CVE-2015-1158
CVE-2015-1158
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/37336/unverifiedcve_referencewww.exploit-db.com/exploits/41233/unverifiedexploitdbwww.exploit-db.com/exploits/41233unverifiedexploitdbwww.exploit-db.com/exploits/37336unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1123.htmlhttps://bugzilla.opensuse.org/show_bug.cgi?id=924208https://bugzilla.redhat.com/show_bug.cgi?id=1221641https://code.google.com/p/google-security-research/issues/detail?id=455https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.pyhttps://security.gentoo.org/glsa/201510-07https://www.cups.org/str.php?L4609