Bugzilla – Bug 966830
VUL-1: CVE-2010-5325: foomatic, cups-filters: potential remote arbitrary code execution
Last modified: 2021-01-05 12:36:25 UTC
Via OSS-sec: >A buffer-overflow vulnerability was discovered in the unhtmlify() >function of foomatic-rip. The function did not properly calculate >buffer sizes, possibly leading to a heap-based memory corruption. A >remote, unauthenticated attacker could exploit this flaw to cause >foomatic-rip to crash or possibly execute arbitrary code. > >https://bugs.linuxfoundation.org/show_bug.cgi?id=515 >https://bugzilla.redhat.com/show_bug.cgi?id=1218297 Use CVE-2010-5325. (Although https://bugzilla.redhat.com/show_bug.cgi?id=1218297#c2 also has a mention of "an off-by-one-ish problem" in addition to the larger problem, there will not be multiple CVE IDs for this.) References: https://bugzilla.redhat.com/show_bug.cgi?id=1218297 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5325 http://seclists.org/oss-sec/2016/q1/341 http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-5325.html
Setting exploit range to "Adjacent", as cups service is not really exposed to outside world and usually only reachanble from inside LAN.
bugbot adjusting priority
According to https://bugzilla.redhat.com/show_bug.cgi?id=1218297#c2 the issue is about the C program function "static void unhtmlify(char *dest, size_t size, const char *src)" that we have only in cups-filters that we have only in SLE12 there in the source file filter/foomatic-rip/options.c cups-filters in SLE12 is version 1.0.58 from August 2014. This issue was fixed upstream back in 2010, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1218297#c0 Our initial cups-filters in SLE12 was from 2012 so we had it fixed all the time. Accordingly this issue is invalid for us.