly to the IPv6 and the IPv4 loopback addresses; the second patch simplifies the use of select(). Both patches are recommended. A new upstream release will be made soon to incorporate this fix. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: ippusbxd Seth Arnold (Aug 10)
- Re: CVE Request: ippusbxd cve-assign (Aug 18)