Re: cups-browsed remote exploit

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> For this it creates a filter-script
>
> snprintf
>
> "%s/filter/pdftoippprinter \"$1\" \"$2\" \"$3\" \"$4\" \"$5 $extra_options\"\n",
> p->name, pdl, make_model, cups_serverbin);
>
> its easy to inject code to the script e.g. via model name or pdl key
> which is taken from the LAN packets.

Use CVE-2014-2707.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTPG+wAAoJEKllVAevmvmsURkIAKl8pUwj4b/v8yc/DeRw+Hp+
lc+eaJ6SN2qsZXK3thqK1Ail6oMIQTzlR/sfzhDnTYXHAK6d1p/HZXz6ZcqsJ8Fa
RvsXTlMhGj+VeKWkYMUeVGi4I1O2I33+i/mnwysYaX0XlC09axg+jou3AM4bZWzM
vr6OxhZwhJpjI0EXJVjTZDQP+7sO6fUe20ZVuL+IUTcUzKrpqyJ2cNaz6ZgX7JpG
+Kj7OFTOSYu1mNJfq2oKVTRqtA9oXB+7kF3KZjfDGtSzuaMwyjvs6I2hJZw+FbUQ
FJKR+Qlo3dCQRfjz/KTe8sEhouZtukN/HsZv/cSmiTNbukw5PNzcJGDkwp+2IgU=
=znhE
-----END PGP SIGNATURE-----