HTTP: Apple CUPS SGI Image Format Decoding imagetops Filter Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in Apple's Common Unix Printing System (CUPS) distributed by multiple vendors. It is due to a boundary error in handling SGI Image format files. A remote attacker can exploit this vulnerability to compromise a vulnerable system. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, with the privileges of the printer user, normally lp.

Extended Description

CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers. Remote attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges. Successful remote exploits may require printer sharing to be enabled on the vulnerable system. These issues affect versions prior to CUPS 1.3.9.

Affected Products

Avaya proactive_contact

References

BugTraq: 31690

CVE: CVE-2008-3639

Short Name

HTTP:APPLE-SGI-BOF

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: Apple CUPS SGI Image Format Decoding imagetops Filter Buffer Overflow

Extended Description

Affected Products

References

Found a potential security threat?