CVE-2002-1368

Description

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

Affected products

• Apple / mac_os_x10.2 – 10.2
• Apple / mac_os_x10.2.2 – 10.2.2
• easy_software_products / cups1.1.1 – 1.1.1
• easy_software_products / cups1.1.4 – 1.1.4
• easy_software_products / cups1.1.4_2 – 1.1.4_2
• easy_software_products / cups1.1.4_3 – 1.1.4_3
• easy_software_products / cups1.1.4_5 – 1.1.4_5
• easy_software_products / cups1.0.4 – 1.0.4
• easy_software_products / cups1.1.7 – 1.1.7
• easy_software_products / cups1.1.10 – 1.1.10
• easy_software_products / cups1.1.13 – 1.1.13
• easy_software_products / cups1.1.14 – 1.1.14
• easy_software_products / cups1.1.17 – 1.1.17
• easy_software_products / cups1.1.6 – 1.1.6
• easy_software_products / cups1.0.4_8 – 1.0.4_8

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/10909
• VENDOR_ADVISORYhttp://secunia.com/advisories/7858
• VENDOR_ADVISORYhttp://secunia.com/advisories/7843
• MISChttp://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/9325/
• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
• MISCftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt
• VENDOR_ADVISORYhttp://secunia.com/advisories/7756/
• VENDOR_ADVISORYhttp://secunia.com/advisories/7907
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:001
• VENDOR_ADVISORYhttp://secunia.com/advisories/7913/
• VENDOR_ADVISORYhttp://secunia.com/advisories/7794
• VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-232
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2003_002_cups.html
• MISChttp://www.idefense.com/advisory/12.19.02.txt
• MISChttp://www.redhat.com/support/errata/RHSA-2002-295.html
• MISChttp://www.securityfocus.com/bid/6437
• VENDOR_ADVISORYhttp://secunia.com/advisories/7803
• VENDOR_ADVISORYhttp://secunia.com/advisories/8080/
• MAILING_LISThttp://marc.info/?l=bugtraq&m=104032149026670&w=2