Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Memory disclosure in CUPS with admin URLs #3577
Comments
|
CUPS.org User: mike Fix is attached. |
|
CUPS.org User: mike Fixed in Subversion repository. |
|
"str3577.patch": Index: cgi-bin/var.c--- cgi-bin/var.c (revision 2161)
|
michaelrsweet
closed this
Jun 16, 2010
michaelrsweet
added the
P3 - Moderate
label
Mar 17, 2016
michaelrsweet
added this to the
Stable
milestone
Mar 17, 2016
michaelrsweet
referenced
this issue
Mar 17, 2016
Closed
AIX 5.3 - Update cups-config to allow Ghostscript to compile #3587
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
michaelrsweet commentedMay 5, 2010
Version: 1.4-current
CUPS.org User: mike
See attached PDF, but in short, a URL like
http://127.0.0.1:631/admin?URL=/admin/&OP=%
will produce an error response that discloses a some uninitialised memory. This could be used to bypass ASLR, for example. The problem is in cgi-bin/var.c in cgi_initialize_string().