Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20121012130407.GA6122@vuntz.net>
Date: Fri, 12 Oct 2012 15:04:07 +0200
From: Vincent Untz <vuntz@...e.com>
To: oss-security@...ts.openwall.com
Subject: Security flaw in cups-pk-helper (CVE-2012-4510)

Hi,

cups-pk-helper (versions up to 0.2.2) wraps cupsGetFile/cupsPutFile in
an insecure way. Since cups-pk-helper is running as root, this could
lead to uploading sensitive data to a cups resource, or overwriting
specific files with the content of a cups resource. The flaw is however
mitigated by the fact that it cannot be exploited without the user
explicitly approving the action (via polkit authentication with the
admin password).

This has been fixed in cups-pk-helper 0.2.3:
  http://www.freedesktop.org/software/cups-pk-helper/releases/cups-pk-helper-0.2.3.tar.xz

Thanks to Sebastian Krahmer and Alexander Peslyak for their help in
reviewing the fix.

Reference: CVE-2012-4510

About cups-pk-helper:
  cups-pk-helper is a PolicyKit helper to configure cups with
  fine-grained privileges.

  See http://www.freedesktop.org/wiki/Software/cups-pk-helper

Vincent

-- 
Les gens heureux ne sont pas pressés.

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.