oss-sec mailing list archives

Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Mon, 15 Aug 2011 14:02:21 -0400 (EDT)

This was a strange one. Since it's pretty clear there are twoimplementations (due to 2 different languages, and 2 upstreammaintainers), we treated these as separate codebases and went with twoseparate CVEs. (You could argue this was the same core design problem,but this issue wasn't due to a protocol that required such behavior.)


See below.

- Steve


======================================================
Name: CVE-2011-2697
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2697
Reference: MLIST:[oss-security] 20110713 CVE Request: hplip/foomatic-filters
Reference: URL:http://www.openwall.com/lists/oss-security/2011/07/13/3
Reference: MLIST:[oss-security] 20110718 Re: CVE Request: hplip/foomatic-filters
Reference: URL:http://www.openwall.com/lists/oss-security/2011/07/18/3
Reference: MLIST:[oss-security] 20110728 Re: CVE Request: hplip/foomatic-filters
Reference: URL:http://www.openwall.com/lists/oss-security/2011/07/28/1
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=698451
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=721001
Reference: XF:hplinuxprinting-foomaticriphplip-code-exec(68993)
Reference: URL:http://xforce.iss.net/xforce/xfdb/68993

foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5
allows remote attackers to execute arbitrary code via a crafted
*FoomaticRIPCommandLine field in a .ppd file.


======================================================
Name: CVE-2011-2964
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2964
Reference: MLIST:[oss-security] 20110713 CVE Request: hplip/foomatic-filters
Reference: URL:http://www.openwall.com/lists/oss-security/2011/07/13/3
Reference: MLIST:[oss-security] 20110718 Re: CVE Request: hplip/foomatic-filters
Reference: URL:http://www.openwall.com/lists/oss-security/2011/07/18/3
Reference: MLIST:[oss-security] 20110728 Re: CVE Request: hplip/foomatic-filters
Reference: URL:http://www.openwall.com/lists/oss-security/2011/07/28/1
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=698451
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=721001
Reference: REDHAT:RHSA-2011:1110
Reference: URL:http://www.redhat.com/support/errata/RHSA-2011-1110.html
Reference: XF:foomatic-foomatic-code-execution(68994)
Reference: URL:http://xforce.iss.net/xforce/xfdb/68994

foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6
allows remote attackers to execute arbitrary code via a crafted
*FoomaticRIPCommandLine field in a .ppd file, a different
vulnerability than CVE-2011-2697.

Current thread:

CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Jan Lieskovsky (Jul 28)
- Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers (Jul 29)
  - Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Huzaifa Sidhpurwala (Aug 14)
    - Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Steven M. Christey (Aug 15)
- Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers (Aug 17)