APP: CUPS Jobs Form Exploit
This signature detects attempts to exploit a known vulnerability in the CUPS daemon. Version 1.1.17_pre20021025 is vulnerable. Attackers can send a maliciously crafted jobs form submission to the CUPS daemon to acquire command-line access with daemon permissions (typically lp).
Extended Description
A vulnerability has been reported for CUPS that may allow attackers to execute code with root privileges. Reportedly, some functions in the CUPS daemon use the strncat() function call improperly. When the CUPS daemon receives specially constructed printer attributes, it will trigger a buffer overflow condition when the strncat() function is used and may result in the corruption of sensitive memory with attacker-supplied values. It may be possible for an attacker to execute code with root privileges by exploiting this vulnerability. It should be noted that CUPS is not enabled by default in Red Hat Linux and Apple MacOS X.
Affected Products
Easy_software_products cups
Short Name
APP:CUPS:CUPS-JOBS-EXP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CUPS CVE-2002-1369 Exploit Form Jobs bid:6438
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/631
False Positive
Unknown
Vendors
Easy_software_products
Apple
CVSS Score
10.0