oss-sec mailing list archives
CVE Request: cups: Incomplete fix for CVE-2014-3537
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 22 Jul 2014 06:59:04 +0200
Hi CVE-2014-3537 was allocated for http://www.cups.org/str.php?L4450 (Insufficient checking leads to privilege escalation). The intention in the fix was to dissalow symlinks. With the fix applied fo CVE-2014-3537 this is still possible in some cases (where language[0] is null), see https://cups.org/str.php?L4455 Additionally Michael Sweet wrote:
Yes, it looks like this needs to be an lstat as well, and we should probably add similar protections to the directory index files (which are also using stat).
Could a CVE be assigned to identify this? (Question: one CVE should be enough for the additional fix for all the missing remaining lstat?). Regards, Salvatore
Current thread:
- CVE Request: cups: Incomplete fix for CVE-2014-3537 Salvatore Bonaccorso (Jul 21)
- Re: CVE Request: cups: Incomplete fix for CVE-2014-3537 cve-assign (Jul 22)